Revert "deps: downgrade openssl to v1.0.0f"

After much investigation it turns out that the affected servers are
buggy.  user-service.condenastdigital.com:443 in particular seems to
reject large TLS handshake records. Cutting down the number of
advertised ciphers or disabling SNI fixes the issue.

Similarly, passing { secureOptions: constants.SSL_OP_NO_TLSv1_2 }
seems to fix most connection issues with IIS servers.

Having to work around buggy servers is annoying for our users but not
a reason to downgrade OpenSSL. Therefore, revert it.

This reverts commit 4fdb8acdaef4c3cb1d855e992ada0e63fee520a6.

diff --git a/deps/openssl/README.chromium b/deps/openssl/README.chromium
deleted file mode 100644 (file)
index aec361b..0000000
--- a/deps/openssl/README.chromium
+++ /dev/null
@@ -1,96 +0,0 @@
-Name: openssl
-URL: http://openssl.org/source/
-Version: 1.0.0f
-License: BSDish
-License File: openssl/LICENSE
-
-Description:
-This is OpenSSL, the standard SSL/TLS library, which is used only in Android.
-
-It's an unmodified, upstream source except for the patches listed below.
-
-
-********************************************************************************
-The following patches are taken from Android Open Source Project.
-
-
-progs.patch:
-
-Fixup sources under the apps/ directory that are not built under the android environment.
-
-
-small_records.patch:
-
-Reduce OpenSSL memory consumption.
-SSL records may be as large as 16K, but are typically < 2K.  In
-addition, a historic bug in Windows allowed records to be as large
-32K.  OpenSSL statically allocates read and write buffers (34K and
-18K respectively) used for processing records.
-With this patch, OpenSSL statically allocates 4K + 4K buffers, with
-the option of dynamically growing buffers to 34K + 4K, which is a
-saving of 44K per connection for the typical case.
-
-
-handshake_cutthrough.patch
-
-Enables SSL3+ clients to send application data immediately following the
-Finished message even when negotiating full-handshakes.  With this patch,
-clients can negotiate SSL connections in 1-RTT even when performing
-full-handshakes.
-
-
-jsse.patch
-
-Support for JSSE implementation based on OpenSSL.
-
-
-npn.patch
-
-Transport Layer Security (TLS) Next Protocol Negotiation Extension
-
-
-sha1_armv4_large.patch
-
-This patch eliminates memory stores to addresses below SP.
-
-
-openssl_no_dtls1.patch
-
-Add missing #ifndef OPENSSL_NO_DTLS1
-
-
-********************************************************************************
-The following patches are needed to compile this openssl on Chromium and pass
-the related net unit tests.
-
-
-empty_OPENSSL_cpuid_setup.patch
-
-Use a empty implementation for function OPENSSL_cpuid_setup to resolve link
-error. We should figure out how to geenrate platform specific implementation
-of OPENSSL_cpuid_setup by leveraging crypto/*cpuid.pl.
-
-
-x509_hash_name_algorithm_change.patch
-
-There are many symbolic links under /etc/ssl/certs created by using hash of
-the pem certificates in order for OpenSSL to find those certificate.
-Openssl has a tool to help you create hash symbolic links. (See tools/c_rehash)
-However the new openssl changed the hash algorithm, Unless you compile/install
-the latest openssl library and re-create all related symbolic links, the new
-openssl can not find some certificates because the links of those certificates
-were created by using old hash algorithm, which causes some tests failed.
-This patch gives a way to find a certificate according to its hash by using both
-new algorithm and old algorithm.
-crbug.com/111045 is used to track this issue.
-
-
-tls_exporter.patch
-
-Keying Material Exporters for Transport Layer Security (RFC 5705).
-
-
-Android platform support
-
-Copy config/android/openssl/opensslconf.h from Android's
-external/openssl/include/openssl/opensslconf.h

diff --git a/deps/openssl/asm/Makefile b/deps/openssl/asm/Makefile
index 383d5f6..9f54785 100644 (file)
--- a/deps/openssl/asm/Makefile
+++ b/deps/openssl/asm/Makefile
@@ -3,6 +3,7 @@ PERL    += -I../openssl/crypto/perlasm -I../openssl/crypto/bn/asm
 
 OUTPUTS        = \
        x86-elf-gas/aes/aes-586.s \
+       x86-elf-gas/aes/aesni-x86.s \
        x86-elf-gas/bf/bf-686.s \
        x86-elf-gas/bn/x86-mont.s \
        x86-elf-gas/bn/x86.s \
@@ -20,15 +21,20 @@ OUTPUTS     = \
        x86-elf-gas/whrlpool/wp-mmx.s \
        x86-elf-gas/x86cpuid.s \
        x64-elf-gas/aes/aes-x86_64.s \
+       x64-elf-gas/aes/aesni-x86_64.s \
+       x64-elf-gas/aes/aesni-sha1-x86_64.s \
+       x64-elf-gas/bn/modexp512-x86_64.s \
        x64-elf-gas/bn/x86_64-mont.s \
        x64-elf-gas/camellia/cmll-x86_64.s \
        x64-elf-gas/md5/md5-x86_64.s \
        x64-elf-gas/rc4/rc4-x86_64.s \
+       x64-elf-gas/rc4/rc4-md5-x86_64.s \
        x64-elf-gas/sha/sha1-x86_64.s \
        x64-elf-gas/sha/sha512-x86_64.s \
        x64-elf-gas/whrlpool/wp-x86_64.s \
        x64-elf-gas/x86_64cpuid.s \
        x86-macosx-gas/aes/aes-586.s \
+       x86-macosx-gas/aes/aesni-x86.s \
        x86-macosx-gas/bf/bf-686.s \
        x86-macosx-gas/bn/x86-mont.s \
        x86-macosx-gas/bn/x86.s \
@@ -46,15 +52,20 @@ OUTPUTS     = \
        x86-macosx-gas/whrlpool/wp-mmx.s \
        x86-macosx-gas/x86cpuid.s \
        x64-macosx-gas/aes/aes-x86_64.s \
+       x64-macosx-gas/aes/aesni-x86_64.s \
+       x64-macosx-gas/aes/aesni-sha1-x86_64.s \
+       x64-macosx-gas/bn/modexp512-x86_64.s \
        x64-macosx-gas/bn/x86_64-mont.s \
        x64-macosx-gas/camellia/cmll-x86_64.s \
        x64-macosx-gas/md5/md5-x86_64.s \
        x64-macosx-gas/rc4/rc4-x86_64.s \
+       x64-macosx-gas/rc4/rc4-md5-x86_64.s \
        x64-macosx-gas/sha/sha1-x86_64.s \
        x64-macosx-gas/sha/sha512-x86_64.s \
        x64-macosx-gas/whrlpool/wp-x86_64.s \
        x64-macosx-gas/x86_64cpuid.s \
        x86-win32-masm/aes/aes-586.asm \
+       x86-win32-masm/aes/aesni-x86.asm \
        x86-win32-masm/bf/bf-686.asm \
        x86-win32-masm/bn/x86-mont.asm \
        x86-win32-masm/bn/x86.asm \
@@ -72,10 +83,14 @@ OUTPUTS     = \
        x86-win32-masm/whrlpool/wp-mmx.asm \
        x86-win32-masm/x86cpuid.asm \
        x64-win32-masm/aes/aes-x86_64.asm \
+       x64-win32-masm/aes/aesni-x86_64.asm \
+       x64-win32-masm/aes/aesni-sha1-x86_64.asm \
+       x64-win32-masm/bn/modexp512-x86_64.asm \
        x64-win32-masm/bn/x86_64-mont.asm \
        x64-win32-masm/camellia/cmll-x86_64.asm \
        x64-win32-masm/md5/md5-x86_64.asm \
        x64-win32-masm/rc4/rc4-x86_64.asm \
+       x64-win32-masm/rc4/rc4-md5-x86_64.asm \
        x64-win32-masm/sha/sha1-x86_64.asm \
        x64-win32-masm/sha/sha512-x86_64.asm \
        x64-win32-masm/whrlpool/wp-x86_64.asm \
@@ -103,33 +118,46 @@ clean:
        find . -iname '*.s' -exec rm "{}" \;
 
 x64-elf-gas/aes/aes-x86_64.s: ../openssl/crypto/aes/asm/aes-x86_64.pl
+x64-elf-gas/aes/aesni-x86_64.s: ../openssl/crypto/aes/asm/aesni-x86_64.pl
+x64-elf-gas/aes/aesni-sha1-x86_64.s: ../openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
+x64-elf-gas/bn/modexp512-x86_64.s: ../openssl/crypto/bn/asm/modexp512-x86_64.pl
 x64-elf-gas/bn/x86_64-mont.s: ../openssl/crypto/bn/asm/x86_64-mont.pl
 x64-elf-gas/camellia/cmll-x86_64.s: ../openssl/crypto/camellia/asm/cmll-x86_64.pl
 x64-elf-gas/md5/md5-x86_64.s: ../openssl/crypto/md5/asm/md5-x86_64.pl
 x64-elf-gas/rc4/rc4-x86_64.s: ../openssl/crypto/rc4/asm/rc4-x86_64.pl
+x64-elf-gas/rc4/rc4-md5-x86_64.s: ../openssl/crypto/rc4/asm/rc4-md5-x86_64.pl
 x64-elf-gas/sha/sha1-x86_64.s: ../openssl/crypto/sha/asm/sha1-x86_64.pl
 x64-elf-gas/sha/sha512-x86_64.s: ../openssl/crypto/sha/asm/sha512-x86_64.pl
 x64-elf-gas/whrlpool/wp-x86_64.s: ../openssl/crypto/whrlpool/asm/wp-x86_64.pl
 x64-elf-gas/x86_64cpuid.s: ../openssl/crypto/x86_64cpuid.pl
 x64-macosx-gas/aes/aes-x86_64.s: ../openssl/crypto/aes/asm/aes-x86_64.pl
+x64-macosx-gas/aes/aesni-x86_64.s: ../openssl/crypto/aes/asm/aesni-x86_64.pl
+x64-macosx-gas/aes/aesni-sha1-x86_64.s: ../openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
+x64-macosx-gas/bn/modexp512-x86_64.s: ../openssl/crypto/bn/asm/modexp512-x86_64.pl
 x64-macosx-gas/bn/x86_64-mont.s: ../openssl/crypto/bn/asm/x86_64-mont.pl
 x64-macosx-gas/camellia/cmll-x86_64.s: ../openssl/crypto/camellia/asm/cmll-x86_64.pl
 x64-macosx-gas/md5/md5-x86_64.s: ../openssl/crypto/md5/asm/md5-x86_64.pl
 x64-macosx-gas/rc4/rc4-x86_64.s: ../openssl/crypto/rc4/asm/rc4-x86_64.pl
+x64-macosx-gas/rc4/rc4-md5-x86_64.s: ../openssl/crypto/rc4/asm/rc4-md5-x86_64.pl
 x64-macosx-gas/sha/sha1-x86_64.s: ../openssl/crypto/sha/asm/sha1-x86_64.pl
 x64-macosx-gas/sha/sha512-x86_64.s: ../openssl/crypto/sha/asm/sha512-x86_64.pl
 x64-macosx-gas/whrlpool/wp-x86_64.s: ../openssl/crypto/whrlpool/asm/wp-x86_64.pl
 x64-macosx-gas/x86_64cpuid.s: ../openssl/crypto/x86_64cpuid.pl
 x64-win32-masm/aes/aes-x86_64.asm: ../openssl/crypto/aes/asm/aes-x86_64.pl
+x64-win32-masm/aes/aesni-x86_64.asm: ../openssl/crypto/aes/asm/aesni-x86_64.pl
+x64-win32-masm/aes/aesni-sha1-x86_64.asm: ../openssl/crypto/aes/asm/aesni-sha1-x86_64.pl
+x64-win32-masm/bn/modexp512-x86_64.asm: ../openssl/crypto/bn/asm/modexp512-x86_64.pl
 x64-win32-masm/bn/x86_64-mont.asm: ../openssl/crypto/bn/asm/x86_64-mont.pl
 x64-win32-masm/camellia/cmll-x86_64.asm: ../openssl/crypto/camellia/asm/cmll-x86_64.pl
 x64-win32-masm/md5/md5-x86_64.asm: ../openssl/crypto/md5/asm/md5-x86_64.pl
 x64-win32-masm/rc4/rc4-x86_64.asm: ../openssl/crypto/rc4/asm/rc4-x86_64.pl
+x64-win32-masm/rc4/rc4-md5-x86_64.asm: ../openssl/crypto/rc4/asm/rc4-md5-x86_64.pl
 x64-win32-masm/sha/sha1-x86_64.asm: ../openssl/crypto/sha/asm/sha1-x86_64.pl
 x64-win32-masm/sha/sha512-x86_64.asm: ../openssl/crypto/sha/asm/sha512-x86_64.pl
 x64-win32-masm/whrlpool/wp-x86_64.asm: ../openssl/crypto/whrlpool/asm/wp-x86_64.pl
 x64-win32-masm/x86_64cpuid.asm: ../openssl/crypto/x86_64cpuid.pl
 x86-elf-gas/aes/aes-586.s: ../openssl/crypto/aes/asm/aes-586.pl
+x86-elf-gas/aes/aesni-x86.s: ../openssl/crypto/aes/asm/aesni-x86.pl
 x86-elf-gas/bf/bf-686.s: ../openssl/crypto/bf/asm/bf-686.pl
 x86-elf-gas/bn/x86-mont.s: ../openssl/crypto/bn/asm/x86-mont.pl
 x86-elf-gas/bn/x86.s: ../openssl/crypto/bn/asm/x86.pl
@@ -147,6 +175,7 @@ x86-elf-gas/sha/sha512-586.s: ../openssl/crypto/sha/asm/sha512-586.pl
 x86-elf-gas/whrlpool/wp-mmx.s: ../openssl/crypto/whrlpool/asm/wp-mmx.pl
 x86-elf-gas/x86cpuid.s: ../openssl/crypto/x86cpuid.pl
 x86-macosx-gas/aes/aes-586.s: ../openssl/crypto/aes/asm/aes-586.pl
+x86-macosx-gas/aes/aesni-x86.s: ../openssl/crypto/aes/asm/aesni-x86.pl
 x86-macosx-gas/bf/bf-686.s: ../openssl/crypto/bf/asm/bf-686.pl
 x86-macosx-gas/bn/x86-mont.s: ../openssl/crypto/bn/asm/x86-mont.pl
 x86-macosx-gas/bn/x86.s: ../openssl/crypto/bn/asm/x86.pl
@@ -164,6 +193,7 @@ x86-macosx-gas/sha/sha512-586.s: ../openssl/crypto/sha/asm/sha512-586.pl
 x86-macosx-gas/whrlpool/wp-mmx.s: ../openssl/crypto/whrlpool/asm/wp-mmx.pl
 x86-macosx-gas/x86cpuid.s: ../openssl/crypto/x86cpuid.pl
 x86-win32-masm/aes/aes-586.asm: ../openssl/crypto/aes/asm/aes-586.pl
+x86-win32-masm/aes/aesni-x86.asm: ../openssl/crypto/aes/asm/aesni-x86.pl
 x86-win32-masm/bf/bf-686.asm: ../openssl/crypto/bf/asm/bf-686.pl
 x86-win32-masm/bn/x86.asm: ../openssl/crypto/bn/asm/x86.pl
 x86-win32-masm/bn/x86-mont.asm: ../openssl/crypto/bn/asm/x86-mont.pl

diff --git a/deps/openssl/asm/x64-elf-gas/aes/aes-x86_64.s b/deps/openssl/asm/x64-elf-gas/aes/aes-x86_64.s
index d7feffb..e7c261f 100644 (file)
--- a/deps/openssl/asm/x64-elf-gas/aes/aes-x86_64.s
+++ b/deps/openssl/asm/x64-elf-gas/aes/aes-x86_64.s
@@ -333,6 +333,9 @@ _x86_64_AES_encrypt_compact:
 .globl AES_encrypt
 .type  AES_encrypt,@function
 .align 16
+.globl asm_AES_encrypt
+.hidden        asm_AES_encrypt
+asm_AES_encrypt:
 AES_encrypt:
        pushq   %rbx
        pushq   %rbp
@@ -780,6 +783,9 @@ _x86_64_AES_decrypt_compact:
 .globl AES_decrypt
 .type  AES_decrypt,@function
 .align 16
+.globl asm_AES_decrypt
+.hidden        asm_AES_decrypt
+asm_AES_decrypt:
 AES_decrypt:
        pushq   %rbx
        pushq   %rbp
@@ -843,10 +849,10 @@ AES_decrypt:
 .Ldec_epilogue:
        .byte   0xf3,0xc3
 .size  AES_decrypt,.-AES_decrypt
-.globl AES_set_encrypt_key
-.type  AES_set_encrypt_key,@function
+.globl private_AES_set_encrypt_key
+.type  private_AES_set_encrypt_key,@function
 .align 16
-AES_set_encrypt_key:
+private_AES_set_encrypt_key:
        pushq   %rbx
        pushq   %rbp
        pushq   %r12
@@ -867,7 +873,7 @@ AES_set_encrypt_key:
        addq    $56,%rsp
 .Lenc_key_epilogue:
        .byte   0xf3,0xc3
-.size  AES_set_encrypt_key,.-AES_set_encrypt_key
+.size  private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
 
 .type  _x86_64_AES_set_encrypt_key,@function
 .align 16
@@ -1109,10 +1115,10 @@ _x86_64_AES_set_encrypt_key:
 .byte  0xf3,0xc3
 
 .size  _x86_64_AES_set_encrypt_key,.-_x86_64_AES_set_encrypt_key
-.globl AES_set_decrypt_key
-.type  AES_set_decrypt_key,@function
+.globl private_AES_set_decrypt_key
+.type  private_AES_set_decrypt_key,@function
 .align 16
-AES_set_decrypt_key:
+private_AES_set_decrypt_key:
        pushq   %rbx
        pushq   %rbp
        pushq   %r12
@@ -1295,11 +1301,14 @@ AES_set_decrypt_key:
        addq    $56,%rsp
 .Ldec_key_epilogue:
        .byte   0xf3,0xc3
-.size  AES_set_decrypt_key,.-AES_set_decrypt_key
+.size  private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
 .globl AES_cbc_encrypt
 .type  AES_cbc_encrypt,@function
 .align 16
 
+.globl asm_AES_cbc_encrypt
+.hidden        asm_AES_cbc_encrypt
+asm_AES_cbc_encrypt:
 AES_cbc_encrypt:
        cmpq    $0,%rdx
        je      .Lcbc_epilogue

diff --git a/deps/openssl/asm/x64-elf-gas/bn/x86_64-mont.s b/deps/openssl/asm/x64-elf-gas/bn/x86_64-mont.s
index 2dbcffc..ea12bd4 100644 (file)
--- a/deps/openssl/asm/x64-elf-gas/bn/x86_64-mont.s
+++ b/deps/openssl/asm/x64-elf-gas/bn/x86_64-mont.s
@@ -5,6 +5,16 @@
 .type  bn_mul_mont,@function
 .align 16
 bn_mul_mont:
+       testl   $3,%r9d
+       jnz     .Lmul_enter
+       cmpl    $8,%r9d
+       jb      .Lmul_enter
+       cmpq    %rsi,%rdx
+       jne     .Lmul4x_enter
+       jmp     .Lsqr4x_enter
+
+.align 16
+.Lmul_enter:
        pushq   %rbx
        pushq   %rbp
        pushq   %r12
@@ -20,48 +30,63 @@ bn_mul_mont:
        andq    $-1024,%rsp
 
        movq    %r11,8(%rsp,%r9,8)
-.Lprologue:
+.Lmul_body:
        movq    %rdx,%r12
-
        movq    (%r8),%r8
+       movq    (%r12),%rbx
+       movq    (%rsi),%rax
 
        xorq    %r14,%r14
        xorq    %r15,%r15
 
-       movq    (%r12),%rbx
-       movq    (%rsi),%rax
+       movq    %r8,%rbp
        mulq    %rbx
        movq    %rax,%r10
-       movq    %rdx,%r11
+       movq    (%rcx),%rax
 
-       imulq   %r8,%rax
-       movq    %rax,%rbp
+       imulq   %r10,%rbp
+       movq    %rdx,%r11
 
-       mulq    (%rcx)
-       addq    %r10,%rax
+       mulq    %rbp
+       addq    %rax,%r10
+       movq    8(%rsi),%rax
        adcq    $0,%rdx
        movq    %rdx,%r13
 
        leaq    1(%r15),%r15
+       jmp     .L1st_enter
+
+.align 16
 .L1st:
+       addq    %rax,%r13
        movq    (%rsi,%r15,8),%rax
-       mulq    %rbx
-       addq    %r11,%rax
        adcq    $0,%rdx
-       movq    %rax,%r10
+       addq    %r11,%r13
+       movq    %r10,%r11
+       adcq    $0,%rdx
+       movq    %r13,-16(%rsp,%r15,8)
+       movq    %rdx,%r13
+
+.L1st_enter:
+       mulq    %rbx
+       addq    %rax,%r11
        movq    (%rcx,%r15,8),%rax
-       movq    %rdx,%r11
+       adcq    $0,%rdx
+       leaq    1(%r15),%r15
+       movq    %rdx,%r10
 
        mulq    %rbp
-       addq    %r13,%rax
-       leaq    1(%r15),%r15
+       cmpq    %r9,%r15
+       jne     .L1st
+
+       addq    %rax,%r13
+       movq    (%rsi),%rax
        adcq    $0,%rdx
-       addq    %r10,%rax
+       addq    %r11,%r13
        adcq    $0,%rdx
-       movq    %rax,-16(%rsp,%r15,8)
-       cmpq    %r9,%r15
+       movq    %r13,-16(%rsp,%r15,8)
        movq    %rdx,%r13
-       jl      .L1st
+       movq    %r10,%r11
 
        xorq    %rdx,%rdx
        addq    %r11,%r13
@@ -70,50 +95,64 @@ bn_mul_mont:
        movq    %rdx,(%rsp,%r9,8)
 
        leaq    1(%r14),%r14
-.align 4
+       jmp     .Louter
+.align 16
 .Louter:
-       xorq    %r15,%r15
-
        movq    (%r12,%r14,8),%rbx
-       movq    (%rsi),%rax
+       xorq    %r15,%r15
+       movq    %r8,%rbp
+       movq    (%rsp),%r10
        mulq    %rbx
-       addq    (%rsp),%rax
+       addq    %rax,%r10
+       movq    (%rcx),%rax
        adcq    $0,%rdx
-       movq    %rax,%r10
-       movq    %rdx,%r11
 
-       imulq   %r8,%rax
-       movq    %rax,%rbp
+       imulq   %r10,%rbp
+       movq    %rdx,%r11
 
-       mulq    (%rcx,%r15,8)
-       addq    %r10,%rax
-       movq    8(%rsp),%r10
+       mulq    %rbp
+       addq    %rax,%r10
+       movq    8(%rsi),%rax
        adcq    $0,%rdx
+       movq    8(%rsp),%r10
        movq    %rdx,%r13
 
        leaq    1(%r15),%r15
-.align 4
+       jmp     .Linner_enter
+
+.align 16
 .Linner:
+       addq    %rax,%r13
        movq    (%rsi,%r15,8),%rax
-       mulq    %rbx
-       addq    %r11,%rax
        adcq    $0,%rdx
-       addq    %rax,%r10
+       addq    %r10,%r13
+       movq    (%rsp,%r15,8),%r10
+       adcq    $0,%rdx
+       movq    %r13,-16(%rsp,%r15,8)
+       movq    %rdx,%r13
+
+.Linner_enter:
+       mulq    %rbx
+       addq    %rax,%r11
        movq    (%rcx,%r15,8),%rax
        adcq    $0,%rdx
+       addq    %r11,%r10
        movq    %rdx,%r11
+       adcq    $0,%r11
+       leaq    1(%r15),%r15
 
        mulq    %rbp
-       addq    %r13,%rax
-       leaq    1(%r15),%r15
-       adcq    $0,%rdx
-       addq    %r10,%rax
+       cmpq    %r9,%r15
+       jne     .Linner
+
+       addq    %rax,%r13
+       movq    (%rsi),%rax
        adcq    $0,%rdx
+       addq    %r10,%r13
        movq    (%rsp,%r15,8),%r10
-       cmpq    %r9,%r15
-       movq    %rax,-16(%rsp,%r15,8)
+       adcq    $0,%rdx
+       movq    %r13,-16(%rsp,%r15,8)
        movq    %rdx,%r13
-       jl      .Linner
 
        xorq    %rdx,%rdx
        addq    %r11,%r13
@@ -127,35 +166,434 @@ bn_mul_mont:
        cmpq    %r9,%r14
        jl      .Louter
 
-       leaq    (%rsp),%rsi
-       leaq    -1(%r9),%r15
-
-       movq    (%rsi),%rax
        xorq    %r14,%r14
+       movq    (%rsp),%rax
+       leaq    (%rsp),%rsi
+       movq    %r9,%r15
        jmp     .Lsub
 .align 16
 .Lsub: sbbq    (%rcx,%r14,8),%rax
        movq    %rax,(%rdi,%r14,8)
-       decq    %r15
        movq    8(%rsi,%r14,8),%rax
        leaq    1(%r14),%r14
-       jge     .Lsub
+       decq    %r15
+       jnz     .Lsub
 
        sbbq    $0,%rax
+       xorq    %r14,%r14
        andq    %rax,%rsi
        notq    %rax
        movq    %rdi,%rcx
        andq    %rax,%rcx
-       leaq    -1(%r9),%r15
+       movq    %r9,%r15
        orq     %rcx,%rsi
 .align 16
 .Lcopy:
+       movq    (%rsi,%r14,8),%rax
+       movq    %r14,(%rsp,%r14,8)
+       movq    %rax,(%rdi,%r14,8)
+       leaq    1(%r14),%r14
+       subq    $1,%r15
+       jnz     .Lcopy
+
+       movq    8(%rsp,%r9,8),%rsi
+       movq    $1,%rax
+       movq    (%rsi),%r15
+       movq    8(%rsi),%r14
+       movq    16(%rsi),%r13
+       movq    24(%rsi),%r12
+       movq    32(%rsi),%rbp
+       movq    40(%rsi),%rbx
+       leaq    48(%rsi),%rsp
+.Lmul_epilogue:
+       .byte   0xf3,0xc3
+.size  bn_mul_mont,.-bn_mul_mont
+.type  bn_mul4x_mont,@function
+.align 16
+bn_mul4x_mont:
+.Lmul4x_enter:
+       pushq   %rbx
+       pushq   %rbp
+       pushq   %r12
+       pushq   %r13
+       pushq   %r14
+       pushq   %r15
+
+       movl    %r9d,%r9d
+       leaq    4(%r9),%r10
+       movq    %rsp,%r11
+       negq    %r10
+       leaq    (%rsp,%r10,8),%rsp
+       andq    $-1024,%rsp
+
+       movq    %r11,8(%rsp,%r9,8)
+.Lmul4x_body:
+       movq    %rdi,16(%rsp,%r9,8)
+       movq    %rdx,%r12
+       movq    (%r8),%r8
+       movq    (%r12),%rbx
+       movq    (%rsi),%rax
+
+       xorq    %r14,%r14
+       xorq    %r15,%r15
+
+       movq    %r8,%rbp
+       mulq    %rbx
+       movq    %rax,%r10
+       movq    (%rcx),%rax
+
+       imulq   %r10,%rbp
+       movq    %rdx,%r11
+
+       mulq    %rbp
+       addq    %rax,%r10
+       movq    8(%rsi),%rax
+       adcq    $0,%rdx
+       movq    %rdx,%rdi
+
+       mulq    %rbx
+       addq    %rax,%r11
+       movq    8(%rcx),%rax
+       adcq    $0,%rdx
+       movq    %rdx,%r10
+
+       mulq    %rbp
+       addq    %rax,%rdi
+       movq    16(%rsi),%rax
+       adcq    $0,%rdx
+       addq    %r11,%rdi
+       leaq    4(%r15),%r15
+       adcq    $0,%rdx
+       movq    %rdi,(%rsp)
+       movq    %rdx,%r13
+       jmp     .L1st4x
+.align 16
+.L1st4x:
+       mulq    %rbx
+       addq    %rax,%r10
+       movq    -16(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       movq    %rdx,%r11
+
+       mulq    %rbp
+       addq    %rax,%r13
+       movq    -8(%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r10,%r13
+       adcq    $0,%rdx
+       movq    %r13,-24(%rsp,%r15,8)
+       movq    %rdx,%rdi
+
+       mulq    %rbx
+       addq    %rax,%r11
+       movq    -8(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       movq    %rdx,%r10
+
+       mulq    %rbp
+       addq    %rax,%rdi
+       movq    (%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r11,%rdi
+       adcq    $0,%rdx
+       movq    %rdi,-16(%rsp,%r15,8)
+       movq    %rdx,%r13
+
+       mulq    %rbx
+       addq    %rax,%r10
+       movq    (%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       movq    %rdx,%r11
+
+       mulq    %rbp
+       addq    %rax,%r13
+       movq    8(%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r10,%r13
+       adcq    $0,%rdx
+       movq    %r13,-8(%rsp,%r15,8)
+       movq    %rdx,%rdi
+
+       mulq    %rbx
+       addq    %rax,%r11
+       movq    8(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       leaq    4(%r15),%r15
+       movq    %rdx,%r10
+
+       mulq    %rbp
+       addq    %rax,%rdi
+       movq    -16(%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r11,%rdi
+       adcq    $0,%rdx
+       movq    %rdi,-32(%rsp,%r15,8)
+       movq    %rdx,%r13
+       cmpq    %r9,%r15
+       jl      .L1st4x
+
+       mulq    %rbx
+       addq    %rax,%r10
+       movq    -16(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       movq    %rdx,%r11
+
+       mulq    %rbp
+       addq    %rax,%r13
+       movq    -8(%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r10,%r13
+       adcq    $0,%rdx
+       movq    %r13,-24(%rsp,%r15,8)
+       movq    %rdx,%rdi
+
+       mulq    %rbx
+       addq    %rax,%r11
+       movq    -8(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       movq    %rdx,%r10
+
+       mulq    %rbp
+       addq    %rax,%rdi
+       movq    (%rsi),%rax
+       adcq    $0,%rdx
+       addq    %r11,%rdi
+       adcq    $0,%rdx
+       movq    %rdi,-16(%rsp,%r15,8)
+       movq    %rdx,%r13
+
+       xorq    %rdi,%rdi
+       addq    %r10,%r13
+       adcq    $0,%rdi
+       movq    %r13,-8(%rsp,%r15,8)
+       movq    %rdi,(%rsp,%r15,8)
+
+       leaq    1(%r14),%r14
+.align 4
+.Louter4x:
+       movq    (%r12,%r14,8),%rbx
+       xorq    %r15,%r15
+       movq    (%rsp),%r10
+       movq    %r8,%rbp
+       mulq    %rbx
+       addq    %rax,%r10
+       movq    (%rcx),%rax
+       adcq    $0,%rdx
+
+       imulq   %r10,%rbp
+       movq    %rdx,%r11
+
+       mulq    %rbp
+       addq    %rax,%r10
+       movq    8(%rsi),%rax
+       adcq    $0,%rdx
+       movq    %rdx,%rdi
+
+       mulq    %rbx
+       addq    %rax,%r11
+       movq    8(%rcx),%rax
+       adcq    $0,%rdx
+       addq    8(%rsp),%r11
+       adcq    $0,%rdx
+       movq    %rdx,%r10
+
+       mulq    %rbp
+       addq    %rax,%rdi
+       movq    16(%rsi),%rax
+       adcq    $0,%rdx
+       addq    %r11,%rdi
+       leaq    4(%r15),%r15
+       adcq    $0,%rdx
+       movq    %rdi,(%rsp)
+       movq    %rdx,%r13
+       jmp     .Linner4x
+.align 16
+.Linner4x:
+       mulq    %rbx
+       addq    %rax,%r10
+       movq    -16(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    -16(%rsp,%r15,8),%r10
+       adcq    $0,%rdx
+       movq    %rdx,%r11
+
+       mulq    %rbp
+       addq    %rax,%r13
+       movq    -8(%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r10,%r13
+       adcq    $0,%rdx
+       movq    %r13,-24(%rsp,%r15,8)
+       movq    %rdx,%rdi
+
+       mulq    %rbx
+       addq    %rax,%r11
+       movq    -8(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    -8(%rsp,%r15,8),%r11
+       adcq    $0,%rdx
+       movq    %rdx,%r10
+
+       mulq    %rbp
+       addq    %rax,%rdi
        movq    (%rsi,%r15,8),%rax
-       movq    %rax,(%rdi,%r15,8)
-       movq    %r14,(%rsp,%r15,8)
+       adcq    $0,%rdx
+       addq    %r11,%rdi
+       adcq    $0,%rdx
+       movq    %rdi,-16(%rsp,%r15,8)
+       movq    %rdx,%r13
+
+       mulq    %rbx
+       addq    %rax,%r10
+       movq    (%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    (%rsp,%r15,8),%r10
+       adcq    $0,%rdx
+       movq    %rdx,%r11
+
+       mulq    %rbp
+       addq    %rax,%r13
+       movq    8(%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r10,%r13
+       adcq    $0,%rdx
+       movq    %r13,-8(%rsp,%r15,8)
+       movq    %rdx,%rdi
+
+       mulq    %rbx
+       addq    %rax,%r11
+       movq    8(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    8(%rsp,%r15,8),%r11
+       adcq    $0,%rdx
+       leaq    4(%r15),%r15
+       movq    %rdx,%r10
+
+       mulq    %rbp
+       addq    %rax,%rdi
+       movq    -16(%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r11,%rdi
+       adcq    $0,%rdx
+       movq    %rdi,-32(%rsp,%r15,8)
+       movq    %rdx,%r13
+       cmpq    %r9,%r15
+       jl      .Linner4x
+
+       mulq    %rbx
+       addq    %rax,%r10
+       movq    -16(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    -16(%rsp,%r15,8),%r10
+       adcq    $0,%rdx
+       movq    %rdx,%r11
+
+       mulq    %rbp
+       addq    %rax,%r13
+       movq    -8(%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r10,%r13
+       adcq    $0,%rdx
+       movq    %r13,-24(%rsp,%r15,8)
+       movq    %rdx,%rdi
+
+       mulq    %rbx
+       addq    %rax,%r11
+       movq    -8(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    -8(%rsp,%r15,8),%r11
+       adcq    $0,%rdx
+       leaq    1(%r14),%r14
+       movq    %rdx,%r10
+
+       mulq    %rbp
+       addq    %rax,%rdi
+       movq    (%rsi),%rax
+       adcq    $0,%rdx
+       addq    %r11,%rdi
+       adcq    $0,%rdx
+       movq    %rdi,-16(%rsp,%r15,8)
+       movq    %rdx,%r13
+
+       xorq    %rdi,%rdi
+       addq    %r10,%r13
+       adcq    $0,%rdi
+       addq    (%rsp,%r9,8),%r13
+       adcq    $0,%rdi
+       movq    %r13,-8(%rsp,%r15,8)
+       movq    %rdi,(%rsp,%r15,8)
+
+       cmpq    %r9,%r14
+       jl      .Louter4x
+       movq    16(%rsp,%r9,8),%rdi
+       movq    0(%rsp),%rax
+       pxor    %xmm0,%xmm0
+       movq    8(%rsp),%rdx
+       shrq    $2,%r9
+       leaq    (%rsp),%rsi
+       xorq    %r14,%r14
+
+       subq    0(%rcx),%rax
+       movq    16(%rsi),%rbx
+       movq    24(%rsi),%rbp
+       sbbq    8(%rcx),%rdx
+       leaq    -1(%r9),%r15
+       jmp     .Lsub4x
+.align 16
+.Lsub4x:
+       movq    %rax,0(%rdi,%r14,8)
+       movq    %rdx,8(%rdi,%r14,8)
+       sbbq    16(%rcx,%r14,8),%rbx
+       movq    32(%rsi,%r14,8),%rax
+       movq    40(%rsi,%r14,8),%rdx
+       sbbq    24(%rcx,%r14,8),%rbp
+       movq    %rbx,16(%rdi,%r14,8)
+       movq    %rbp,24(%rdi,%r14,8)
+       sbbq    32(%rcx,%r14,8),%rax
+       movq    48(%rsi,%r14,8),%rbx
+       movq    56(%rsi,%r14,8),%rbp
+       sbbq    40(%rcx,%r14,8),%rdx
+       leaq    4(%r14),%r14
+       decq    %r15
+       jnz     .Lsub4x
+
+       movq    %rax,0(%rdi,%r14,8)
+       movq    32(%rsi,%r14,8),%rax
+       sbbq    16(%rcx,%r14,8),%rbx
+       movq    %rdx,8(%rdi,%r14,8)
+       sbbq    24(%rcx,%r14,8),%rbp
+       movq    %rbx,16(%rdi,%r14,8)
+
+       sbbq    $0,%rax
+       movq    %rbp,24(%rdi,%r14,8)
+       xorq    %r14,%r14
+       andq    %rax,%rsi
+       notq    %rax
+       movq    %rdi,%rcx
+       andq    %rax,%rcx
+       leaq    -1(%r9),%r15
+       orq     %rcx,%rsi
+
+       movdqu  (%rsi),%xmm1
+       movdqa  %xmm0,(%rsp)
+       movdqu  %xmm1,(%rdi)
+       jmp     .Lcopy4x
+.align 16
+.Lcopy4x:
+       movdqu  16(%rsi,%r14,1),%xmm2
+       movdqu  32(%rsi,%r14,1),%xmm1
+       movdqa  %xmm0,16(%rsp,%r14,1)
+       movdqu  %xmm2,16(%rdi,%r14,1)
+       movdqa  %xmm0,32(%rsp,%r14,1)
+       movdqu  %xmm1,32(%rdi,%r14,1)
+       leaq    32(%r14),%r14
        decq    %r15
-       jge     .Lcopy
+       jnz     .Lcopy4x
 
+       shlq    $2,%r9
+       movdqu  16(%rsi,%r14,1),%xmm2
+       movdqa  %xmm0,16(%rsp,%r14,1)
+       movdqu  %xmm2,16(%rdi,%r14,1)
        movq    8(%rsp,%r9,8),%rsi
        movq    $1,%rax
        movq    (%rsi),%r15
@@ -165,8 +603,773 @@ bn_mul_mont:
        movq    32(%rsi),%rbp
        movq    40(%rsi),%rbx
        leaq    48(%rsi),%rsp
-.Lepilogue:
+.Lmul4x_epilogue:
        .byte   0xf3,0xc3
-.size  bn_mul_mont,.-bn_mul_mont
+.size  bn_mul4x_mont,.-bn_mul4x_mont
+.type  bn_sqr4x_mont,@function
+.align 16
+bn_sqr4x_mont:
+.Lsqr4x_enter:
+       pushq   %rbx
+       pushq   %rbp
+       pushq   %r12
+       pushq   %r13
+       pushq   %r14
+       pushq   %r15
+
+       shll    $3,%r9d
+       xorq    %r10,%r10
+       movq    %rsp,%r11
+       subq    %r9,%r10
+       movq    (%r8),%r8
+       leaq    -72(%rsp,%r10,2),%rsp
+       andq    $-1024,%rsp
+
+
+
+
+
+
+
+
+
+
+
+       movq    %rdi,32(%rsp)
+       movq    %rcx,40(%rsp)
+       movq    %r8,48(%rsp)
+       movq    %r11,56(%rsp)
+.Lsqr4x_body:
+
+
+
+
+
+
+
+       leaq    32(%r10),%rbp
+       leaq    (%rsi,%r9,1),%rsi
+
+       movq    %r9,%rcx
+
+
+       movq    -32(%rsi,%rbp,1),%r14
+       leaq    64(%rsp,%r9,2),%rdi
+       movq    -24(%rsi,%rbp,1),%rax
+       leaq    -32(%rdi,%rbp,1),%rdi
+       movq    -16(%rsi,%rbp,1),%rbx
+       movq    %rax,%r15
+
+       mulq    %r14
+       movq    %rax,%r10
+       movq    %rbx,%rax
+       movq    %rdx,%r11
+       movq    %r10,-24(%rdi,%rbp,1)
+
+       xorq    %r10,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+       movq    %r11,-16(%rdi,%rbp,1)
+
+       leaq    -16(%rbp),%rcx
+
+
+       movq    8(%rsi,%rcx,1),%rbx
+       mulq    %r15
+       movq    %rax,%r12
+       movq    %rbx,%rax
+       movq    %rdx,%r13
+
+       xorq    %r11,%r11
+       addq    %r12,%r10
+       leaq    16(%rcx),%rcx
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %rbx,%rax
+       adcq    %rdx,%r11
+       movq    %r10,-8(%rdi,%rcx,1)
+       jmp     .Lsqr4x_1st
+
+.align 16
+.Lsqr4x_1st:
+       movq    (%rsi,%rcx,1),%rbx
+       xorq    %r12,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       movq    %rbx,%rax
+       adcq    %rdx,%r12
+
+       xorq    %r10,%r10
+       addq    %r13,%r11
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+       movq    %r11,(%rdi,%rcx,1)
+
+
+       movq    8(%rsi,%rcx,1),%rbx
+       xorq    %r13,%r13
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %rbx,%rax
+       adcq    %rdx,%r13
+
+       xorq    %r11,%r11
+       addq    %r12,%r10
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %rbx,%rax
+       adcq    %rdx,%r11
+       movq    %r10,8(%rdi,%rcx,1)
+
+       movq    16(%rsi,%rcx,1),%rbx
+       xorq    %r12,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       movq    %rbx,%rax
+       adcq    %rdx,%r12
+
+       xorq    %r10,%r10
+       addq    %r13,%r11
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+       movq    %r11,16(%rdi,%rcx,1)
+
+
+       movq    24(%rsi,%rcx,1),%rbx
+       xorq    %r13,%r13
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %rbx,%rax
+       adcq    %rdx,%r13
+
+       xorq    %r11,%r11
+       addq    %r12,%r10
+       leaq    32(%rcx),%rcx
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %rbx,%rax
+       adcq    %rdx,%r11
+       movq    %r10,-8(%rdi,%rcx,1)
+
+       cmpq    $0,%rcx
+       jne     .Lsqr4x_1st
+
+       xorq    %r12,%r12
+       addq    %r11,%r13
+       adcq    $0,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       adcq    %rdx,%r12
+
+       movq    %r13,(%rdi)
+       leaq    16(%rbp),%rbp
+       movq    %r12,8(%rdi)
+       jmp     .Lsqr4x_outer
+
+.align 16
+.Lsqr4x_outer:
+       movq    -32(%rsi,%rbp,1),%r14
+       leaq    64(%rsp,%r9,2),%rdi
+       movq    -24(%rsi,%rbp,1),%rax
+       leaq    -32(%rdi,%rbp,1),%rdi
+       movq    -16(%rsi,%rbp,1),%rbx
+       movq    %rax,%r15
+
+       movq    -24(%rdi,%rbp,1),%r10
+       xorq    %r11,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %rbx,%rax
+       adcq    %rdx,%r11
+       movq    %r10,-24(%rdi,%rbp,1)
+
+       xorq    %r10,%r10
+       addq    -16(%rdi,%rbp,1),%r11
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+       movq    %r11,-16(%rdi,%rbp,1)
+
+       leaq    -16(%rbp),%rcx
+       xorq    %r12,%r12
+
+
+       movq    8(%rsi,%rcx,1),%rbx
+       xorq    %r13,%r13
+       addq    8(%rdi,%rcx,1),%r12
+       adcq    $0,%r13
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %rbx,%rax
+       adcq    %rdx,%r13
+
+       xorq    %r11,%r11
+       addq    %r12,%r10
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %rbx,%rax
+       adcq    %rdx,%r11
+       movq    %r10,8(%rdi,%rcx,1)
+
+       leaq    16(%rcx),%rcx
+       jmp     .Lsqr4x_inner
+
+.align 16
+.Lsqr4x_inner:
+       movq    (%rsi,%rcx,1),%rbx
+       xorq    %r12,%r12
+       addq    (%rdi,%rcx,1),%r13
+       adcq    $0,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       movq    %rbx,%rax
+       adcq    %rdx,%r12
+
+       xorq    %r10,%r10
+       addq    %r13,%r11
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+       movq    %r11,(%rdi,%rcx,1)
+
+       movq    8(%rsi,%rcx,1),%rbx
+       xorq    %r13,%r13
+       addq    8(%rdi,%rcx,1),%r12
+       adcq    $0,%r13
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %rbx,%rax
+       adcq    %rdx,%r13
+
+       xorq    %r11,%r11
+       addq    %r12,%r10
+       leaq    16(%rcx),%rcx
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %rbx,%rax
+       adcq    %rdx,%r11
+       movq    %r10,-8(%rdi,%rcx,1)
+
+       cmpq    $0,%rcx
+       jne     .Lsqr4x_inner
+
+       xorq    %r12,%r12
+       addq    %r11,%r13
+       adcq    $0,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       adcq    %rdx,%r12
+
+       movq    %r13,(%rdi)
+       movq    %r12,8(%rdi)
+
+       addq    $16,%rbp
+       jnz     .Lsqr4x_outer
+
+
+       movq    -32(%rsi),%r14
+       leaq    64(%rsp,%r9,2),%rdi
+       movq    -24(%rsi),%rax
+       leaq    -32(%rdi,%rbp,1),%rdi
+       movq    -16(%rsi),%rbx
+       movq    %rax,%r15
+
+       xorq    %r11,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %rbx,%rax
+       adcq    %rdx,%r11
+       movq    %r10,-24(%rdi)
+
+       xorq    %r10,%r10
+       addq    %r13,%r11
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+       movq    %r11,-16(%rdi)
+
+       movq    -8(%rsi),%rbx
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %rbx,%rax
+       adcq    $0,%rdx
+
+       xorq    %r11,%r11
+       addq    %r12,%r10
+       movq    %rdx,%r13
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %rbx,%rax
+       adcq    %rdx,%r11
+       movq    %r10,-8(%rdi)
+
+       xorq    %r12,%r12
+       addq    %r11,%r13
+       adcq    $0,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       movq    -16(%rsi),%rax
+       adcq    %rdx,%r12
+
+       movq    %r13,(%rdi)
+       movq    %r12,8(%rdi)
+
+       mulq    %rbx
+       addq    $16,%rbp
+       xorq    %r14,%r14
+       subq    %r9,%rbp
+       xorq    %r15,%r15
+
+       addq    %r12,%rax
+       adcq    $0,%rdx
+       movq    %rax,8(%rdi)
+       movq    %rdx,16(%rdi)
+       movq    %r15,24(%rdi)
+
+       movq    -16(%rsi,%rbp,1),%rax
+       leaq    64(%rsp,%r9,2),%rdi
+       xorq    %r10,%r10
+       movq    -24(%rdi,%rbp,2),%r11
+
+       leaq    (%r14,%r10,2),%r12
+       shrq    $63,%r10
+       leaq    (%rcx,%r11,2),%r13
+       shrq    $63,%r11
+       orq     %r10,%r13
+       movq    -16(%rdi,%rbp,2),%r10
+       movq    %r11,%r14
+       mulq    %rax
+       negq    %r15
+       movq    -8(%rdi,%rbp,2),%r11
+       adcq    %rax,%r12
+       movq    -8(%rsi,%rbp,1),%rax
+       movq    %r12,-32(%rdi,%rbp,2)
+       adcq    %rdx,%r13
+
+       leaq    (%r14,%r10,2),%rbx
+       movq    %r13,-24(%rdi,%rbp,2)
+       sbbq    %r15,%r15
+       shrq    $63,%r10
+       leaq    (%rcx,%r11,2),%r8
+       shrq    $63,%r11
+       orq     %r10,%r8
+       movq    0(%rdi,%rbp,2),%r10
+       movq    %r11,%r14
+       mulq    %rax
+       negq    %r15
+       movq    8(%rdi,%rbp,2),%r11
+       adcq    %rax,%rbx
+       movq    0(%rsi,%rbp,1),%rax
+       movq    %rbx,-16(%rdi,%rbp,2)
+       adcq    %rdx,%r8
+       leaq    16(%rbp),%rbp
+       movq    %r8,-40(%rdi,%rbp,2)
+       sbbq    %r15,%r15
+       jmp     .Lsqr4x_shift_n_add
+
+.align 16
+.Lsqr4x_shift_n_add:
+       leaq    (%r14,%r10,2),%r12
+       shrq    $63,%r10
+       leaq    (%rcx,%r11,2),%r13
+       shrq    $63,%r11
+       orq     %r10,%r13
+       movq    -16(%rdi,%rbp,2),%r10
+       movq    %r11,%r14
+       mulq    %rax
+       negq    %r15
+       movq    -8(%rdi,%rbp,2),%r11
+       adcq    %rax,%r12
+       movq    -8(%rsi,%rbp,1),%rax
+       movq    %r12,-32(%rdi,%rbp,2)
+       adcq    %rdx,%r13
+
+       leaq    (%r14,%r10,2),%rbx
+       movq    %r13,-24(%rdi,%rbp,2)
+       sbbq    %r15,%r15
+       shrq    $63,%r10
+       leaq    (%rcx,%r11,2),%r8
+       shrq    $63,%r11
+       orq     %r10,%r8
+       movq    0(%rdi,%rbp,2),%r10
+       movq    %r11,%r14
+       mulq    %rax
+       negq    %r15
+       movq    8(%rdi,%rbp,2),%r11
+       adcq    %rax,%rbx
+       movq    0(%rsi,%rbp,1),%rax
+       movq    %rbx,-16(%rdi,%rbp,2)
+       adcq    %rdx,%r8
+
+       leaq    (%r14,%r10,2),%r12
+       movq    %r8,-8(%rdi,%rbp,2)
+       sbbq    %r15,%r15
+       shrq    $63,%r10
+       leaq    (%rcx,%r11,2),%r13
+       shrq    $63,%r11
+       orq     %r10,%r13
+       movq    16(%rdi,%rbp,2),%r10
+       movq    %r11,%r14
+       mulq    %rax
+       negq    %r15
+       movq    24(%rdi,%rbp,2),%r11
+       adcq    %rax,%r12
+       movq    8(%rsi,%rbp,1),%rax
+       movq    %r12,0(%rdi,%rbp,2)
+       adcq    %rdx,%r13
+
+       leaq    (%r14,%r10,2),%rbx
+       movq    %r13,8(%rdi,%rbp,2)
+       sbbq    %r15,%r15
+       shrq    $63,%r10
+       leaq    (%rcx,%r11,2),%r8
+       shrq    $63,%r11
+       orq     %r10,%r8
+       movq    32(%rdi,%rbp,2),%r10
+       movq    %r11,%r14
+       mulq    %rax
+       negq    %r15
+       movq    40(%rdi,%rbp,2),%r11
+       adcq    %rax,%rbx
+       movq    16(%rsi,%rbp,1),%rax
+       movq    %rbx,16(%rdi,%rbp,2)
+       adcq    %rdx,%r8
+       movq    %r8,24(%rdi,%rbp,2)
+       sbbq    %r15,%r15
+       addq    $32,%rbp
+       jnz     .Lsqr4x_shift_n_add
+
+       leaq    (%r14,%r10,2),%r12
+       shrq    $63,%r10
+       leaq    (%rcx,%r11,2),%r13
+       shrq    $63,%r11
+       orq     %r10,%r13
+       movq    -16(%rdi),%r10
+       movq    %r11,%r14
+       mulq    %rax
+       negq    %r15
+       movq    -8(%rdi),%r11
+       adcq    %rax,%r12
+       movq    -8(%rsi),%rax
+       movq    %r12,-32(%rdi)
+       adcq    %rdx,%r13
+
+       leaq    (%r14,%r10,2),%rbx
+       movq    %r13,-24(%rdi)
+       sbbq    %r15,%r15
+       shrq    $63,%r10
+       leaq    (%rcx,%r11,2),%r8
+       shrq    $63,%r11
+       orq     %r10,%r8
+       mulq    %rax
+       negq    %r15
+       adcq    %rax,%rbx
+       adcq    %rdx,%r8
+       movq    %rbx,-16(%rdi)
+       movq    %r8,-8(%rdi)
+       movq    40(%rsp),%rsi
+       movq    48(%rsp),%r8
+       xorq    %rcx,%rcx
+       movq    %r9,0(%rsp)
+       subq    %r9,%rcx
+       movq    64(%rsp),%r10
+       movq    %r8,%r14
+       leaq    64(%rsp,%r9,2),%rax
+       leaq    64(%rsp,%r9,1),%rdi
+       movq    %rax,8(%rsp)
+       leaq    (%rsi,%r9,1),%rsi
+       xorq    %rbp,%rbp
+
+       movq    0(%rsi,%rcx,1),%rax
+       movq    8(%rsi,%rcx,1),%r9
+       imulq   %r10,%r14
+       movq    %rax,%rbx
+       jmp     .Lsqr4x_mont_outer
+
+.align 16
+.Lsqr4x_mont_outer:
+       xorq    %r11,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %r9,%rax
+       adcq    %rdx,%r11
+       movq    %r8,%r15
+
+       xorq    %r10,%r10
+       addq    8(%rdi,%rcx,1),%r11
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+
+       imulq   %r11,%r15
+
+       movq    16(%rsi,%rcx,1),%rbx
+       xorq    %r13,%r13
+       addq    %r11,%r12
+       adcq    $0,%r13
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %rbx,%rax
+       adcq    %rdx,%r13
+       movq    %r12,8(%rdi,%rcx,1)
+
+       xorq    %r11,%r11
+       addq    16(%rdi,%rcx,1),%r10
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %r9,%rax
+       adcq    %rdx,%r11
+
+       movq    24(%rsi,%rcx,1),%r9
+       xorq    %r12,%r12
+       addq    %r10,%r13
+       adcq    $0,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       movq    %r9,%rax
+       adcq    %rdx,%r12
+       movq    %r13,16(%rdi,%rcx,1)
+
+       xorq    %r10,%r10
+       addq    24(%rdi,%rcx,1),%r11
+       leaq    32(%rcx),%rcx
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+       jmp     .Lsqr4x_mont_inner
+
+.align 16
+.Lsqr4x_mont_inner:
+       movq    (%rsi,%rcx,1),%rbx
+       xorq    %r13,%r13
+       addq    %r11,%r12
+       adcq    $0,%r13
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %rbx,%rax
+       adcq    %rdx,%r13
+       movq    %r12,-8(%rdi,%rcx,1)
+
+       xorq    %r11,%r11
+       addq    (%rdi,%rcx,1),%r10
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %r9,%rax
+       adcq    %rdx,%r11
+
+       movq    8(%rsi,%rcx,1),%r9
+       xorq    %r12,%r12
+       addq    %r10,%r13
+       adcq    $0,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       movq    %r9,%rax
+       adcq    %rdx,%r12
+       movq    %r13,(%rdi,%rcx,1)
+
+       xorq    %r10,%r10
+       addq    8(%rdi,%rcx,1),%r11
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+
+
+       movq    16(%rsi,%rcx,1),%rbx
+       xorq    %r13,%r13
+       addq    %r11,%r12
+       adcq    $0,%r13
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %rbx,%rax
+       adcq    %rdx,%r13
+       movq    %r12,8(%rdi,%rcx,1)
+
+       xorq    %r11,%r11
+       addq    16(%rdi,%rcx,1),%r10
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %r9,%rax
+       adcq    %rdx,%r11
+
+       movq    24(%rsi,%rcx,1),%r9
+       xorq    %r12,%r12
+       addq    %r10,%r13
+       adcq    $0,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       movq    %r9,%rax
+       adcq    %rdx,%r12
+       movq    %r13,16(%rdi,%rcx,1)
+
+       xorq    %r10,%r10
+       addq    24(%rdi,%rcx,1),%r11
+       leaq    32(%rcx),%rcx
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+       cmpq    $0,%rcx
+       jne     .Lsqr4x_mont_inner
+
+       subq    0(%rsp),%rcx
+       movq    %r8,%r14
+
+       xorq    %r13,%r13
+       addq    %r11,%r12
+       adcq    $0,%r13
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %r9,%rax
+       adcq    %rdx,%r13
+       movq    %r12,-8(%rdi)
+
+       xorq    %r11,%r11
+       addq    (%rdi),%r10
+       adcq    $0,%r11
+       movq    0(%rsi,%rcx,1),%rbx
+       addq    %rbp,%r10
+       adcq    $0,%r11
+
+       imulq   16(%rdi,%rcx,1),%r14
+       xorq    %r12,%r12
+       movq    8(%rsi,%rcx,1),%r9
+       addq    %r10,%r13
+       movq    16(%rdi,%rcx,1),%r10
+       adcq    $0,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       movq    %rbx,%rax
+       adcq    %rdx,%r12
+       movq    %r13,(%rdi)
+
+       xorq    %rbp,%rbp
+       addq    8(%rdi),%r12
+       adcq    %rbp,%rbp
+       addq    %r11,%r12
+       leaq    16(%rdi),%rdi
+       adcq    $0,%rbp
+       movq    %r12,-8(%rdi)
+       cmpq    8(%rsp),%rdi
+       jb      .Lsqr4x_mont_outer
+
+       movq    0(%rsp),%r9
+       movq    %rbp,(%rdi)
+       movq    64(%rsp,%r9,1),%rax
+       leaq    64(%rsp,%r9,1),%rbx
+       movq    40(%rsp),%rsi
+       shrq    $5,%r9
+       movq    8(%rbx),%rdx
+       xorq    %rbp,%rbp
+
+       movq    32(%rsp),%rdi
+       subq    0(%rsi),%rax
+       movq    16(%rbx),%r10
+       movq    24(%rbx),%r11
+       sbbq    8(%rsi),%rdx
+       leaq    -1(%r9),%rcx
+       jmp     .Lsqr4x_sub
+.align 16
+.Lsqr4x_sub:
+       movq    %rax,0(%rdi,%rbp,8)
+       movq    %rdx,8(%rdi,%rbp,8)
+       sbbq    16(%rsi,%rbp,8),%r10
+       movq    32(%rbx,%rbp,8),%rax
+       movq    40(%rbx,%rbp,8),%rdx
+       sbbq    24(%rsi,%rbp,8),%r11
+       movq    %r10,16(%rdi,%rbp,8)
+       movq    %r11,24(%rdi,%rbp,8)
+       sbbq    32(%rsi,%rbp,8),%rax
+       movq    48(%rbx,%rbp,8),%r10
+       movq    56(%rbx,%rbp,8),%r11
+       sbbq    40(%rsi,%rbp,8),%rdx
+       leaq    4(%rbp),%rbp
+       decq    %rcx
+       jnz     .Lsqr4x_sub
+
+       movq    %rax,0(%rdi,%rbp,8)
+       movq    32(%rbx,%rbp,8),%rax
+       sbbq    16(%rsi,%rbp,8),%r10
+       movq    %rdx,8(%rdi,%rbp,8)
+       sbbq    24(%rsi,%rbp,8),%r11
+       movq    %r10,16(%rdi,%rbp,8)
+
+       sbbq    $0,%rax
+       movq    %r11,24(%rdi,%rbp,8)
+       xorq    %rbp,%rbp
+       andq    %rax,%rbx
+       notq    %rax
+       movq    %rdi,%rsi
+       andq    %rax,%rsi
+       leaq    -1(%r9),%rcx
+       orq     %rsi,%rbx
+
+       pxor    %xmm0,%xmm0
+       leaq    64(%rsp,%r9,8),%rsi
+       movdqu  (%rbx),%xmm1
+       leaq    (%rsi,%r9,8),%rsi
+       movdqa  %xmm0,64(%rsp)
+       movdqa  %xmm0,(%rsi)
+       movdqu  %xmm1,(%rdi)
+       jmp     .Lsqr4x_copy
+.align 16
+.Lsqr4x_copy:
+       movdqu  16(%rbx,%rbp,1),%xmm2
+       movdqu  32(%rbx,%rbp,1),%xmm1
+       movdqa  %xmm0,80(%rsp,%rbp,1)
+       movdqa  %xmm0,96(%rsp,%rbp,1)
+       movdqa  %xmm0,16(%rsi,%rbp,1)
+       movdqa  %xmm0,32(%rsi,%rbp,1)
+       movdqu  %xmm2,16(%rdi,%rbp,1)
+       movdqu  %xmm1,32(%rdi,%rbp,1)
+       leaq    32(%rbp),%rbp
+       decq    %rcx
+       jnz     .Lsqr4x_copy
+
+       movdqu  16(%rbx,%rbp,1),%xmm2
+       movdqa  %xmm0,80(%rsp,%rbp,1)
+       movdqa  %xmm0,16(%rsi,%rbp,1)
+       movdqu  %xmm2,16(%rdi,%rbp,1)
+       movq    56(%rsp),%rsi
+       movq    $1,%rax
+       movq    0(%rsi),%r15
+       movq    8(%rsi),%r14
+       movq    16(%rsi),%r13
+       movq    24(%rsi),%r12
+       movq    32(%rsi),%rbp
+       movq    40(%rsi),%rbx
+       leaq    48(%rsi),%rsp
+.Lsqr4x_epilogue:
+       .byte   0xf3,0xc3
+.size  bn_sqr4x_mont,.-bn_sqr4x_mont
 .byte  77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align 16

diff --git a/deps/openssl/asm/x64-elf-gas/rc4/rc4-x86_64.s b/deps/openssl/asm/x64-elf-gas/rc4/rc4-x86_64.s
index 1bafefe..f2b8a8b 100644 (file)
--- a/deps/openssl/asm/x64-elf-gas/rc4/rc4-x86_64.s
+++ b/deps/openssl/asm/x64-elf-gas/rc4/rc4-x86_64.s
@@ -1,6 +1,7 @@
 .text
 
 
+
 .globl RC4
 .type  RC4,@function
 .align 16
@@ -12,316 +13,511 @@ RC4:      orq     %rsi,%rsi
        pushq   %r12
        pushq   %r13
 .Lprologue:
+       movq    %rsi,%r11
+       movq    %rdx,%r12
+       movq    %rcx,%r13
+       xorq    %r10,%r10
+       xorq    %rcx,%rcx
 
-       addq    $8,%rdi
-       movl    -8(%rdi),%r8d
-       movl    -4(%rdi),%r12d
+       leaq    8(%rdi),%rdi
+       movb    -8(%rdi),%r10b
+       movb    -4(%rdi),%cl
        cmpl    $-1,256(%rdi)
        je      .LRC4_CHAR
-       incb    %r8b
-       movl    (%rdi,%r8,4),%r9d
-       testq   $-8,%rsi
-       jz      .Lloop1
-       jmp     .Lloop8
-.align 16
-.Lloop8:
-       addb    %r9b,%r12b
-       movq    %r8,%r10
-       movl    (%rdi,%r12,4),%r13d
-       rorq    $8,%rax
-       incb    %r10b
-       movl    (%rdi,%r10,4),%r11d
-       cmpq    %r10,%r12
-       movl    %r9d,(%rdi,%r12,4)
-       cmoveq  %r9,%r11
-       movl    %r13d,(%rdi,%r8,4)
-       addb    %r9b,%r13b
-       movb    (%rdi,%r13,4),%al
-       addb    %r11b,%r12b
-       movq    %r10,%r8
-       movl    (%rdi,%r12,4),%r13d
-       rorq    $8,%rax
-       incb    %r8b
-       movl    (%rdi,%r8,4),%r9d
-       cmpq    %r8,%r12
-       movl    %r11d,(%rdi,%r12,4)
-       cmoveq  %r11,%r9
-       movl    %r13d,(%rdi,%r10,4)
-       addb    %r11b,%r13b
-       movb    (%rdi,%r13,4),%al
-       addb    %r9b,%r12b
-       movq    %r8,%r10
-       movl    (%rdi,%r12,4),%r13d
-       rorq    $8,%rax
+       movl    OPENSSL_ia32cap_P(%rip),%r8d
+       xorq    %rbx,%rbx
        incb    %r10b
-       movl    (%rdi,%r10,4),%r11d
-       cmpq    %r10,%r12
-       movl    %r9d,(%rdi,%r12,4)
-       cmoveq  %r9,%r11
-       movl    %r13d,(%rdi,%r8,4)
-       addb    %r9b,%r13b
-       movb    (%rdi,%r13,4),%al
-       addb    %r11b,%r12b
-       movq    %r10,%r8
-       movl    (%rdi,%r12,4),%r13d
-       rorq    $8,%rax
-       incb    %r8b
-       movl    (%rdi,%r8,4),%r9d
-       cmpq    %r8,%r12
-       movl    %r11d,(%rdi,%r12,4)
-       cmoveq  %r11,%r9
-       movl    %r13d,(%rdi,%r10,4)
-       addb    %r11b,%r13b
-       movb    (%rdi,%r13,4),%al
-       addb    %r9b,%r12b
-       movq    %r8,%r10
-       movl    (%rdi,%r12,4),%r13d
-       rorq    $8,%rax
+       subq    %r10,%rbx
+       subq    %r12,%r13
+       movl    (%rdi,%r10,4),%eax
+       testq   $-16,%r11
+       jz      .Lloop1
+       btl     $30,%r8d
+       jc      .Lintel
+       andq    $7,%rbx
+       leaq    1(%r10),%rsi
+       jz      .Loop8
+       subq    %rbx,%r11
+.Loop8_warmup:
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       movl    %edx,(%rdi,%r10,4)
+       addb    %dl,%al
        incb    %r10b
-       movl    (%rdi,%r10,4),%r11d
-       cmpq    %r10,%r12
-       movl    %r9d,(%rdi,%r12,4)
-       cmoveq  %r9,%r11
-       movl    %r13d,(%rdi,%r8,4)
-       addb    %r9b,%r13b
-       movb    (%rdi,%r13,4),%al
-       addb    %r11b,%r12b
-       movq    %r10,%r8
-       movl    (%rdi,%r12,4),%r13d
-       rorq    $8,%rax
-       incb    %r8b
-       movl    (%rdi,%r8,4),%r9d
-       cmpq    %r8,%r12
-       movl    %r11d,(%rdi,%r12,4)
-       cmoveq  %r11,%r9
-       movl    %r13d,(%rdi,%r10,4)
-       addb    %r11b,%r13b
-       movb    (%rdi,%r13,4),%al
-       addb    %r9b,%r12b
-       movq    %r8,%r10
-       movl    (%rdi,%r12,4),%r13d
-       rorq    $8,%rax
+       movl    (%rdi,%rax,4),%edx
+       movl    (%rdi,%r10,4),%eax
+       xorb    (%r12),%dl
+       movb    %dl,(%r13,%r12,1)
+       leaq    1(%r12),%r12
+       decq    %rbx
+       jnz     .Loop8_warmup
+
+       leaq    1(%r10),%rsi
+       jmp     .Loop8
+.align 16
+.Loop8:
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       movl    0(%rdi,%rsi,4),%ebx
+       rorq    $8,%r8
+       movl    %edx,0(%rdi,%r10,4)
+       addb    %al,%dl
+       movb    (%rdi,%rdx,4),%r8b
+       addb    %bl,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       movl    4(%rdi,%rsi,4),%eax
+       rorq    $8,%r8
+       movl    %edx,4(%rdi,%r10,4)
+       addb    %bl,%dl
+       movb    (%rdi,%rdx,4),%r8b
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       movl    8(%rdi,%rsi,4),%ebx
+       rorq    $8,%r8
+       movl    %edx,8(%rdi,%r10,4)
+       addb    %al,%dl
+       movb    (%rdi,%rdx,4),%r8b
+       addb    %bl,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       movl    12(%rdi,%rsi,4),%eax
+       rorq    $8,%r8
+       movl    %edx,12(%rdi,%r10,4)
+       addb    %bl,%dl
+       movb    (%rdi,%rdx,4),%r8b
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       movl    16(%rdi,%rsi,4),%ebx
+       rorq    $8,%r8
+       movl    %edx,16(%rdi,%r10,4)
+       addb    %al,%dl
+       movb    (%rdi,%rdx,4),%r8b
+       addb    %bl,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       movl    20(%rdi,%rsi,4),%eax
+       rorq    $8,%r8
+       movl    %edx,20(%rdi,%r10,4)
+       addb    %bl,%dl
+       movb    (%rdi,%rdx,4),%r8b
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       movl    24(%rdi,%rsi,4),%ebx
+       rorq    $8,%r8
+       movl    %edx,24(%rdi,%r10,4)
+       addb    %al,%dl
+       movb    (%rdi,%rdx,4),%r8b
+       addb    $8,%sil
+       addb    %bl,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       movl    -4(%rdi,%rsi,4),%eax
+       rorq    $8,%r8
+       movl    %edx,28(%rdi,%r10,4)
+       addb    %bl,%dl
+       movb    (%rdi,%rdx,4),%r8b
+       addb    $8,%r10b
+       rorq    $8,%r8
+       subq    $8,%r11
+
+       xorq    (%r12),%r8
+       movq    %r8,(%r13,%r12,1)
+       leaq    8(%r12),%r12
+
+       testq   $-8,%r11
+       jnz     .Loop8
+       cmpq    $0,%r11
+       jne     .Lloop1
+       jmp     .Lexit
+
+.align 16
+.Lintel:
+       testq   $-32,%r11
+       jz      .Lloop1
+       andq    $15,%rbx
+       jz      .Loop16_is_hot
+       subq    %rbx,%r11
+.Loop16_warmup:
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       movl    %edx,(%rdi,%r10,4)
+       addb    %dl,%al
        incb    %r10b
-       movl    (%rdi,%r10,4),%r11d
-       cmpq    %r10,%r12
-       movl    %r9d,(%rdi,%r12,4)
-       cmoveq  %r9,%r11
-       movl    %r13d,(%rdi,%r8,4)
-       addb    %r9b,%r13b
-       movb    (%rdi,%r13,4),%al
-       addb    %r11b,%r12b
-       movq    %r10,%r8
-       movl    (%rdi,%r12,4),%r13d
-       rorq    $8,%rax
-       incb    %r8b
-       movl    (%rdi,%r8,4),%r9d
-       cmpq    %r8,%r12
-       movl    %r11d,(%rdi,%r12,4)
-       cmoveq  %r11,%r9
-       movl    %r13d,(%rdi,%r10,4)
-       addb    %r11b,%r13b
-       movb    (%rdi,%r13,4),%al
-       rorq    $8,%rax
-       subq    $8,%rsi
-
-       xorq    (%rdx),%rax
-       addq    $8,%rdx
-       movq    %rax,(%rcx)
-       addq    $8,%rcx
-
-       testq   $-8,%rsi
-       jnz     .Lloop8
-       cmpq    $0,%rsi
+       movl    (%rdi,%rax,4),%edx
+       movl    (%rdi,%r10,4),%eax
+       xorb    (%r12),%dl
+       movb    %dl,(%r13,%r12,1)
+       leaq    1(%r12),%r12
+       decq    %rbx
+       jnz     .Loop16_warmup
+
+       movq    %rcx,%rbx
+       xorq    %rcx,%rcx
+       movb    %bl,%cl
+
+.Loop16_is_hot:
+       leaq    (%rdi,%r10,4),%rsi
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       pxor    %xmm0,%xmm0
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    4(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,0(%rsi)
+       addb    %bl,%cl
+       pinsrw  $0,(%rdi,%rax,4),%xmm0
+       jmp     .Loop16_enter
+.align 16
+.Loop16:
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       pxor    %xmm0,%xmm2
+       psllq   $8,%xmm1
+       pxor    %xmm0,%xmm0
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    4(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,0(%rsi)
+       pxor    %xmm1,%xmm2
+       addb    %bl,%cl
+       pinsrw  $0,(%rdi,%rax,4),%xmm0
+       movdqu  %xmm2,(%r13,%r12,1)
+       leaq    16(%r12),%r12
+.Loop16_enter:
+       movl    (%rdi,%rcx,4),%edx
+       pxor    %xmm1,%xmm1
+       movl    %ebx,(%rdi,%rcx,4)
+       addb    %dl,%bl
+       movl    8(%rsi),%eax
+       movzbl  %bl,%ebx
+       movl    %edx,4(%rsi)
+       addb    %al,%cl
+       pinsrw  $0,(%rdi,%rbx,4),%xmm1
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    12(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,8(%rsi)
+       addb    %bl,%cl
+       pinsrw  $1,(%rdi,%rax,4),%xmm0
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       addb    %dl,%bl
+       movl    16(%rsi),%eax
+       movzbl  %bl,%ebx
+       movl    %edx,12(%rsi)
+       addb    %al,%cl
+       pinsrw  $1,(%rdi,%rbx,4),%xmm1
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    20(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,16(%rsi)
+       addb    %bl,%cl
+       pinsrw  $2,(%rdi,%rax,4),%xmm0
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       addb    %dl,%bl
+       movl    24(%rsi),%eax
+       movzbl  %bl,%ebx
+       movl    %edx,20(%rsi)
+       addb    %al,%cl
+       pinsrw  $2,(%rdi,%rbx,4),%xmm1
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    28(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,24(%rsi)
+       addb    %bl,%cl
+       pinsrw  $3,(%rdi,%rax,4),%xmm0
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       addb    %dl,%bl
+       movl    32(%rsi),%eax
+       movzbl  %bl,%ebx
+       movl    %edx,28(%rsi)
+       addb    %al,%cl
+       pinsrw  $3,(%rdi,%rbx,4),%xmm1
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    36(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,32(%rsi)
+       addb    %bl,%cl
+       pinsrw  $4,(%rdi,%rax,4),%xmm0
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       addb    %dl,%bl
+       movl    40(%rsi),%eax
+       movzbl  %bl,%ebx
+       movl    %edx,36(%rsi)
+       addb    %al,%cl
+       pinsrw  $4,(%rdi,%rbx,4),%xmm1
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    44(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,40(%rsi)
+       addb    %bl,%cl
+       pinsrw  $5,(%rdi,%rax,4),%xmm0
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       addb    %dl,%bl
+       movl    48(%rsi),%eax
+       movzbl  %bl,%ebx
+       movl    %edx,44(%rsi)
+       addb    %al,%cl
+       pinsrw  $5,(%rdi,%rbx,4),%xmm1
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    52(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,48(%rsi)
+       addb    %bl,%cl
+       pinsrw  $6,(%rdi,%rax,4),%xmm0
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       addb    %dl,%bl
+       movl    56(%rsi),%eax
+       movzbl  %bl,%ebx
+       movl    %edx,52(%rsi)
+       addb    %al,%cl
+       pinsrw  $6,(%rdi,%rbx,4),%xmm1
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    60(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,56(%rsi)
+       addb    %bl,%cl
+       pinsrw  $7,(%rdi,%rax,4),%xmm0
+       addb    $16,%r10b
+       movdqu  (%r12),%xmm2
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       addb    %dl,%bl
+       movzbl  %bl,%ebx
+       movl    %edx,60(%rsi)
+       leaq    (%rdi,%r10,4),%rsi
+       pinsrw  $7,(%rdi,%rbx,4),%xmm1
+       movl    (%rsi),%eax
+       movq    %rcx,%rbx
+       xorq    %rcx,%rcx
+       subq    $16,%r11
+       movb    %bl,%cl
+       testq   $-16,%r11
+       jnz     .Loop16
+
+       psllq   $8,%xmm1
+       pxor    %xmm0,%xmm2
+       pxor    %xmm1,%xmm2
+       movdqu  %xmm2,(%r13,%r12,1)
+       leaq    16(%r12),%r12
+
+       cmpq    $0,%r11
        jne     .Lloop1
        jmp     .Lexit
 
 .align 16
 .Lloop1:
-       addb    %r9b,%r12b
-       movl    (%rdi,%r12,4),%r13d
-       movl    %r9d,(%rdi,%r12,4)
-       movl    %r13d,(%rdi,%r8,4)
-       addb    %r13b,%r9b
-       incb    %r8b
-       movl    (%rdi,%r9,4),%r13d
-       movl    (%rdi,%r8,4),%r9d
-       xorb    (%rdx),%r13b
-       incq    %rdx
-       movb    %r13b,(%rcx)
-       incq    %rcx
-       decq    %rsi
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       movl    %edx,(%rdi,%r10,4)
+       addb    %dl,%al
+       incb    %r10b
+       movl    (%rdi,%rax,4),%edx
+       movl    (%rdi,%r10,4),%eax
+       xorb    (%r12),%dl
+       movb    %dl,(%r13,%r12,1)
+       leaq    1(%r12),%r12
+       decq    %r11
        jnz     .Lloop1
        jmp     .Lexit
 
 .align 16
 .LRC4_CHAR:
-       addb    $1,%r8b
-       movzbl  (%rdi,%r8,1),%r9d
-       testq   $-8,%rsi
+       addb    $1,%r10b
+       movzbl  (%rdi,%r10,1),%eax
+       testq   $-8,%r11
        jz      .Lcloop1
-       cmpl    $0,260(%rdi)
-       jnz     .Lcloop1
        jmp     .Lcloop8
 .align 16
 .Lcloop8:
-       movl    (%rdx),%eax
-       movl    4(%rdx),%ebx
-       addb    %r9b,%r12b
-       leaq    1(%r8),%r10
-       movzbl  (%rdi,%r12,1),%r13d
-       movzbl  %r10b,%r10d
-       movzbl  (%rdi,%r10,1),%r11d
-       movb    %r9b,(%rdi,%r12,1)
-       cmpq    %r10,%r12
-       movb    %r13b,(%rdi,%r8,1)
+       movl    (%r12),%r8d
+       movl    4(%r12),%r9d
+       addb    %al,%cl
+       leaq    1(%r10),%rsi
+       movzbl  (%rdi,%rcx,1),%edx
+       movzbl  %sil,%esi
+       movzbl  (%rdi,%rsi,1),%ebx
+       movb    %al,(%rdi,%rcx,1)
+       cmpq    %rsi,%rcx
+       movb    %dl,(%rdi,%r10,1)
        jne     .Lcmov0
 
-       movq    %r9,%r11
+       movq    %rax,%rbx
 .Lcmov0:
-       addb    %r9b,%r13b
-       xorb    (%rdi,%r13,1),%al
-       rorl    $8,%eax
-       addb    %r11b,%r12b
-       leaq    1(%r10),%r8
-       movzbl  (%rdi,%r12,1),%r13d
-       movzbl  %r8b,%r8d
-       movzbl  (%rdi,%r8,1),%r9d
-       movb    %r11b,(%rdi,%r12,1)
-       cmpq    %r8,%r12
-       movb    %r13b,(%rdi,%r10,1)
+       addb    %al,%dl
+       xorb    (%rdi,%rdx,1),%r8b
+       rorl    $8,%r8d
+       addb    %bl,%cl
+       leaq    1(%rsi),%r10
+       movzbl  (%rdi,%rcx,1),%edx
+       movzbl  %r10b,%r10d
+       movzbl  (%rdi,%r10,1),%eax
+       movb    %bl,(%rdi,%rcx,1)
+       cmpq    %r10,%rcx
+       movb    %dl,(%rdi,%rsi,1)
        jne     .Lcmov1
 
-       movq    %r11,%r9
+       movq    %rbx,%rax
 .Lcmov1:
-       addb    %r11b,%r13b
-       xorb    (%rdi,%r13,1),%al
-       rorl    $8,%eax
-       addb    %r9b,%r12b
-       leaq    1(%r8),%r10
-       movzbl  (%rdi,%r12,1),%r13d
-       movzbl  %r10b,%r10d
-       movzbl  (%rdi,%r10,1),%r11d
-       movb    %r9b,(%rdi,%r12,1)
-       cmpq    %r10,%r12
-       movb    %r13b,(%rdi,%r8,1)
+       addb    %bl,%dl
+       xorb    (%rdi,%rdx,1),%r8b
+       rorl    $8,%r8d
+       addb    %al,%cl
+       leaq    1(%r10),%rsi
+       movzbl  (%rdi,%rcx,1),%edx
+       movzbl  %sil,%esi
+       movzbl  (%rdi,%rsi,1),%ebx
+       movb    %al,(%rdi,%rcx,1)
+       cmpq    %rsi,%rcx
+       movb    %dl,(%rdi,%r10,1)
        jne     .Lcmov2
 
-       movq    %r9,%r11
+       movq    %rax,%rbx
 .Lcmov2:
-       addb    %r9b,%r13b
-       xorb    (%rdi,%r13,1),%al
-       rorl    $8,%eax
-       addb    %r11b,%r12b
-       leaq    1(%r10),%r8
-       movzbl  (%rdi,%r12,1),%r13d
-       movzbl  %r8b,%r8d
-       movzbl  (%rdi,%r8,1),%r9d
-       movb    %r11b,(%rdi,%r12,1)
-       cmpq    %r8,%r12
-       movb    %r13b,(%rdi,%r10,1)
+       addb    %al,%dl
+       xorb    (%rdi,%rdx,1),%r8b
+       rorl    $8,%r8d
+       addb    %bl,%cl
+       leaq    1(%rsi),%r10
+       movzbl  (%rdi,%rcx,1),%edx
+       movzbl  %r10b,%r10d
+       movzbl  (%rdi,%r10,1),%eax
+       movb    %bl,(%rdi,%rcx,1)
+       cmpq    %r10,%rcx
+       movb    %dl,(%rdi,%rsi,1)
        jne     .Lcmov3
 
-       movq    %r11,%r9
+       movq    %rbx,%rax
 .Lcmov3:
-       addb    %r11b,%r13b
-       xorb    (%rdi,%r13,1),%al
-       rorl    $8,%eax
-       addb    %r9b,%r12b
-       leaq    1(%r8),%r10
-       movzbl  (%rdi,%r12,1),%r13d
-       movzbl  %r10b,%r10d
-       movzbl  (%rdi,%r10,1),%r11d
-       movb    %r9b,(%rdi,%r12,1)
-       cmpq    %r10,%r12
-       movb    %r13b,(%rdi,%r8,1)
+       addb    %bl,%dl
+       xorb    (%rdi,%rdx,1),%r8b
+       rorl    $8,%r8d
+       addb    %al,%cl
+       leaq    1(%r10),%rsi
+       movzbl  (%rdi,%rcx,1),%edx
+       movzbl  %sil,%esi
+       movzbl  (%rdi,%rsi,1),%ebx
+       movb    %al,(%rdi,%rcx,1)
+       cmpq    %rsi,%rcx
+       movb    %dl,(%rdi,%r10,1)
        jne     .Lcmov4
 
-       movq    %r9,%r11
+       movq    %rax,%rbx
 .Lcmov4:
-       addb    %r9b,%r13b
-       xorb    (%rdi,%r13,1),%bl
-       rorl    $8,%ebx
-       addb    %r11b,%r12b
-       leaq    1(%r10),%r8
-       movzbl  (%rdi,%r12,1),%r13d
-       movzbl  %r8b,%r8d
-       movzbl  (%rdi,%r8,1),%r9d
-       movb    %r11b,(%rdi,%r12,1)
-       cmpq    %r8,%r12
-       movb    %r13b,(%rdi,%r10,1)
+       addb    %al,%dl
+       xorb    (%rdi,%rdx,1),%r9b
+       rorl    $8,%r9d
+       addb    %bl,%cl
+       leaq    1(%rsi),%r10
+       movzbl  (%rdi,%rcx,1),%edx
+       movzbl  %r10b,%r10d
+       movzbl  (%rdi,%r10,1),%eax
+       movb    %bl,(%rdi,%rcx,1)
+       cmpq    %r10,%rcx
+       movb    %dl,(%rdi,%rsi,1)
        jne     .Lcmov5
 
-       movq    %r11,%r9
+       movq    %rbx,%rax
 .Lcmov5:
-       addb    %r11b,%r13b
-       xorb    (%rdi,%r13,1),%bl
-       rorl    $8,%ebx
-       addb    %r9b,%r12b
-       leaq    1(%r8),%r10
-       movzbl  (%rdi,%r12,1),%r13d
-       movzbl  %r10b,%r10d
-       movzbl  (%rdi,%r10,1),%r11d
-       movb    %r9b,(%rdi,%r12,1)
-       cmpq    %r10,%r12
-       movb    %r13b,(%rdi,%r8,1)
+       addb    %bl,%dl
+       xorb    (%rdi,%rdx,1),%r9b
+       rorl    $8,%r9d
+       addb    %al,%cl
+       leaq    1(%r10),%rsi
+       movzbl  (%rdi,%rcx,1),%edx
+       movzbl  %sil,%esi
+       movzbl  (%rdi,%rsi,1),%ebx
+       movb    %al,(%rdi,%rcx,1)
+       cmpq    %rsi,%rcx
+       movb    %dl,(%rdi,%r10,1)
        jne     .Lcmov6
 
-       movq    %r9,%r11
+       movq    %rax,%rbx
 .Lcmov6:
-       addb    %r9b,%r13b
-       xorb    (%rdi,%r13,1),%bl
-       rorl    $8,%ebx
-       addb    %r11b,%r12b
-       leaq    1(%r10),%r8
-       movzbl  (%rdi,%r12,1),%r13d
-       movzbl  %r8b,%r8d
-       movzbl  (%rdi,%r8,1),%r9d
-       movb    %r11b,(%rdi,%r12,1)
-       cmpq    %r8,%r12
-       movb    %r13b,(%rdi,%r10,1)
+       addb    %al,%dl
+       xorb    (%rdi,%rdx,1),%r9b
+       rorl    $8,%r9d
+       addb    %bl,%cl
+       leaq    1(%rsi),%r10
+       movzbl  (%rdi,%rcx,1),%edx
+       movzbl  %r10b,%r10d
+       movzbl  (%rdi,%r10,1),%eax
+       movb    %bl,(%rdi,%rcx,1)
+       cmpq    %r10,%rcx
+       movb    %dl,(%rdi,%rsi,1)
        jne     .Lcmov7
 
-       movq    %r11,%r9
+       movq    %rbx,%rax
 .Lcmov7:
-       addb    %r11b,%r13b
-       xorb    (%rdi,%r13,1),%bl
-       rorl    $8,%ebx
-       leaq    -8(%rsi),%rsi
-       movl    %eax,(%rcx)
-       leaq    8(%rdx),%rdx
-       movl    %ebx,4(%rcx)
-       leaq    8(%rcx),%rcx
-
-       testq   $-8,%rsi
+       addb    %bl,%dl
+       xorb    (%rdi,%rdx,1),%r9b
+       rorl    $8,%r9d
+       leaq    -8(%r11),%r11
+       movl    %r8d,(%r13)
+       leaq    8(%r12),%r12
+       movl    %r9d,4(%r13)
+       leaq    8(%r13),%r13
+
+       testq   $-8,%r11
        jnz     .Lcloop8
-       cmpq    $0,%rsi
+       cmpq    $0,%r11
        jne     .Lcloop1
        jmp     .Lexit
 .align 16
 .Lcloop1:
-       addb    %r9b,%r12b
-       movzbl  (%rdi,%r12,1),%r13d
-       movb    %r9b,(%rdi,%r12,1)
-       movb    %r13b,(%rdi,%r8,1)
-       addb    %r9b,%r13b
-       addb    $1,%r8b
-       movzbl  %r13b,%r13d
-       movzbl  %r8b,%r8d
-       movzbl  (%rdi,%r13,1),%r13d
-       movzbl  (%rdi,%r8,1),%r9d
-       xorb    (%rdx),%r13b
-       leaq    1(%rdx),%rdx
-       movb    %r13b,(%rcx)
-       leaq    1(%rcx),%rcx
-       subq    $1,%rsi
+       addb    %al,%cl
+       movzbl  %cl,%ecx
+       movzbl  (%rdi,%rcx,1),%edx
+       movb    %al,(%rdi,%rcx,1)
+       movb    %dl,(%rdi,%r10,1)
+       addb    %al,%dl
+       addb    $1,%r10b
+       movzbl  %dl,%edx
+       movzbl  %r10b,%r10d
+       movzbl  (%rdi,%rdx,1),%edx
+       movzbl  (%rdi,%r10,1),%eax
+       xorb    (%r12),%dl
+       leaq    1(%r12),%r12
+       movb    %dl,(%r13)
+       leaq    1(%r13),%r13
+       subq    $1,%r11
        jnz     .Lcloop1
        jmp     .Lexit
 
 .align 16
 .Lexit:
-       subb    $1,%r8b
-       movl    %r8d,-8(%rdi)
-       movl    %r12d,-4(%rdi)
+       subb    $1,%r10b
+       movl    %r10d,-8(%rdi)
+       movl    %ecx,-4(%rdi)
 
        movq    (%rsp),%r13
        movq    8(%rsp),%r12
@@ -330,11 +526,10 @@ RC4:      orq     %rsi,%rsi
 .Lepilogue:
        .byte   0xf3,0xc3
 .size  RC4,.-RC4
-
-.globl RC4_set_key
-.type  RC4_set_key,@function
+.globl private_RC4_set_key
+.type  private_RC4_set_key,@function
 .align 16
-RC4_set_key:
+private_RC4_set_key:
        leaq    8(%rdi),%rdi
        leaq    (%rdx,%rsi,1),%rdx
        negq    %rsi
@@ -346,11 +541,8 @@ RC4_set_key:
 
        movl    OPENSSL_ia32cap_P(%rip),%r8d
        btl     $20,%r8d
-       jnc     .Lw1stloop
-       btl     $30,%r8d
-       setc    %r9b
-       movl    %r9d,260(%rdi)
-       jmp     .Lc1stloop
+       jc      .Lc1stloop
+       jmp     .Lw1stloop
 
 .align 16
 .Lw1stloop:
@@ -404,7 +596,7 @@ RC4_set_key:
        movl    %eax,-8(%rdi)
        movl    %eax,-4(%rdi)
        .byte   0xf3,0xc3
-.size  RC4_set_key,.-RC4_set_key
+.size  private_RC4_set_key,.-private_RC4_set_key
 
 .globl RC4_options
 .type  RC4_options,@function
@@ -413,18 +605,20 @@ RC4_options:
        leaq    .Lopts(%rip),%rax
        movl    OPENSSL_ia32cap_P(%rip),%edx
        btl     $20,%edx
-       jnc     .Ldone
-       addq    $12,%rax
+       jc      .L8xchar
        btl     $30,%edx
        jnc     .Ldone
-       addq    $13,%rax
+       addq    $25,%rax
+       .byte   0xf3,0xc3
+.L8xchar:
+       addq    $12,%rax
 .Ldone:
        .byte   0xf3,0xc3
 .align 64
 .Lopts:
 .byte  114,99,52,40,56,120,44,105,110,116,41,0
 .byte  114,99,52,40,56,120,44,99,104,97,114,41,0
-.byte  114,99,52,40,49,120,44,99,104,97,114,41,0
+.byte  114,99,52,40,49,54,120,44,105,110,116,41,0
 .byte  82,67,52,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align 64
 .size  RC4_options,.-RC4_options

diff --git a/deps/openssl/asm/x64-elf-gas/sha/sha1-x86_64.s b/deps/openssl/asm/x64-elf-gas/sha/sha1-x86_64.s
index 208c2cd..c11c6f6 100644 (file)
--- a/deps/openssl/asm/x64-elf-gas/sha/sha1-x86_64.s
+++ b/deps/openssl/asm/x64-elf-gas/sha/sha1-x86_64.s
@@ -1,12 +1,23 @@
 .text
 
+
+
 .globl sha1_block_data_order
 .type  sha1_block_data_order,@function
 .align 16
 sha1_block_data_order:
+       movl    OPENSSL_ia32cap_P+0(%rip),%r9d
+       movl    OPENSSL_ia32cap_P+4(%rip),%r8d
+       testl   $512,%r8d
+       jz      .Lialu
+       jmp     _ssse3_shortcut
+
+.align 16
+.Lialu:
        pushq   %rbx
        pushq   %rbp
        pushq   %r12
+       pushq   %r13
        movq    %rsp,%r11
        movq    %rdi,%r8
        subq    $72,%rsp
@@ -16,1268 +27,2466 @@ sha1_block_data_order:
        movq    %r11,64(%rsp)
 .Lprologue:
 
-       movl    0(%r8),%edx
-       movl    4(%r8),%esi
-       movl    8(%r8),%edi
-       movl    12(%r8),%ebp
-       movl    16(%r8),%r11d
-.align 4
+       movl    0(%r8),%esi
+       movl    4(%r8),%edi
+       movl    8(%r8),%r11d
+       movl    12(%r8),%r12d
+       movl    16(%r8),%r13d
+       jmp     .Lloop
+
+.align 16
 .Lloop:
-       movl    0(%r9),%eax
-       bswapl  %eax
-       movl    %eax,0(%rsp)
-       leal    1518500249(%rax,%r11,1),%r12d
-       movl    %edi,%ebx
-       movl    4(%r9),%eax
-       movl    %edx,%r11d
-       xorl    %ebp,%ebx
-       bswapl  %eax
-       roll    $5,%r11d
-       andl    %esi,%ebx
-       movl    %eax,4(%rsp)
-       addl    %r11d,%r12d
-       xorl    %ebp,%ebx
+       movl    0(%r9),%edx
+       bswapl  %edx
+       movl    %edx,0(%rsp)
+       movl    %r11d,%eax
+       movl    4(%r9),%ebp
+       movl    %esi,%ecx
+       xorl    %r12d,%eax
+       bswapl  %ebp
+       roll    $5,%ecx
+       leal    1518500249(%rdx,%r13,1),%r13d
+       andl    %edi,%eax
+       movl    %ebp,4(%rsp)
+       addl    %ecx,%r13d
+       xorl    %r12d,%eax
+       roll    $30,%edi
+       addl    %eax,%r13d
+       movl    %edi,%eax
+       movl    8(%r9),%edx
+       movl    %r13d,%ecx
+       xorl    %r11d,%eax
+       bswapl  %edx
+       roll    $5,%ecx
+       leal    1518500249(%rbp,%r12,1),%r12d
+       andl    %esi,%eax
+       movl    %edx,8(%rsp)
+       addl    %ecx,%r12d
+       xorl    %r11d,%eax
        roll    $30,%esi
-       addl    %ebx,%r12d
-       leal    1518500249(%rax,%rbp,1),%r11d
-       movl    %esi,%ebx
-       movl    8(%r9),%eax
-       movl    %r12d,%ebp
-       xorl    %edi,%ebx
-       bswapl  %eax
-       roll    $5,%ebp
-       andl    %edx,%ebx
-       movl    %eax,8(%rsp)
-       addl    %ebp,%r11d
-       xorl    %edi,%ebx
-       roll    $30,%edx
-       addl    %ebx,%r11d
-       leal    1518500249(%rax,%rdi,1),%ebp
-       movl    %edx,%ebx
-       movl    12(%r9),%eax
-       movl    %r11d,%edi
-       xorl    %esi,%ebx
-       bswapl  %eax
-       roll    $5,%edi
-       andl    %r12d,%ebx
-       movl    %eax,12(%rsp)
-       addl    %edi,%ebp
-       xorl    %esi,%ebx
+       addl    %eax,%r12d
+       movl    %esi,%eax
+       movl    12(%r9),%ebp
+       movl    %r12d,%ecx
+       xorl    %edi,%eax
+       bswapl  %ebp
+       roll    $5,%ecx
+       leal    1518500249(%rdx,%r11,1),%r11d
+       andl    %r13d,%eax
+       movl    %ebp,12(%rsp)
+       addl    %ecx,%r11d
+       xorl    %edi,%eax
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       movl    %r13d,%eax
+       movl    16(%r9),%edx
+       movl    %r11d,%ecx
+       xorl    %esi,%eax
+       bswapl  %edx
+       roll    $5,%ecx
+       leal    1518500249(%rbp,%rdi,1),%edi
+       andl    %r12d,%eax
+       movl    %edx,16(%rsp)
+       addl    %ecx,%edi
+       xorl    %esi,%eax
        roll    $30,%r12d
-       addl    %ebx,%ebp
-       leal    1518500249(%rax,%rsi,1),%edi
-       movl    %r12d,%ebx
-       movl    16(%r9),%eax
-       movl    %ebp,%esi
-       xorl    %edx,%ebx
-       bswapl  %eax
-       roll    $5,%esi
-       andl    %r11d,%ebx
-       movl    %eax,16(%rsp)
-       addl    %esi,%edi
-       xorl    %edx,%ebx
+       addl    %eax,%edi
+       movl    %r12d,%eax
+       movl    20(%r9),%ebp
+       movl    %edi,%ecx
+       xorl    %r13d,%eax
+       bswapl  %ebp
+       roll    $5,%ecx
+       leal    1518500249(%rdx,%rsi,1),%esi
+       andl    %r11d,%eax
+       movl    %ebp,20(%rsp)
+       addl    %ecx,%esi
+       xorl    %r13d,%eax
        roll    $30,%r11d
-       addl    %ebx,%edi
-       leal    1518500249(%rax,%rdx,1),%esi
+       addl    %eax,%esi
+       movl    %r11d,%eax
+       movl    24(%r9),%edx
+       movl    %esi,%ecx
+       xorl    %r12d,%eax
+       bswapl  %edx
+       roll    $5,%ecx
+       leal    1518500249(%rbp,%r13,1),%r13d
+       andl    %edi,%eax
+       movl    %edx,24(%rsp)
+       addl    %ecx,%r13d
+       xorl    %r12d,%eax
+       roll    $30,%edi
+       addl    %eax,%r13d
+       movl    %edi,%eax
+       movl    28(%r9),%ebp
+       movl    %r13d,%ecx
+       xorl    %r11d,%eax
+       bswapl  %ebp
+       roll    $5,%ecx
+       leal    1518500249(%rdx,%r12,1),%r12d
+       andl    %esi,%eax
+       movl    %ebp,28(%rsp)
+       addl    %ecx,%r12d
+       xorl    %r11d,%eax
+       roll    $30,%esi
+       addl    %eax,%r12d
+       movl    %esi,%eax
+       movl    32(%r9),%edx
+       movl    %r12d,%ecx
+       xorl    %edi,%eax
+       bswapl  %edx
+       roll    $5,%ecx
+       leal    1518500249(%rbp,%r11,1),%r11d
+       andl    %r13d,%eax
+       movl    %edx,32(%rsp)
+       addl    %ecx,%r11d
+       xorl    %edi,%eax
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       movl    %r13d,%eax
+       movl    36(%r9),%ebp
+       movl    %r11d,%ecx
+       xorl    %esi,%eax
+       bswapl  %ebp
+       roll    $5,%ecx
+       leal    1518500249(%rdx,%rdi,1),%edi
+       andl    %r12d,%eax
+       movl    %ebp,36(%rsp)
+       addl    %ecx,%edi
+       xorl    %esi,%eax
+       roll    $30,%r12d
+       addl    %eax,%edi
+       movl    %r12d,%eax
+       movl    40(%r9),%edx
+       movl    %edi,%ecx
+       xorl    %r13d,%eax
+       bswapl  %edx
+       roll    $5,%ecx
+       leal    1518500249(%rbp,%rsi,1),%esi
+       andl    %r11d,%eax
+       movl    %edx,40(%rsp)
+       addl    %ecx,%esi
+       xorl    %r13d,%eax
+       roll    $30,%r11d
+       addl    %eax,%esi
+       movl    %r11d,%eax
+       movl    44(%r9),%ebp
+       movl    %esi,%ecx
+       xorl    %r12d,%eax
+       bswapl  %ebp
+       roll    $5,%ecx
+       leal    1518500249(%rdx,%r13,1),%r13d
+       andl    %edi,%eax
+       movl    %ebp,44(%rsp)
+       addl    %ecx,%r13d
+       xorl    %r12d,%eax
+       roll    $30,%edi
+       addl    %eax,%r13d
+       movl    %edi,%eax
+       movl    48(%r9),%edx
+       movl    %r13d,%ecx
+       xorl    %r11d,%eax
+       bswapl  %edx
+       roll    $5,%ecx
+       leal    1518500249(%rbp,%r12,1),%r12d
+       andl    %esi,%eax
+       movl    %edx,48(%rsp)
+       addl    %ecx,%r12d
+       xorl    %r11d,%eax
+       roll    $30,%esi
+       addl    %eax,%r12d
+       movl    %esi,%eax
+       movl    52(%r9),%ebp
+       movl    %r12d,%ecx
+       xorl    %edi,%eax
+       bswapl  %ebp
+       roll    $5,%ecx
+       leal    1518500249(%rdx,%r11,1),%r11d
+       andl    %r13d,%eax
+       movl    %ebp,52(%rsp)
+       addl    %ecx,%r11d
+       xorl    %edi,%eax
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       movl    %r13d,%eax
+       movl    56(%r9),%edx
+       movl    %r11d,%ecx
+       xorl    %esi,%eax
+       bswapl  %edx
+       roll    $5,%ecx
+       leal    1518500249(%rbp,%rdi,1),%edi
+       andl    %r12d,%eax
+       movl    %edx,56(%rsp)
+       addl    %ecx,%edi
+       xorl    %esi,%eax
+       roll    $30,%r12d
+       addl    %eax,%edi
+       movl    %r12d,%eax
+       movl    60(%r9),%ebp
+       movl    %edi,%ecx
+       xorl    %r13d,%eax
+       bswapl  %ebp
+       roll    $5,%ecx
+       leal    1518500249(%rdx,%rsi,1),%esi
+       andl    %r11d,%eax
+       movl    %ebp,60(%rsp)
+       addl    %ecx,%esi
+       xorl    %r13d,%eax
+       roll    $30,%r11d
+       addl    %eax,%esi
+       movl    0(%rsp),%edx
+       movl    %r11d,%eax
+       movl    %esi,%ecx
+       xorl    8(%rsp),%edx
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       xorl    32(%rsp),%edx
+       andl    %edi,%eax
+       leal    1518500249(%rbp,%r13,1),%r13d
+       xorl    52(%rsp),%edx
+       xorl    %r12d,%eax
+       roll    $1,%edx
+       addl    %ecx,%r13d
+       roll    $30,%edi
+       movl    %edx,0(%rsp)
+       addl    %eax,%r13d
+       movl    4(%rsp),%ebp
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    12(%rsp),%ebp
+       xorl    %r11d,%eax
+       roll    $5,%ecx
+       xorl    36(%rsp),%ebp
+       andl    %esi,%eax
+       leal    1518500249(%rdx,%r12,1),%r12d
+       xorl    56(%rsp),%ebp
+       xorl    %r11d,%eax
+       roll    $1,%ebp
+       addl    %ecx,%r12d
+       roll    $30,%esi
+       movl    %ebp,4(%rsp)
+       addl    %eax,%r12d
+       movl    8(%rsp),%edx
+       movl    %esi,%eax
+       movl    %r12d,%ecx
+       xorl    16(%rsp),%edx
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       xorl    40(%rsp),%edx
+       andl    %r13d,%eax
+       leal    1518500249(%rbp,%r11,1),%r11d
+       xorl    60(%rsp),%edx
+       xorl    %edi,%eax
+       roll    $1,%edx
+       addl    %ecx,%r11d
+       roll    $30,%r13d
+       movl    %edx,8(%rsp)
+       addl    %eax,%r11d
+       movl    12(%rsp),%ebp
+       movl    %r13d,%eax
+       movl    %r11d,%ecx
+       xorl    20(%rsp),%ebp
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       xorl    44(%rsp),%ebp
+       andl    %r12d,%eax
+       leal    1518500249(%rdx,%rdi,1),%edi
+       xorl    0(%rsp),%ebp
+       xorl    %esi,%eax
+       roll    $1,%ebp
+       addl    %ecx,%edi
+       roll    $30,%r12d
+       movl    %ebp,12(%rsp)
+       addl    %eax,%edi
+       movl    16(%rsp),%edx
+       movl    %r12d,%eax
+       movl    %edi,%ecx
+       xorl    24(%rsp),%edx
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       xorl    48(%rsp),%edx
+       andl    %r11d,%eax
+       leal    1518500249(%rbp,%rsi,1),%esi
+       xorl    4(%rsp),%edx
+       xorl    %r13d,%eax
+       roll    $1,%edx
+       addl    %ecx,%esi
+       roll    $30,%r11d
+       movl    %edx,16(%rsp)
+       addl    %eax,%esi
+       movl    20(%rsp),%ebp
+       movl    %r11d,%eax
+       movl    %esi,%ecx
+       xorl    28(%rsp),%ebp
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%r13,1),%r13d
+       xorl    52(%rsp),%ebp
+       xorl    %r12d,%eax
+       addl    %ecx,%r13d
+       xorl    8(%rsp),%ebp
+       roll    $30,%edi
+       addl    %eax,%r13d
+       roll    $1,%ebp
+       movl    %ebp,20(%rsp)
+       movl    24(%rsp),%edx
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    32(%rsp),%edx
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%r12,1),%r12d
+       xorl    56(%rsp),%edx
+       xorl    %r11d,%eax
+       addl    %ecx,%r12d
+       xorl    12(%rsp),%edx
+       roll    $30,%esi
+       addl    %eax,%r12d
+       roll    $1,%edx
+       movl    %edx,24(%rsp)
+       movl    28(%rsp),%ebp
+       movl    %esi,%eax
+       movl    %r12d,%ecx
+       xorl    36(%rsp),%ebp
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%r11,1),%r11d
+       xorl    60(%rsp),%ebp
+       xorl    %edi,%eax
+       addl    %ecx,%r11d
+       xorl    16(%rsp),%ebp
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       roll    $1,%ebp
+       movl    %ebp,28(%rsp)
+       movl    32(%rsp),%edx
+       movl    %r13d,%eax
+       movl    %r11d,%ecx
+       xorl    40(%rsp),%edx
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%rdi,1),%edi
+       xorl    0(%rsp),%edx
+       xorl    %esi,%eax
+       addl    %ecx,%edi
+       xorl    20(%rsp),%edx
+       roll    $30,%r12d
+       addl    %eax,%edi
+       roll    $1,%edx
+       movl    %edx,32(%rsp)
+       movl    36(%rsp),%ebp
+       movl    %r12d,%eax
+       movl    %edi,%ecx
+       xorl    44(%rsp),%ebp
+       xorl    %r11d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%rsi,1),%esi
+       xorl    4(%rsp),%ebp
+       xorl    %r13d,%eax
+       addl    %ecx,%esi
+       xorl    24(%rsp),%ebp
+       roll    $30,%r11d
+       addl    %eax,%esi
+       roll    $1,%ebp
+       movl    %ebp,36(%rsp)
+       movl    40(%rsp),%edx
+       movl    %r11d,%eax
+       movl    %esi,%ecx
+       xorl    48(%rsp),%edx
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%r13,1),%r13d
+       xorl    8(%rsp),%edx
+       xorl    %r12d,%eax
+       addl    %ecx,%r13d
+       xorl    28(%rsp),%edx
+       roll    $30,%edi
+       addl    %eax,%r13d
+       roll    $1,%edx
+       movl    %edx,40(%rsp)
+       movl    44(%rsp),%ebp
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    52(%rsp),%ebp
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%r12,1),%r12d
+       xorl    12(%rsp),%ebp
+       xorl    %r11d,%eax
+       addl    %ecx,%r12d
+       xorl    32(%rsp),%ebp
+       roll    $30,%esi
+       addl    %eax,%r12d
+       roll    $1,%ebp
+       movl    %ebp,44(%rsp)
+       movl    48(%rsp),%edx
+       movl    %esi,%eax
+       movl    %r12d,%ecx
+       xorl    56(%rsp),%edx
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%r11,1),%r11d
+       xorl    16(%rsp),%edx
+       xorl    %edi,%eax
+       addl    %ecx,%r11d
+       xorl    36(%rsp),%edx
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       roll    $1,%edx
+       movl    %edx,48(%rsp)
+       movl    52(%rsp),%ebp
+       movl    %r13d,%eax
+       movl    %r11d,%ecx
+       xorl    60(%rsp),%ebp
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%rdi,1),%edi
+       xorl    20(%rsp),%ebp
+       xorl    %esi,%eax
+       addl    %ecx,%edi
+       xorl    40(%rsp),%ebp
+       roll    $30,%r12d
+       addl    %eax,%edi
+       roll    $1,%ebp
+       movl    %ebp,52(%rsp)
+       movl    56(%rsp),%edx
+       movl    %r12d,%eax
+       movl    %edi,%ecx
+       xorl    0(%rsp),%edx
+       xorl    %r11d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%rsi,1),%esi
+       xorl    24(%rsp),%edx
+       xorl    %r13d,%eax
+       addl    %ecx,%esi
+       xorl    44(%rsp),%edx
+       roll    $30,%r11d
+       addl    %eax,%esi
+       roll    $1,%edx
+       movl    %edx,56(%rsp)
+       movl    60(%rsp),%ebp
+       movl    %r11d,%eax
+       movl    %esi,%ecx
+       xorl    4(%rsp),%ebp
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%r13,1),%r13d
+       xorl    28(%rsp),%ebp
+       xorl    %r12d,%eax
+       addl    %ecx,%r13d
+       xorl    48(%rsp),%ebp
+       roll    $30,%edi
+       addl    %eax,%r13d
+       roll    $1,%ebp
+       movl    %ebp,60(%rsp)
+       movl    0(%rsp),%edx
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    8(%rsp),%edx
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%r12,1),%r12d
+       xorl    32(%rsp),%edx
+       xorl    %r11d,%eax
+       addl    %ecx,%r12d
+       xorl    52(%rsp),%edx
+       roll    $30,%esi
+       addl    %eax,%r12d
+       roll    $1,%edx
+       movl    %edx,0(%rsp)
+       movl    4(%rsp),%ebp
+       movl    %esi,%eax
+       movl    %r12d,%ecx
+       xorl    12(%rsp),%ebp
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%r11,1),%r11d
+       xorl    36(%rsp),%ebp
+       xorl    %edi,%eax
+       addl    %ecx,%r11d
+       xorl    56(%rsp),%ebp
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       roll    $1,%ebp
+       movl    %ebp,4(%rsp)
+       movl    8(%rsp),%edx
+       movl    %r13d,%eax
+       movl    %r11d,%ecx
+       xorl    16(%rsp),%edx
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%rdi,1),%edi
+       xorl    40(%rsp),%edx
+       xorl    %esi,%eax
+       addl    %ecx,%edi
+       xorl    60(%rsp),%edx
+       roll    $30,%r12d
+       addl    %eax,%edi
+       roll    $1,%edx
+       movl    %edx,8(%rsp)
+       movl    12(%rsp),%ebp
+       movl    %r12d,%eax
+       movl    %edi,%ecx
+       xorl    20(%rsp),%ebp
+       xorl    %r11d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%rsi,1),%esi
+       xorl    44(%rsp),%ebp
+       xorl    %r13d,%eax
+       addl    %ecx,%esi
+       xorl    0(%rsp),%ebp
+       roll    $30,%r11d
+       addl    %eax,%esi
+       roll    $1,%ebp
+       movl    %ebp,12(%rsp)
+       movl    16(%rsp),%edx
+       movl    %r11d,%eax
+       movl    %esi,%ecx
+       xorl    24(%rsp),%edx
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%r13,1),%r13d
+       xorl    48(%rsp),%edx
+       xorl    %r12d,%eax
+       addl    %ecx,%r13d
+       xorl    4(%rsp),%edx
+       roll    $30,%edi
+       addl    %eax,%r13d
+       roll    $1,%edx
+       movl    %edx,16(%rsp)
+       movl    20(%rsp),%ebp
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    28(%rsp),%ebp
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%r12,1),%r12d
+       xorl    52(%rsp),%ebp
+       xorl    %r11d,%eax
+       addl    %ecx,%r12d
+       xorl    8(%rsp),%ebp
+       roll    $30,%esi
+       addl    %eax,%r12d
+       roll    $1,%ebp
+       movl    %ebp,20(%rsp)
+       movl    24(%rsp),%edx
+       movl    %esi,%eax
+       movl    %r12d,%ecx
+       xorl    32(%rsp),%edx
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%r11,1),%r11d
+       xorl    56(%rsp),%edx
+       xorl    %edi,%eax
+       addl    %ecx,%r11d
+       xorl    12(%rsp),%edx
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       roll    $1,%edx
+       movl    %edx,24(%rsp)
+       movl    28(%rsp),%ebp
+       movl    %r13d,%eax
+       movl    %r11d,%ecx
+       xorl    36(%rsp),%ebp
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%rdi,1),%edi
+       xorl    60(%rsp),%ebp
+       xorl    %esi,%eax
+       addl    %ecx,%edi
+       xorl    16(%rsp),%ebp
+       roll    $30,%r12d
+       addl    %eax,%edi
+       roll    $1,%ebp
+       movl    %ebp,28(%rsp)
+       movl    32(%rsp),%edx
+       movl    %r12d,%eax
+       movl    %edi,%ecx
+       xorl    40(%rsp),%edx
+       xorl    %r11d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%rsi,1),%esi
+       xorl    0(%rsp),%edx
+       xorl    %r13d,%eax
+       addl    %ecx,%esi
+       xorl    20(%rsp),%edx
+       roll    $30,%r11d
+       addl    %eax,%esi
+       roll    $1,%edx
+       movl    %edx,32(%rsp)
+       movl    36(%rsp),%ebp
+       movl    %r11d,%eax
        movl    %r11d,%ebx
-       movl    20(%r9),%eax
-       movl    %edi,%edx
-       xorl    %r12d,%ebx
-       bswapl  %eax
-       roll    $5,%edx
-       andl    %ebp,%ebx
-       movl    %eax,20(%rsp)
-       addl    %edx,%esi
+       xorl    44(%rsp),%ebp
+       andl    %r12d,%eax
+       movl    %esi,%ecx
+       xorl    4(%rsp),%ebp
        xorl    %r12d,%ebx
-       roll    $30,%ebp
-       addl    %ebx,%esi
-       leal    1518500249(%rax,%r12,1),%edx
-       movl    %ebp,%ebx
-       movl    24(%r9),%eax
-       movl    %esi,%r12d
-       xorl    %r11d,%ebx
-       bswapl  %eax
-       roll    $5,%r12d
+       leal    -1894007588(%rdx,%r13,1),%r13d
+       roll    $5,%ecx
+       xorl    24(%rsp),%ebp
+       addl    %eax,%r13d
        andl    %edi,%ebx
-       movl    %eax,24(%rsp)
-       addl    %r12d,%edx
-       xorl    %r11d,%ebx
+       roll    $1,%ebp
+       addl    %ebx,%r13d
        roll    $30,%edi
-       addl    %ebx,%edx
-       leal    1518500249(%rax,%r11,1),%r12d
+       movl    %ebp,36(%rsp)
+       addl    %ecx,%r13d
+       movl    40(%rsp),%edx
+       movl    %edi,%eax
        movl    %edi,%ebx
-       movl    28(%r9),%eax
-       movl    %edx,%r11d
-       xorl    %ebp,%ebx
-       bswapl  %eax
-       roll    $5,%r11d
+       xorl    48(%rsp),%edx
+       andl    %r11d,%eax
+       movl    %r13d,%ecx
+       xorl    8(%rsp),%edx
+       xorl    %r11d,%ebx
+       leal    -1894007588(%rbp,%r12,1),%r12d
+       roll    $5,%ecx
+       xorl    28(%rsp),%edx
+       addl    %eax,%r12d
        andl    %esi,%ebx
-       movl    %eax,28(%rsp)
-       addl    %r11d,%r12d
-       xorl    %ebp,%ebx
-       roll    $30,%esi
+       roll    $1,%edx
        addl    %ebx,%r12d
-       leal    1518500249(%rax,%rbp,1),%r11d
+       roll    $30,%esi
+       movl    %edx,40(%rsp)
+       addl    %ecx,%r12d
+       movl    44(%rsp),%ebp
+       movl    %esi,%eax
        movl    %esi,%ebx
-       movl    32(%r9),%eax
-       movl    %r12d,%ebp
-       xorl    %edi,%ebx
-       bswapl  %eax
-       roll    $5,%ebp
-       andl    %edx,%ebx
-       movl    %eax,32(%rsp)
-       addl    %ebp,%r11d
+       xorl    52(%rsp),%ebp
+       andl    %edi,%eax
+       movl    %r12d,%ecx
+       xorl    12(%rsp),%ebp
        xorl    %edi,%ebx
-       roll    $30,%edx
+       leal    -1894007588(%rdx,%r11,1),%r11d
+       roll    $5,%ecx
+       xorl    32(%rsp),%ebp
+       addl    %eax,%r11d
+       andl    %r13d,%ebx
+       roll    $1,%ebp
        addl    %ebx,%r11d
-       leal    1518500249(%rax,%rdi,1),%ebp
-       movl    %edx,%ebx
-       movl    36(%r9),%eax
-       movl    %r11d,%edi
+       roll    $30,%r13d
+       movl    %ebp,44(%rsp)
+       addl    %ecx,%r11d
+       movl    48(%rsp),%edx
+       movl    %r13d,%eax
+       movl    %r13d,%ebx
+       xorl    56(%rsp),%edx
+       andl    %esi,%eax
+       movl    %r11d,%ecx
+       xorl    16(%rsp),%edx
        xorl    %esi,%ebx
-       bswapl  %eax
-       roll    $5,%edi
+       leal    -1894007588(%rbp,%rdi,1),%edi
+       roll    $5,%ecx
+       xorl    36(%rsp),%edx
+       addl    %eax,%edi
        andl    %r12d,%ebx
-       movl    %eax,36(%rsp)
-       addl    %edi,%ebp
-       xorl    %esi,%ebx
+       roll    $1,%edx
+       addl    %ebx,%edi
        roll    $30,%r12d
-       addl    %ebx,%ebp
-       leal    1518500249(%rax,%rsi,1),%edi
+       movl    %edx,48(%rsp)
+       addl    %ecx,%edi
+       movl    52(%rsp),%ebp
+       movl    %r12d,%eax
        movl    %r12d,%ebx
-       movl    40(%r9),%eax
-       movl    %ebp,%esi
-       xorl    %edx,%ebx
-       bswapl  %eax
-       roll    $5,%esi
+       xorl    60(%rsp),%ebp
+       andl    %r13d,%eax
+       movl    %edi,%ecx
+       xorl    20(%rsp),%ebp
+       xorl    %r13d,%ebx
+       leal    -1894007588(%rdx,%rsi,1),%esi
+       roll    $5,%ecx
+       xorl    40(%rsp),%ebp
+       addl    %eax,%esi
        andl    %r11d,%ebx
-       movl    %eax,40(%rsp)
-       addl    %esi,%edi
-       xorl    %edx,%ebx
+       roll    $1,%ebp
+       addl    %ebx,%esi
        roll    $30,%r11d
-       addl    %ebx,%edi
-       leal    1518500249(%rax,%rdx,1),%esi
+       movl    %ebp,52(%rsp)
+       addl    %ecx,%esi
+       movl    56(%rsp),%edx
+       movl    %r11d,%eax
        movl    %r11d,%ebx
-       movl    44(%r9),%eax
-       movl    %edi,%edx
-       xorl    %r12d,%ebx
-       bswapl  %eax
-       roll    $5,%edx
-       andl    %ebp,%ebx
-       movl    %eax,44(%rsp)
-       addl    %edx,%esi
+       xorl    0(%rsp),%edx
+       andl    %r12d,%eax
+       movl    %esi,%ecx
+       xorl    24(%rsp),%edx
        xorl    %r12d,%ebx
-       roll    $30,%ebp
-       addl    %ebx,%esi
-       leal    1518500249(%rax,%r12,1),%edx
-       movl    %ebp,%ebx
-       movl    48(%r9),%eax
-       movl    %esi,%r12d
-       xorl    %r11d,%ebx
-       bswapl  %eax
-       roll    $5,%r12d
+       leal    -1894007588(%rbp,%r13,1),%r13d
+       roll    $5,%ecx
+       xorl    44(%rsp),%edx
+       addl    %eax,%r13d
        andl    %edi,%ebx
-       movl    %eax,48(%rsp)
-       addl    %r12d,%edx
-       xorl    %r11d,%ebx
+       roll    $1,%edx
+       addl    %ebx,%r13d
        roll    $30,%edi
-       addl    %ebx,%edx
-       leal    1518500249(%rax,%r11,1),%r12d
+       movl    %edx,56(%rsp)
+       addl    %ecx,%r13d
+       movl    60(%rsp),%ebp
+       movl    %edi,%eax
        movl    %edi,%ebx
-       movl    52(%r9),%eax
-       movl    %edx,%r11d
-       xorl    %ebp,%ebx
-       bswapl  %eax
-       roll    $5,%r11d
+       xorl    4(%rsp),%ebp
+       andl    %r11d,%eax
+       movl    %r13d,%ecx
+       xorl    28(%rsp),%ebp
+       xorl    %r11d,%ebx
+       leal    -1894007588(%rdx,%r12,1),%r12d
+       roll    $5,%ecx
+       xorl    48(%rsp),%ebp
+       addl    %eax,%r12d
        andl    %esi,%ebx
-       movl    %eax,52(%rsp)
-       addl    %r11d,%r12d
-       xorl    %ebp,%ebx
-       roll    $30,%esi
+       roll    $1,%ebp
        addl    %ebx,%r12d
-       leal    1518500249(%rax,%rbp,1),%r11d
+       roll    $30,%esi
+       movl    %ebp,60(%rsp)
+       addl    %ecx,%r12d
+       movl    0(%rsp),%edx
+       movl    %esi,%eax
        movl    %esi,%ebx
-       movl    56(%r9),%eax
-       movl    %r12d,%ebp
-       xorl    %edi,%ebx
-       bswapl  %eax
-       roll    $5,%ebp
-       andl    %edx,%ebx
-       movl    %eax,56(%rsp)
-       addl    %ebp,%r11d
+       xorl    8(%rsp),%edx
+       andl    %edi,%eax
+       movl    %r12d,%ecx
+       xorl    32(%rsp),%edx
        xorl    %edi,%ebx
-       roll    $30,%edx
+       leal    -1894007588(%rbp,%r11,1),%r11d
+       roll    $5,%ecx
+       xorl    52(%rsp),%edx
+       addl    %eax,%r11d
+       andl    %r13d,%ebx
+       roll    $1,%edx
        addl    %ebx,%r11d
-       leal    1518500249(%rax,%rdi,1),%ebp
-       movl    %edx,%ebx
-       movl    60(%r9),%eax
-       movl    %r11d,%edi
+       roll    $30,%r13d
+       movl    %edx,0(%rsp)
+       addl    %ecx,%r11d
+       movl    4(%rsp),%ebp
+       movl    %r13d,%eax
+       movl    %r13d,%ebx
+       xorl    12(%rsp),%ebp
+       andl    %esi,%eax
+       movl    %r11d,%ecx
+       xorl    36(%rsp),%ebp
        xorl    %esi,%ebx
-       bswapl  %eax
-       roll    $5,%edi
+       leal    -1894007588(%rdx,%rdi,1),%edi
+       roll    $5,%ecx
+       xorl    56(%rsp),%ebp
+       addl    %eax,%edi
        andl    %r12d,%ebx
-       movl    %eax,60(%rsp)
-       addl    %edi,%ebp
-       xorl    %esi,%ebx
+       roll    $1,%ebp
+       addl    %ebx,%edi
        roll    $30,%r12d
-       addl    %ebx,%ebp
-       leal    1518500249(%rax,%rsi,1),%edi
-       movl    0(%rsp),%eax
+       movl    %ebp,4(%rsp)
+       addl    %ecx,%edi
+       movl    8(%rsp),%edx
+       movl    %r12d,%eax
        movl    %r12d,%ebx
-       movl    %ebp,%esi
-       xorl    8(%rsp),%eax
-       xorl    %edx,%ebx
-       roll    $5,%esi
-       xorl    32(%rsp),%eax
+       xorl    16(%rsp),%edx
+       andl    %r13d,%eax
+       movl    %edi,%ecx
+       xorl    40(%rsp),%edx
+       xorl    %r13d,%ebx
+       leal    -1894007588(%rbp,%rsi,1),%esi
+       roll    $5,%ecx
+       xorl    60(%rsp),%edx
+       addl    %eax,%esi
        andl    %r11d,%ebx
-       addl    %esi,%edi
-       xorl    52(%rsp),%eax
-       xorl    %edx,%ebx
+       roll    $1,%edx
+       addl    %ebx,%esi
        roll    $30,%r11d
-       addl    %ebx,%edi
-       roll    $1,%eax
-       movl    %eax,0(%rsp)
-       leal    1518500249(%rax,%rdx,1),%esi
-       movl    4(%rsp),%eax
+       movl    %edx,8(%rsp)
+       addl    %ecx,%esi
+       movl    12(%rsp),%ebp
+       movl    %r11d,%eax
        movl    %r11d,%ebx
-       movl    %edi,%edx
-       xorl    12(%rsp),%eax
-       xorl    %r12d,%ebx
-       roll    $5,%edx
-       xorl    36(%rsp),%eax
-       andl    %ebp,%ebx
-       addl    %edx,%esi
-       xorl    56(%rsp),%eax
+       xorl    20(%rsp),%ebp
+       andl    %r12d,%eax
+       movl    %esi,%ecx
+       xorl    44(%rsp),%ebp
        xorl    %r12d,%ebx
-       roll    $30,%ebp
-       addl    %ebx,%esi
-       roll    $1,%eax
-       movl    %eax,4(%rsp)
-       leal    1518500249(%rax,%r12,1),%edx
-       movl    8(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %esi,%r12d
-       xorl    16(%rsp),%eax
-       xorl    %r11d,%ebx
-       roll    $5,%r12d
-       xorl    40(%rsp),%eax
+       leal    -1894007588(%rdx,%r13,1),%r13d
+       roll    $5,%ecx
+       xorl    0(%rsp),%ebp
+       addl    %eax,%r13d
        andl    %edi,%ebx
-       addl    %r12d,%edx
-       xorl    60(%rsp),%eax
-       xorl    %r11d,%ebx
+       roll    $1,%ebp
+       addl    %ebx,%r13d
        roll    $30,%edi
-       addl    %ebx,%edx
-       roll    $1,%eax
-       movl    %eax,8(%rsp)
-       leal    1518500249(%rax,%r11,1),%r12d
-       movl    12(%rsp),%eax
+       movl    %ebp,12(%rsp)
+       addl    %ecx,%r13d
+       movl    16(%rsp),%edx
+       movl    %edi,%eax
        movl    %edi,%ebx
-       movl    %edx,%r11d
-       xorl    20(%rsp),%eax
-       xorl    %ebp,%ebx
-       roll    $5,%r11d
-       xorl    44(%rsp),%eax
+       xorl    24(%rsp),%edx
+       andl    %r11d,%eax
+       movl    %r13d,%ecx
+       xorl    48(%rsp),%edx
+       xorl    %r11d,%ebx
+       leal    -1894007588(%rbp,%r12,1),%r12d
+       roll    $5,%ecx
+       xorl    4(%rsp),%edx
+       addl    %eax,%r12d
        andl    %esi,%ebx
-       addl    %r11d,%r12d
-       xorl    0(%rsp),%eax
-       xorl    %ebp,%ebx
-       roll    $30,%esi
+       roll    $1,%edx
        addl    %ebx,%r12d
-       roll    $1,%eax
-       movl    %eax,12(%rsp)
-       leal    1518500249(%rax,%rbp,1),%r11d
-       movl    16(%rsp),%eax
+       roll    $30,%esi
+       movl    %edx,16(%rsp)
+       addl    %ecx,%r12d
+       movl    20(%rsp),%ebp
+       movl    %esi,%eax
        movl    %esi,%ebx
-       movl    %r12d,%ebp
-       xorl    24(%rsp),%eax
-       xorl    %edi,%ebx
-       roll    $5,%ebp
-       xorl    48(%rsp),%eax
-       andl    %edx,%ebx
-       addl    %ebp,%r11d
-       xorl    4(%rsp),%eax
+       xorl    28(%rsp),%ebp
+       andl    %edi,%eax
+       movl    %r12d,%ecx
+       xorl    52(%rsp),%ebp
        xorl    %edi,%ebx
-       roll    $30,%edx
+       leal    -1894007588(%rdx,%r11,1),%r11d
+       roll    $5,%ecx
+       xorl    8(%rsp),%ebp
+       addl    %eax,%r11d
+       andl    %r13d,%ebx
+       roll    $1,%ebp
        addl    %ebx,%r11d
-       roll    $1,%eax
-       movl    %eax,16(%rsp)
-       leal    1859775393(%rax,%rdi,1),%ebp
-       movl    20(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %r11d,%edi
-       xorl    28(%rsp),%eax
-       xorl    %r12d,%ebx
-       roll    $5,%edi
-       xorl    52(%rsp),%eax
+       roll    $30,%r13d
+       movl    %ebp,20(%rsp)
+       addl    %ecx,%r11d
+       movl    24(%rsp),%edx
+       movl    %r13d,%eax
+       movl    %r13d,%ebx
+       xorl    32(%rsp),%edx
+       andl    %esi,%eax
+       movl    %r11d,%ecx
+       xorl    56(%rsp),%edx
        xorl    %esi,%ebx
-       addl    %edi,%ebp
-       xorl    8(%rsp),%eax
+       leal    -1894007588(%rbp,%rdi,1),%edi
+       roll    $5,%ecx
+       xorl    12(%rsp),%edx
+       addl    %eax,%edi
+       andl    %r12d,%ebx
+       roll    $1,%edx
+       addl    %ebx,%edi
        roll    $30,%r12d
-       addl    %ebx,%ebp
-       roll    $1,%eax
-       movl    %eax,20(%rsp)
-       leal    1859775393(%rax,%rsi,1),%edi
-       movl    24(%rsp),%eax
+       movl    %edx,24(%rsp)
+       addl    %ecx,%edi
+       movl    28(%rsp),%ebp
+       movl    %r12d,%eax
        movl    %r12d,%ebx
-       movl    %ebp,%esi
-       xorl    32(%rsp),%eax
-       xorl    %r11d,%ebx
-       roll    $5,%esi
-       xorl    56(%rsp),%eax
-       xorl    %edx,%ebx
-       addl    %esi,%edi
-       xorl    12(%rsp),%eax
+       xorl    36(%rsp),%ebp
+       andl    %r13d,%eax
+       movl    %edi,%ecx
+       xorl    60(%rsp),%ebp
+       xorl    %r13d,%ebx
+       leal    -1894007588(%rdx,%rsi,1),%esi
+       roll    $5,%ecx
+       xorl    16(%rsp),%ebp
+       addl    %eax,%esi
+       andl    %r11d,%ebx
+       roll    $1,%ebp
+       addl    %ebx,%esi
        roll    $30,%r11d
-       addl    %ebx,%edi
-       roll    $1,%eax
-       movl    %eax,24(%rsp)
-       leal    1859775393(%rax,%rdx,1),%esi
-       movl    28(%rsp),%eax
+       movl    %ebp,28(%rsp)
+       addl    %ecx,%esi
+       movl    32(%rsp),%edx
+       movl    %r11d,%eax
        movl    %r11d,%ebx
-       movl    %edi,%edx
-       xorl    36(%rsp),%eax
-       xorl    %ebp,%ebx
-       roll    $5,%edx
-       xorl    60(%rsp),%eax
+       xorl    40(%rsp),%edx
+       andl    %r12d,%eax
+       movl    %esi,%ecx
+       xorl    0(%rsp),%edx
        xorl    %r12d,%ebx
-       addl    %edx,%esi
-       xorl    16(%rsp),%eax
-       roll    $30,%ebp
-       addl    %ebx,%esi
-       roll    $1,%eax
-       movl    %eax,28(%rsp)
-       leal    1859775393(%rax,%r12,1),%edx
-       movl    32(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %esi,%r12d
-       xorl    40(%rsp),%eax
-       xorl    %edi,%ebx
-       roll    $5,%r12d
-       xorl    0(%rsp),%eax
-       xorl    %r11d,%ebx
-       addl    %r12d,%edx
-       xorl    20(%rsp),%eax
+       leal    -1894007588(%rbp,%r13,1),%r13d
+       roll    $5,%ecx
+       xorl    20(%rsp),%edx
+       addl    %eax,%r13d
+       andl    %edi,%ebx
+       roll    $1,%edx
+       addl    %ebx,%r13d
        roll    $30,%edi
-       addl    %ebx,%edx
-       roll    $1,%eax
-       movl    %eax,32(%rsp)
-       leal    1859775393(%rax,%r11,1),%r12d
-       movl    36(%rsp),%eax
+       movl    %edx,32(%rsp)
+       addl    %ecx,%r13d
+       movl    36(%rsp),%ebp
+       movl    %edi,%eax
        movl    %edi,%ebx
-       movl    %edx,%r11d
-       xorl    44(%rsp),%eax
-       xorl    %esi,%ebx
-       roll    $5,%r11d
-       xorl    4(%rsp),%eax
-       xorl    %ebp,%ebx
-       addl    %r11d,%r12d
-       xorl    24(%rsp),%eax
-       roll    $30,%esi
+       xorl    44(%rsp),%ebp
+       andl    %r11d,%eax
+       movl    %r13d,%ecx
+       xorl    4(%rsp),%ebp
+       xorl    %r11d,%ebx
+       leal    -1894007588(%rdx,%r12,1),%r12d
+       roll    $5,%ecx
+       xorl    24(%rsp),%ebp
+       addl    %eax,%r12d
+       andl    %esi,%ebx
+       roll    $1,%ebp
        addl    %ebx,%r12d
-       roll    $1,%eax
-       movl    %eax,36(%rsp)
-       leal    1859775393(%rax,%rbp,1),%r11d
-       movl    40(%rsp),%eax
+       roll    $30,%esi
+       movl    %ebp,36(%rsp)
+       addl    %ecx,%r12d
+       movl    40(%rsp),%edx
+       movl    %esi,%eax
        movl    %esi,%ebx
-       movl    %r12d,%ebp
-       xorl    48(%rsp),%eax
-       xorl    %edx,%ebx
-       roll    $5,%ebp
-       xorl    8(%rsp),%eax
+       xorl    48(%rsp),%edx
+       andl    %edi,%eax
+       movl    %r12d,%ecx
+       xorl    8(%rsp),%edx
        xorl    %edi,%ebx
-       addl    %ebp,%r11d
-       xorl    28(%rsp),%eax
-       roll    $30,%edx
+       leal    -1894007588(%rbp,%r11,1),%r11d
+       roll    $5,%ecx
+       xorl    28(%rsp),%edx
+       addl    %eax,%r11d
+       andl    %r13d,%ebx
+       roll    $1,%edx
        addl    %ebx,%r11d
-       roll    $1,%eax
-       movl    %eax,40(%rsp)
-       leal    1859775393(%rax,%rdi,1),%ebp
-       movl    44(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %r11d,%edi
-       xorl    52(%rsp),%eax
-       xorl    %r12d,%ebx
-       roll    $5,%edi
-       xorl    12(%rsp),%eax
+       roll    $30,%r13d
+       movl    %edx,40(%rsp)
+       addl    %ecx,%r11d
+       movl    44(%rsp),%ebp
+       movl    %r13d,%eax
+       movl    %r13d,%ebx
+       xorl    52(%rsp),%ebp
+       andl    %esi,%eax
+       movl    %r11d,%ecx
+       xorl    12(%rsp),%ebp
        xorl    %esi,%ebx
-       addl    %edi,%ebp
-       xorl    32(%rsp),%eax
+       leal    -1894007588(%rdx,%rdi,1),%edi
+       roll    $5,%ecx
+       xorl    32(%rsp),%ebp
+       addl    %eax,%edi
+       andl    %r12d,%ebx
+       roll    $1,%ebp
+       addl    %ebx,%edi
        roll    $30,%r12d
-       addl    %ebx,%ebp
-       roll    $1,%eax
-       movl    %eax,44(%rsp)
-       leal    1859775393(%rax,%rsi,1),%edi
-       movl    48(%rsp),%eax
+       movl    %ebp,44(%rsp)
+       addl    %ecx,%edi
+       movl    48(%rsp),%edx
+       movl    %r12d,%eax
        movl    %r12d,%ebx
-       movl    %ebp,%esi
-       xorl    56(%rsp),%eax
-       xorl    %r11d,%ebx
-       roll    $5,%esi
-       xorl    16(%rsp),%eax
-       xorl    %edx,%ebx
-       addl    %esi,%edi
-       xorl    36(%rsp),%eax
-       roll    $30,%r11d
-       addl    %ebx,%edi
-       roll    $1,%eax
-       movl    %eax,48(%rsp)
-       leal    1859775393(%rax,%rdx,1),%esi
-       movl    52(%rsp),%eax
-       movl    %r11d,%ebx
-       movl    %edi,%edx
-       xorl    60(%rsp),%eax
-       xorl    %ebp,%ebx
-       roll    $5,%edx
-       xorl    20(%rsp),%eax
-       xorl    %r12d,%ebx
-       addl    %edx,%esi
-       xorl    40(%rsp),%eax
-       roll    $30,%ebp
+       xorl    56(%rsp),%edx
+       andl    %r13d,%eax
+       movl    %edi,%ecx
+       xorl    16(%rsp),%edx
+       xorl    %r13d,%ebx
+       leal    -1894007588(%rbp,%rsi,1),%esi
+       roll    $5,%ecx
+       xorl    36(%rsp),%edx
+       addl    %eax,%esi
+       andl    %r11d,%ebx
+       roll    $1,%edx
        addl    %ebx,%esi
-       roll    $1,%eax
-       movl    %eax,52(%rsp)
-       leal    1859775393(%rax,%r12,1),%edx
-       movl    56(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %esi,%r12d
-       xorl    0(%rsp),%eax
-       xorl    %edi,%ebx
-       roll    $5,%r12d
-       xorl    24(%rsp),%eax
-       xorl    %r11d,%ebx
-       addl    %r12d,%edx
-       xorl    44(%rsp),%eax
+       roll    $30,%r11d
+       movl    %edx,48(%rsp)
+       addl    %ecx,%esi
+       movl    52(%rsp),%ebp
+       movl    %r11d,%eax
+       movl    %esi,%ecx
+       xorl    60(%rsp),%ebp
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%r13,1),%r13d
+       xorl    20(%rsp),%ebp
+       xorl    %r12d,%eax
+       addl    %ecx,%r13d
+       xorl    40(%rsp),%ebp
        roll    $30,%edi
-       addl    %ebx,%edx
-       roll    $1,%eax
-       movl    %eax,56(%rsp)
-       leal    1859775393(%rax,%r11,1),%r12d
-       movl    60(%rsp),%eax
-       movl    %edi,%ebx
-       movl    %edx,%r11d
-       xorl    4(%rsp),%eax
-       xorl    %esi,%ebx
-       roll    $5,%r11d
-       xorl    28(%rsp),%eax
-       xorl    %ebp,%ebx
-       addl    %r11d,%r12d
-       xorl    48(%rsp),%eax
+       addl    %eax,%r13d
+       roll    $1,%ebp
+       movl    %ebp,52(%rsp)
+       movl    56(%rsp),%edx
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    0(%rsp),%edx
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%r12,1),%r12d
+       xorl    24(%rsp),%edx
+       xorl    %r11d,%eax
+       addl    %ecx,%r12d
+       xorl    44(%rsp),%edx
        roll    $30,%esi
-       addl    %ebx,%r12d
-       roll    $1,%eax
-       movl    %eax,60(%rsp)
-       leal    1859775393(%rax,%rbp,1),%r11d
-       movl    0(%rsp),%eax
-       movl    %esi,%ebx
-       movl    %r12d,%ebp
-       xorl    8(%rsp),%eax
-       xorl    %edx,%ebx
-       roll    $5,%ebp
-       xorl    32(%rsp),%eax
-       xorl    %edi,%ebx
-       addl    %ebp,%r11d
-       xorl    52(%rsp),%eax
-       roll    $30,%edx
-       addl    %ebx,%r11d
-       roll    $1,%eax
-       movl    %eax,0(%rsp)
-       leal    1859775393(%rax,%rdi,1),%ebp
-       movl    4(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %r11d,%edi
-       xorl    12(%rsp),%eax
-       xorl    %r12d,%ebx
-       roll    $5,%edi
-       xorl    36(%rsp),%eax
-       xorl    %esi,%ebx
-       addl    %edi,%ebp
-       xorl    56(%rsp),%eax
+       addl    %eax,%r12d
+       roll    $1,%edx
+       movl    %edx,56(%rsp)
+       movl    60(%rsp),%ebp
+       movl    %esi,%eax
+       movl    %r12d,%ecx
+       xorl    4(%rsp),%ebp
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%r11,1),%r11d
+       xorl    28(%rsp),%ebp
+       xorl    %edi,%eax
+       addl    %ecx,%r11d
+       xorl    48(%rsp),%ebp
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       roll    $1,%ebp
+       movl    %ebp,60(%rsp)
+       movl    0(%rsp),%edx
+       movl    %r13d,%eax
+       movl    %r11d,%ecx
+       xorl    8(%rsp),%edx
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%rdi,1),%edi
+       xorl    32(%rsp),%edx
+       xorl    %esi,%eax
+       addl    %ecx,%edi
+       xorl    52(%rsp),%edx
        roll    $30,%r12d
-       addl    %ebx,%ebp
-       roll    $1,%eax
-       movl    %eax,4(%rsp)
-       leal    1859775393(%rax,%rsi,1),%edi
-       movl    8(%rsp),%eax
-       movl    %r12d,%ebx
-       movl    %ebp,%esi
-       xorl    16(%rsp),%eax
-       xorl    %r11d,%ebx
-       roll    $5,%esi
-       xorl    40(%rsp),%eax
-       xorl    %edx,%ebx
-       addl    %esi,%edi
-       xorl    60(%rsp),%eax
+       addl    %eax,%edi
+       roll    $1,%edx
+       movl    %edx,0(%rsp)
+       movl    4(%rsp),%ebp
+       movl    %r12d,%eax
+       movl    %edi,%ecx
+       xorl    12(%rsp),%ebp
+       xorl    %r11d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%rsi,1),%esi
+       xorl    36(%rsp),%ebp
+       xorl    %r13d,%eax
+       addl    %ecx,%esi
+       xorl    56(%rsp),%ebp
        roll    $30,%r11d
-       addl    %ebx,%edi
-       roll    $1,%eax
-       movl    %eax,8(%rsp)
-       leal    1859775393(%rax,%rdx,1),%esi
-       movl    12(%rsp),%eax
-       movl    %r11d,%ebx
-       movl    %edi,%edx
-       xorl    20(%rsp),%eax
-       xorl    %ebp,%ebx
-       roll    $5,%edx
-       xorl    44(%rsp),%eax
-       xorl    %r12d,%ebx
-       addl    %edx,%esi
-       xorl    0(%rsp),%eax
-       roll    $30,%ebp
-       addl    %ebx,%esi
-       roll    $1,%eax
-       movl    %eax,12(%rsp)
-       leal    1859775393(%rax,%r12,1),%edx
-       movl    16(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %esi,%r12d
-       xorl    24(%rsp),%eax
-       xorl    %edi,%ebx
-       roll    $5,%r12d
-       xorl    48(%rsp),%eax
-       xorl    %r11d,%ebx
-       addl    %r12d,%edx
-       xorl    4(%rsp),%eax
+       addl    %eax,%esi
+       roll    $1,%ebp
+       movl    %ebp,4(%rsp)
+       movl    8(%rsp),%edx
+       movl    %r11d,%eax
+       movl    %esi,%ecx
+       xorl    16(%rsp),%edx
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%r13,1),%r13d
+       xorl    40(%rsp),%edx
+       xorl    %r12d,%eax
+       addl    %ecx,%r13d
+       xorl    60(%rsp),%edx
        roll    $30,%edi
-       addl    %ebx,%edx
-       roll    $1,%eax
-       movl    %eax,16(%rsp)
-       leal    1859775393(%rax,%r11,1),%r12d
-       movl    20(%rsp),%eax
-       movl    %edi,%ebx
-       movl    %edx,%r11d
-       xorl    28(%rsp),%eax
-       xorl    %esi,%ebx
-       roll    $5,%r11d
-       xorl    52(%rsp),%eax
-       xorl    %ebp,%ebx
-       addl    %r11d,%r12d
-       xorl    8(%rsp),%eax
+       addl    %eax,%r13d
+       roll    $1,%edx
+       movl    %edx,8(%rsp)
+       movl    12(%rsp),%ebp
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    20(%rsp),%ebp
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%r12,1),%r12d
+       xorl    44(%rsp),%ebp
+       xorl    %r11d,%eax
+       addl    %ecx,%r12d
+       xorl    0(%rsp),%ebp
        roll    $30,%esi
-       addl    %ebx,%r12d
-       roll    $1,%eax
-       movl    %eax,20(%rsp)
-       leal    1859775393(%rax,%rbp,1),%r11d
-       movl    24(%rsp),%eax
-       movl    %esi,%ebx
-       movl    %r12d,%ebp
-       xorl    32(%rsp),%eax
-       xorl    %edx,%ebx
-       roll    $5,%ebp
-       xorl    56(%rsp),%eax
-       xorl    %edi,%ebx
-       addl    %ebp,%r11d
-       xorl    12(%rsp),%eax
-       roll    $30,%edx
-       addl    %ebx,%r11d
-       roll    $1,%eax
-       movl    %eax,24(%rsp)
-       leal    1859775393(%rax,%rdi,1),%ebp
-       movl    28(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %r11d,%edi
-       xorl    36(%rsp),%eax
-       xorl    %r12d,%ebx
-       roll    $5,%edi
-       xorl    60(%rsp),%eax
-       xorl    %esi,%ebx
-       addl    %edi,%ebp
-       xorl    16(%rsp),%eax
+       addl    %eax,%r12d
+       roll    $1,%ebp
+       movl    %ebp,12(%rsp)
+       movl    16(%rsp),%edx
+       movl    %esi,%eax
+       movl    %r12d,%ecx
+       xorl    24(%rsp),%edx
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%r11,1),%r11d
+       xorl    48(%rsp),%edx
+       xorl    %edi,%eax
+       addl    %ecx,%r11d
+       xorl    4(%rsp),%edx
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       roll    $1,%edx
+       movl    %edx,16(%rsp)
+       movl    20(%rsp),%ebp
+       movl    %r13d,%eax
+       movl    %r11d,%ecx
+       xorl    28(%rsp),%ebp
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%rdi,1),%edi
+       xorl    52(%rsp),%ebp
+       xorl    %esi,%eax
+       addl    %ecx,%edi
+       xorl    8(%rsp),%ebp
        roll    $30,%r12d
-       addl    %ebx,%ebp
-       roll    $1,%eax
-       movl    %eax,28(%rsp)
-       leal    1859775393(%rax,%rsi,1),%edi
-       movl    32(%rsp),%eax
-       movl    %r12d,%ebx
-       movl    %ebp,%esi
-       xorl    40(%rsp),%eax
-       xorl    %r11d,%ebx
-       roll    $5,%esi
-       xorl    0(%rsp),%eax
-       xorl    %edx,%ebx
-       addl    %esi,%edi
-       xorl    20(%rsp),%eax
-       roll    $30,%r11d
-       addl    %ebx,%edi
-       roll    $1,%eax
-       movl    %eax,32(%rsp)
-       leal    -1894007588(%rax,%rdx,1),%esi
-       movl    36(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %ebp,%ecx
-       xorl    44(%rsp),%eax
-       movl    %edi,%edx
-       andl    %r11d,%ebx
-       xorl    4(%rsp),%eax
-       orl     %r11d,%ecx
-       roll    $5,%edx
-       xorl    24(%rsp),%eax
-       andl    %r12d,%ecx
-       addl    %edx,%esi
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%ebp
-       movl    %eax,36(%rsp)
-       addl    %ebx,%esi
-       leal    -1894007588(%rax,%r12,1),%edx
-       movl    40(%rsp),%eax
-       movl    %edi,%ebx
+       addl    %eax,%edi
+       roll    $1,%ebp
+       movl    %ebp,20(%rsp)
+       movl    24(%rsp),%edx
+       movl    %r12d,%eax
        movl    %edi,%ecx
-       xorl    48(%rsp),%eax
-       movl    %esi,%r12d
-       andl    %ebp,%ebx
-       xorl    8(%rsp),%eax
-       orl     %ebp,%ecx
-       roll    $5,%r12d
-       xorl    28(%rsp),%eax
-       andl    %r11d,%ecx
-       addl    %r12d,%edx
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%edi
-       movl    %eax,40(%rsp)
-       addl    %ebx,%edx
-       leal    -1894007588(%rax,%r11,1),%r12d
-       movl    44(%rsp),%eax
-       movl    %esi,%ebx
+       xorl    32(%rsp),%edx
+       xorl    %r11d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%rsi,1),%esi
+       xorl    56(%rsp),%edx
+       xorl    %r13d,%eax
+       addl    %ecx,%esi
+       xorl    12(%rsp),%edx
+       roll    $30,%r11d
+       addl    %eax,%esi
+       roll    $1,%edx
+       movl    %edx,24(%rsp)
+       movl    28(%rsp),%ebp
+       movl    %r11d,%eax
        movl    %esi,%ecx
-       xorl    52(%rsp),%eax
-       movl    %edx,%r11d
-       andl    %edi,%ebx
-       xorl    12(%rsp),%eax
-       orl     %edi,%ecx
-       roll    $5,%r11d
-       xorl    32(%rsp),%eax
-       andl    %ebp,%ecx
-       addl    %r11d,%r12d
-       roll    $1,%eax
-       orl     %ecx,%ebx
+       xorl    36(%rsp),%ebp
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%r13,1),%r13d
+       xorl    60(%rsp),%ebp
+       xorl    %r12d,%eax
+       addl    %ecx,%r13d
+       xorl    16(%rsp),%ebp
+       roll    $30,%edi
+       addl    %eax,%r13d
+       roll    $1,%ebp
+       movl    %ebp,28(%rsp)
+       movl    32(%rsp),%edx
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    40(%rsp),%edx
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%r12,1),%r12d
+       xorl    0(%rsp),%edx
+       xorl    %r11d,%eax
+       addl    %ecx,%r12d
+       xorl    20(%rsp),%edx
        roll    $30,%esi
-       movl    %eax,44(%rsp)
-       addl    %ebx,%r12d
-       leal    -1894007588(%rax,%rbp,1),%r11d
-       movl    48(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %edx,%ecx
-       xorl    56(%rsp),%eax
-       movl    %r12d,%ebp
-       andl    %esi,%ebx
-       xorl    16(%rsp),%eax
-       orl     %esi,%ecx
-       roll    $5,%ebp
-       xorl    36(%rsp),%eax
-       andl    %edi,%ecx
-       addl    %ebp,%r11d
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%edx
-       movl    %eax,48(%rsp)
-       addl    %ebx,%r11d
-       leal    -1894007588(%rax,%rdi,1),%ebp
-       movl    52(%rsp),%eax
-       movl    %r12d,%ebx
+       addl    %eax,%r12d
+       roll    $1,%edx
+       movl    %edx,32(%rsp)
+       movl    36(%rsp),%ebp
+       movl    %esi,%eax
        movl    %r12d,%ecx
-       xorl    60(%rsp),%eax
-       movl    %r11d,%edi
-       andl    %edx,%ebx
-       xorl    20(%rsp),%eax
-       orl     %edx,%ecx
-       roll    $5,%edi
-       xorl    40(%rsp),%eax
-       andl    %esi,%ecx
-       addl    %edi,%ebp
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%r12d
-       movl    %eax,52(%rsp)
-       addl    %ebx,%ebp
-       leal    -1894007588(%rax,%rsi,1),%edi
-       movl    56(%rsp),%eax
-       movl    %r11d,%ebx
+       xorl    44(%rsp),%ebp
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%r11,1),%r11d
+       xorl    4(%rsp),%ebp
+       xorl    %edi,%eax
+       addl    %ecx,%r11d
+       xorl    24(%rsp),%ebp
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       roll    $1,%ebp
+       movl    %ebp,36(%rsp)
+       movl    40(%rsp),%edx
+       movl    %r13d,%eax
        movl    %r11d,%ecx
-       xorl    0(%rsp),%eax
-       movl    %ebp,%esi
-       andl    %r12d,%ebx
-       xorl    24(%rsp),%eax
-       orl     %r12d,%ecx
-       roll    $5,%esi
-       xorl    44(%rsp),%eax
-       andl    %edx,%ecx
-       addl    %esi,%edi
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%r11d
-       movl    %eax,56(%rsp)
-       addl    %ebx,%edi
-       leal    -1894007588(%rax,%rdx,1),%esi
-       movl    60(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %ebp,%ecx
-       xorl    4(%rsp),%eax
-       movl    %edi,%edx
-       andl    %r11d,%ebx
-       xorl    28(%rsp),%eax
-       orl     %r11d,%ecx
-       roll    $5,%edx
-       xorl    48(%rsp),%eax
-       andl    %r12d,%ecx
-       addl    %edx,%esi
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%ebp
-       movl    %eax,60(%rsp)
-       addl    %ebx,%esi
-       leal    -1894007588(%rax,%r12,1),%edx
-       movl    0(%rsp),%eax
-       movl    %edi,%ebx
+       xorl    48(%rsp),%edx
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%rdi,1),%edi
+       xorl    8(%rsp),%edx
+       xorl    %esi,%eax
+       addl    %ecx,%edi
+       xorl    28(%rsp),%edx
+       roll    $30,%r12d
+       addl    %eax,%edi
+       roll    $1,%edx
+       movl    %edx,40(%rsp)
+       movl    44(%rsp),%ebp
+       movl    %r12d,%eax
        movl    %edi,%ecx
-       xorl    8(%rsp),%eax
-       movl    %esi,%r12d
-       andl    %ebp,%ebx
-       xorl    32(%rsp),%eax
-       orl     %ebp,%ecx
-       roll    $5,%r12d
-       xorl    52(%rsp),%eax
-       andl    %r11d,%ecx
-       addl    %r12d,%edx
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%edi
-       movl    %eax,0(%rsp)
-       addl    %ebx,%edx
-       leal    -1894007588(%rax,%r11,1),%r12d
-       movl    4(%rsp),%eax
-       movl    %esi,%ebx
+       xorl    52(%rsp),%ebp
+       xorl    %r11d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%rsi,1),%esi
+       xorl    12(%rsp),%ebp
+       xorl    %r13d,%eax
+       addl    %ecx,%esi
+       xorl    32(%rsp),%ebp
+       roll    $30,%r11d
+       addl    %eax,%esi
+       roll    $1,%ebp
+       movl    %ebp,44(%rsp)
+       movl    48(%rsp),%edx
+       movl    %r11d,%eax
        movl    %esi,%ecx
-       xorl    12(%rsp),%eax
-       movl    %edx,%r11d
-       andl    %edi,%ebx
-       xorl    36(%rsp),%eax
-       orl     %edi,%ecx
-       roll    $5,%r11d
-       xorl    56(%rsp),%eax
-       andl    %ebp,%ecx
-       addl    %r11d,%r12d
-       roll    $1,%eax
-       orl     %ecx,%ebx
+       xorl    56(%rsp),%edx
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%r13,1),%r13d
+       xorl    16(%rsp),%edx
+       xorl    %r12d,%eax
+       addl    %ecx,%r13d
+       xorl    36(%rsp),%edx
+       roll    $30,%edi
+       addl    %eax,%r13d
+       roll    $1,%edx
+       movl    %edx,48(%rsp)
+       movl    52(%rsp),%ebp
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    60(%rsp),%ebp
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%r12,1),%r12d
+       xorl    20(%rsp),%ebp
+       xorl    %r11d,%eax
+       addl    %ecx,%r12d
+       xorl    40(%rsp),%ebp
        roll    $30,%esi
-       movl    %eax,4(%rsp)
-       addl    %ebx,%r12d
-       leal    -1894007588(%rax,%rbp,1),%r11d
-       movl    8(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %edx,%ecx
-       xorl    16(%rsp),%eax
-       movl    %r12d,%ebp
-       andl    %esi,%ebx
-       xorl    40(%rsp),%eax
-       orl     %esi,%ecx
-       roll    $5,%ebp
-       xorl    60(%rsp),%eax
-       andl    %edi,%ecx
-       addl    %ebp,%r11d
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%edx
-       movl    %eax,8(%rsp)
-       addl    %ebx,%r11d
-       leal    -1894007588(%rax,%rdi,1),%ebp
-       movl    12(%rsp),%eax
-       movl    %r12d,%ebx
+       addl    %eax,%r12d
+       roll    $1,%ebp
+       movl    56(%rsp),%edx
+       movl    %esi,%eax
        movl    %r12d,%ecx
-       xorl    20(%rsp),%eax
-       movl    %r11d,%edi
-       andl    %edx,%ebx
-       xorl    44(%rsp),%eax
-       orl     %edx,%ecx
-       roll    $5,%edi
-       xorl    0(%rsp),%eax
-       andl    %esi,%ecx
-       addl    %edi,%ebp
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%r12d
-       movl    %eax,12(%rsp)
-       addl    %ebx,%ebp
-       leal    -1894007588(%rax,%rsi,1),%edi
-       movl    16(%rsp),%eax
-       movl    %r11d,%ebx
+       xorl    0(%rsp),%edx
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%r11,1),%r11d
+       xorl    24(%rsp),%edx
+       xorl    %edi,%eax
+       addl    %ecx,%r11d
+       xorl    44(%rsp),%edx
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       roll    $1,%edx
+       movl    60(%rsp),%ebp
+       movl    %r13d,%eax
        movl    %r11d,%ecx
-       xorl    24(%rsp),%eax
-       movl    %ebp,%esi
-       andl    %r12d,%ebx
-       xorl    48(%rsp),%eax
-       orl     %r12d,%ecx
-       roll    $5,%esi
-       xorl    4(%rsp),%eax
-       andl    %edx,%ecx
-       addl    %esi,%edi
-       roll    $1,%eax
-       orl     %ecx,%ebx
+       xorl    4(%rsp),%ebp
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%rdi,1),%edi
+       xorl    28(%rsp),%ebp
+       xorl    %esi,%eax
+       addl    %ecx,%edi
+       xorl    48(%rsp),%ebp
+       roll    $30,%r12d
+       addl    %eax,%edi
+       roll    $1,%ebp
+       movl    %r12d,%eax
+       movl    %edi,%ecx
+       xorl    %r11d,%eax
+       leal    -899497514(%rbp,%rsi,1),%esi
+       roll    $5,%ecx
+       xorl    %r13d,%eax
+       addl    %ecx,%esi
        roll    $30,%r11d
-       movl    %eax,16(%rsp)
-       addl    %ebx,%edi
-       leal    -1894007588(%rax,%rdx,1),%esi
-       movl    20(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %ebp,%ecx
-       xorl    28(%rsp),%eax
-       movl    %edi,%edx
-       andl    %r11d,%ebx
-       xorl    52(%rsp),%eax
-       orl     %r11d,%ecx
+       addl    %eax,%esi
+       addl    0(%r8),%esi
+       addl    4(%r8),%edi
+       addl    8(%r8),%r11d
+       addl    12(%r8),%r12d
+       addl    16(%r8),%r13d
+       movl    %esi,0(%r8)
+       movl    %edi,4(%r8)
+       movl    %r11d,8(%r8)
+       movl    %r12d,12(%r8)
+       movl    %r13d,16(%r8)
+
+       subq    $1,%r10
+       leaq    64(%r9),%r9
+       jnz     .Lloop
+
+       movq    64(%rsp),%rsi
+       movq    (%rsi),%r13
+       movq    8(%rsi),%r12
+       movq    16(%rsi),%rbp
+       movq    24(%rsi),%rbx
+       leaq    32(%rsi),%rsp
+.Lepilogue:
+       .byte   0xf3,0xc3
+.size  sha1_block_data_order,.-sha1_block_data_order
+.type  sha1_block_data_order_ssse3,@function
+.align 16
+sha1_block_data_order_ssse3:
+_ssse3_shortcut:
+       pushq   %rbx
+       pushq   %rbp
+       pushq   %r12
+       leaq    -64(%rsp),%rsp
+       movq    %rdi,%r8
+       movq    %rsi,%r9
+       movq    %rdx,%r10
+
+       shlq    $6,%r10
+       addq    %r9,%r10
+       leaq    K_XX_XX(%rip),%r11
+
+       movl    0(%r8),%eax
+       movl    4(%r8),%ebx
+       movl    8(%r8),%ecx
+       movl    12(%r8),%edx
+       movl    %ebx,%esi
+       movl    16(%r8),%ebp
+
+       movdqa  64(%r11),%xmm6
+       movdqa  0(%r11),%xmm9
+       movdqu  0(%r9),%xmm0
+       movdqu  16(%r9),%xmm1
+       movdqu  32(%r9),%xmm2
+       movdqu  48(%r9),%xmm3
+.byte  102,15,56,0,198
+       addq    $64,%r9
+.byte  102,15,56,0,206
+.byte  102,15,56,0,214
+.byte  102,15,56,0,222
+       paddd   %xmm9,%xmm0
+       paddd   %xmm9,%xmm1
+       paddd   %xmm9,%xmm2
+       movdqa  %xmm0,0(%rsp)
+       psubd   %xmm9,%xmm0
+       movdqa  %xmm1,16(%rsp)
+       psubd   %xmm9,%xmm1
+       movdqa  %xmm2,32(%rsp)
+       psubd   %xmm9,%xmm2
+       jmp     .Loop_ssse3
+.align 16
+.Loop_ssse3:
+       movdqa  %xmm1,%xmm4
+       addl    0(%rsp),%ebp
+       xorl    %edx,%ecx
+       movdqa  %xmm3,%xmm8
+.byte  102,15,58,15,224,8
+       movl    %eax,%edi
+       roll    $5,%eax
+       paddd   %xmm3,%xmm9
+       andl    %ecx,%esi
+       xorl    %edx,%ecx
+       psrldq  $4,%xmm8
+       xorl    %edx,%esi
+       addl    %eax,%ebp
+       pxor    %xmm0,%xmm4
+       rorl    $2,%ebx
+       addl    %esi,%ebp
+       pxor    %xmm2,%xmm8
+       addl    4(%rsp),%edx
+       xorl    %ecx,%ebx
+       movl    %ebp,%esi
+       roll    $5,%ebp
+       pxor    %xmm8,%xmm4
+       andl    %ebx,%edi
+       xorl    %ecx,%ebx
+       movdqa  %xmm9,48(%rsp)
+       xorl    %ecx,%edi
+       addl    %ebp,%edx
+       movdqa  %xmm4,%xmm10
+       movdqa  %xmm4,%xmm8
+       rorl    $7,%eax
+       addl    %edi,%edx
+       addl    8(%rsp),%ecx
+       xorl    %ebx,%eax
+       pslldq  $12,%xmm10
+       paddd   %xmm4,%xmm4
+       movl    %edx,%edi
        roll    $5,%edx
-       xorl    8(%rsp),%eax
-       andl    %r12d,%ecx
-       addl    %edx,%esi
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%ebp
-       movl    %eax,20(%rsp)
-       addl    %ebx,%esi
-       leal    -1894007588(%rax,%r12,1),%edx
-       movl    24(%rsp),%eax
-       movl    %edi,%ebx
-       movl    %edi,%ecx
-       xorl    32(%rsp),%eax
-       movl    %esi,%r12d
-       andl    %ebp,%ebx
-       xorl    56(%rsp),%eax
-       orl     %ebp,%ecx
-       roll    $5,%r12d
-       xorl    12(%rsp),%eax
-       andl    %r11d,%ecx
-       addl    %r12d,%edx
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%edi
-       movl    %eax,24(%rsp)
-       addl    %ebx,%edx
-       leal    -1894007588(%rax,%r11,1),%r12d
-       movl    28(%rsp),%eax
-       movl    %esi,%ebx
-       movl    %esi,%ecx
-       xorl    36(%rsp),%eax
-       movl    %edx,%r11d
-       andl    %edi,%ebx
-       xorl    60(%rsp),%eax
-       orl     %edi,%ecx
-       roll    $5,%r11d
-       xorl    16(%rsp),%eax
-       andl    %ebp,%ecx
-       addl    %r11d,%r12d
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%esi
-       movl    %eax,28(%rsp)
-       addl    %ebx,%r12d
-       leal    -1894007588(%rax,%rbp,1),%r11d
-       movl    32(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %edx,%ecx
-       xorl    40(%rsp),%eax
-       movl    %r12d,%ebp
-       andl    %esi,%ebx
-       xorl    0(%rsp),%eax
-       orl     %esi,%ecx
+       andl    %eax,%esi
+       xorl    %ebx,%eax
+       psrld   $31,%xmm8
+       xorl    %ebx,%esi
+       addl    %edx,%ecx
+       movdqa  %xmm10,%xmm9
+       rorl    $7,%ebp
+       addl    %esi,%ecx
+       psrld   $30,%xmm10
+       por     %xmm8,%xmm4
+       addl    12(%rsp),%ebx
+       xorl    %eax,%ebp
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       pslld   $2,%xmm9
+       pxor    %xmm10,%xmm4
+       andl    %ebp,%edi
+       xorl    %eax,%ebp
+       movdqa  0(%r11),%xmm10
+       xorl    %eax,%edi
+       addl    %ecx,%ebx
+       pxor    %xmm9,%xmm4
+       rorl    $7,%edx
+       addl    %edi,%ebx
+       movdqa  %xmm2,%xmm5
+       addl    16(%rsp),%eax
+       xorl    %ebp,%edx
+       movdqa  %xmm4,%xmm9
+.byte  102,15,58,15,233,8
+       movl    %ebx,%edi
+       roll    $5,%ebx
+       paddd   %xmm4,%xmm10
+       andl    %edx,%esi
+       xorl    %ebp,%edx
+       psrldq  $4,%xmm9
+       xorl    %ebp,%esi
+       addl    %ebx,%eax
+       pxor    %xmm1,%xmm5
+       rorl    $7,%ecx
+       addl    %esi,%eax
+       pxor    %xmm3,%xmm9
+       addl    20(%rsp),%ebp
+       xorl    %edx,%ecx
+       movl    %eax,%esi
+       roll    $5,%eax
+       pxor    %xmm9,%xmm5
+       andl    %ecx,%edi
+       xorl    %edx,%ecx
+       movdqa  %xmm10,0(%rsp)
+       xorl    %edx,%edi
+       addl    %eax,%ebp
+       movdqa  %xmm5,%xmm8
+       movdqa  %xmm5,%xmm9
+       rorl    $7,%ebx
+       addl    %edi,%ebp
+       addl    24(%rsp),%edx
+       xorl    %ecx,%ebx
+       pslldq  $12,%xmm8
+       paddd   %xmm5,%xmm5
+       movl    %ebp,%edi
        roll    $5,%ebp
-       xorl    20(%rsp),%eax
-       andl    %edi,%ecx
-       addl    %ebp,%r11d
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%edx
-       movl    %eax,32(%rsp)
-       addl    %ebx,%r11d
-       leal    -1894007588(%rax,%rdi,1),%ebp
-       movl    36(%rsp),%eax
-       movl    %r12d,%ebx
-       movl    %r12d,%ecx
-       xorl    44(%rsp),%eax
-       movl    %r11d,%edi
-       andl    %edx,%ebx
-       xorl    4(%rsp),%eax
-       orl     %edx,%ecx
-       roll    $5,%edi
-       xorl    24(%rsp),%eax
-       andl    %esi,%ecx
+       andl    %ebx,%esi
+       xorl    %ecx,%ebx
+       psrld   $31,%xmm9
+       xorl    %ecx,%esi
+       addl    %ebp,%edx
+       movdqa  %xmm8,%xmm10
+       rorl    $7,%eax
+       addl    %esi,%edx
+       psrld   $30,%xmm8
+       por     %xmm9,%xmm5
+       addl    28(%rsp),%ecx
+       xorl    %ebx,%eax
+       movl    %edx,%esi
+       roll    $5,%edx
+       pslld   $2,%xmm10
+       pxor    %xmm8,%xmm5
+       andl    %eax,%edi
+       xorl    %ebx,%eax
+       movdqa  16(%r11),%xmm8
+       xorl    %ebx,%edi
+       addl    %edx,%ecx
+       pxor    %xmm10,%xmm5
+       rorl    $7,%ebp
+       addl    %edi,%ecx
+       movdqa  %xmm3,%xmm6
+       addl    32(%rsp),%ebx
+       xorl    %eax,%ebp
+       movdqa  %xmm5,%xmm10
+.byte  102,15,58,15,242,8
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       paddd   %xmm5,%xmm8
+       andl    %ebp,%esi
+       xorl    %eax,%ebp
+       psrldq  $4,%xmm10
+       xorl    %eax,%esi
+       addl    %ecx,%ebx
+       pxor    %xmm2,%xmm6
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       pxor    %xmm4,%xmm10
+       addl    36(%rsp),%eax
+       xorl    %ebp,%edx
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       pxor    %xmm10,%xmm6
+       andl    %edx,%edi
+       xorl    %ebp,%edx
+       movdqa  %xmm8,16(%rsp)
+       xorl    %ebp,%edi
+       addl    %ebx,%eax
+       movdqa  %xmm6,%xmm9
+       movdqa  %xmm6,%xmm10
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       addl    40(%rsp),%ebp
+       xorl    %edx,%ecx
+       pslldq  $12,%xmm9
+       paddd   %xmm6,%xmm6
+       movl    %eax,%edi
+       roll    $5,%eax
+       andl    %ecx,%esi
+       xorl    %edx,%ecx
+       psrld   $31,%xmm10
+       xorl    %edx,%esi
+       addl    %eax,%ebp
+       movdqa  %xmm9,%xmm8
+       rorl    $7,%ebx
+       addl    %esi,%ebp
+       psrld   $30,%xmm9
+       por     %xmm10,%xmm6
+       addl    44(%rsp),%edx
+       xorl    %ecx,%ebx
+       movl    %ebp,%esi
+       roll    $5,%ebp
+       pslld   $2,%xmm8
+       pxor    %xmm9,%xmm6
+       andl    %ebx,%edi
+       xorl    %ecx,%ebx
+       movdqa  16(%r11),%xmm9
+       xorl    %ecx,%edi
+       addl    %ebp,%edx
+       pxor    %xmm8,%xmm6
+       rorl    $7,%eax
+       addl    %edi,%edx
+       movdqa  %xmm4,%xmm7
+       addl    48(%rsp),%ecx
+       xorl    %ebx,%eax
+       movdqa  %xmm6,%xmm8
+.byte  102,15,58,15,251,8
+       movl    %edx,%edi
+       roll    $5,%edx
+       paddd   %xmm6,%xmm9
+       andl    %eax,%esi
+       xorl    %ebx,%eax
+       psrldq  $4,%xmm8
+       xorl    %ebx,%esi
+       addl    %edx,%ecx
+       pxor    %xmm3,%xmm7
+       rorl    $7,%ebp
+       addl    %esi,%ecx
+       pxor    %xmm5,%xmm8
+       addl    52(%rsp),%ebx
+       xorl    %eax,%ebp
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       pxor    %xmm8,%xmm7
+       andl    %ebp,%edi
+       xorl    %eax,%ebp
+       movdqa  %xmm9,32(%rsp)
+       xorl    %eax,%edi
+       addl    %ecx,%ebx
+       movdqa  %xmm7,%xmm10
+       movdqa  %xmm7,%xmm8
+       rorl    $7,%edx
+       addl    %edi,%ebx
+       addl    56(%rsp),%eax
+       xorl    %ebp,%edx
+       pslldq  $12,%xmm10
+       paddd   %xmm7,%xmm7
+       movl    %ebx,%edi
+       roll    $5,%ebx
+       andl    %edx,%esi
+       xorl    %ebp,%edx
+       psrld   $31,%xmm8
+       xorl    %ebp,%esi
+       addl    %ebx,%eax
+       movdqa  %xmm10,%xmm9
+       rorl    $7,%ecx
+       addl    %esi,%eax
+       psrld   $30,%xmm10
+       por     %xmm8,%xmm7
+       addl    60(%rsp),%ebp
+       xorl    %edx,%ecx
+       movl    %eax,%esi
+       roll    $5,%eax
+       pslld   $2,%xmm9
+       pxor    %xmm10,%xmm7
+       andl    %ecx,%edi
+       xorl    %edx,%ecx
+       movdqa  16(%r11),%xmm10
+       xorl    %edx,%edi
+       addl    %eax,%ebp
+       pxor    %xmm9,%xmm7
+       rorl    $7,%ebx
        addl    %edi,%ebp
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%r12d
-       movl    %eax,36(%rsp)
-       addl    %ebx,%ebp
-       leal    -1894007588(%rax,%rsi,1),%edi
-       movl    40(%rsp),%eax
-       movl    %r11d,%ebx
-       movl    %r11d,%ecx
-       xorl    48(%rsp),%eax
+       movdqa  %xmm7,%xmm9
+       addl    0(%rsp),%edx
+       pxor    %xmm4,%xmm0
+.byte  102,68,15,58,15,206,8
+       xorl    %ecx,%ebx
+       movl    %ebp,%edi
+       roll    $5,%ebp
+       pxor    %xmm1,%xmm0
+       andl    %ebx,%esi
+       xorl    %ecx,%ebx
+       movdqa  %xmm10,%xmm8
+       paddd   %xmm7,%xmm10
+       xorl    %ecx,%esi
+       addl    %ebp,%edx
+       pxor    %xmm9,%xmm0
+       rorl    $7,%eax
+       addl    %esi,%edx
+       addl    4(%rsp),%ecx
+       xorl    %ebx,%eax
+       movdqa  %xmm0,%xmm9
+       movdqa  %xmm10,48(%rsp)
+       movl    %edx,%esi
+       roll    $5,%edx
+       andl    %eax,%edi
+       xorl    %ebx,%eax
+       pslld   $2,%xmm0
+       xorl    %ebx,%edi
+       addl    %edx,%ecx
+       psrld   $30,%xmm9
+       rorl    $7,%ebp
+       addl    %edi,%ecx
+       addl    8(%rsp),%ebx
+       xorl    %eax,%ebp
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       por     %xmm9,%xmm0
+       andl    %ebp,%esi
+       xorl    %eax,%ebp
+       movdqa  %xmm0,%xmm10
+       xorl    %eax,%esi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       addl    12(%rsp),%eax
+       xorl    %ebp,%edx
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       andl    %edx,%edi
+       xorl    %ebp,%edx
+       xorl    %ebp,%edi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       addl    16(%rsp),%ebp
+       pxor    %xmm5,%xmm1
+.byte  102,68,15,58,15,215,8
+       xorl    %edx,%esi
+       movl    %eax,%edi
+       roll    $5,%eax
+       pxor    %xmm2,%xmm1
+       xorl    %ecx,%esi
+       addl    %eax,%ebp
+       movdqa  %xmm8,%xmm9
+       paddd   %xmm0,%xmm8
+       rorl    $7,%ebx
+       addl    %esi,%ebp
+       pxor    %xmm10,%xmm1
+       addl    20(%rsp),%edx
+       xorl    %ecx,%edi
        movl    %ebp,%esi
-       andl    %r12d,%ebx
-       xorl    8(%rsp),%eax
-       orl     %r12d,%ecx
-       roll    $5,%esi
-       xorl    28(%rsp),%eax
-       andl    %edx,%ecx
-       addl    %esi,%edi
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%r11d
-       movl    %eax,40(%rsp)
-       addl    %ebx,%edi
-       leal    -1894007588(%rax,%rdx,1),%esi
-       movl    44(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %ebp,%ecx
-       xorl    52(%rsp),%eax
-       movl    %edi,%edx
-       andl    %r11d,%ebx
-       xorl    12(%rsp),%eax
-       orl     %r11d,%ecx
+       roll    $5,%ebp
+       movdqa  %xmm1,%xmm10
+       movdqa  %xmm8,0(%rsp)
+       xorl    %ebx,%edi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %edi,%edx
+       pslld   $2,%xmm1
+       addl    24(%rsp),%ecx
+       xorl    %ebx,%esi
+       psrld   $30,%xmm10
+       movl    %edx,%edi
        roll    $5,%edx
-       xorl    32(%rsp),%eax
-       andl    %r12d,%ecx
-       addl    %edx,%esi
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%ebp
-       movl    %eax,44(%rsp)
-       addl    %ebx,%esi
-       leal    -1894007588(%rax,%r12,1),%edx
-       movl    48(%rsp),%eax
-       movl    %edi,%ebx
-       movl    %edi,%ecx
-       xorl    56(%rsp),%eax
-       movl    %esi,%r12d
-       andl    %ebp,%ebx
-       xorl    16(%rsp),%eax
-       orl     %ebp,%ecx
-       roll    $5,%r12d
-       xorl    36(%rsp),%eax
-       andl    %r11d,%ecx
-       addl    %r12d,%edx
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%edi
-       movl    %eax,48(%rsp)
-       addl    %ebx,%edx
-       leal    -899497514(%rax,%r11,1),%r12d
-       movl    52(%rsp),%eax
-       movl    %edi,%ebx
-       movl    %edx,%r11d
-       xorl    60(%rsp),%eax
-       xorl    %esi,%ebx
-       roll    $5,%r11d
-       xorl    20(%rsp),%eax
-       xorl    %ebp,%ebx
-       addl    %r11d,%r12d
-       xorl    40(%rsp),%eax
-       roll    $30,%esi
-       addl    %ebx,%r12d
-       roll    $1,%eax
-       movl    %eax,52(%rsp)
-       leal    -899497514(%rax,%rbp,1),%r11d
-       movl    56(%rsp),%eax
-       movl    %esi,%ebx
-       movl    %r12d,%ebp
-       xorl    0(%rsp),%eax
-       xorl    %edx,%ebx
+       xorl    %eax,%esi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %esi,%ecx
+       por     %xmm10,%xmm1
+       addl    28(%rsp),%ebx
+       xorl    %eax,%edi
+       movdqa  %xmm1,%xmm8
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       xorl    %ebp,%edi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %edi,%ebx
+       addl    32(%rsp),%eax
+       pxor    %xmm6,%xmm2
+.byte  102,68,15,58,15,192,8
+       xorl    %ebp,%esi
+       movl    %ebx,%edi
+       roll    $5,%ebx
+       pxor    %xmm3,%xmm2
+       xorl    %edx,%esi
+       addl    %ebx,%eax
+       movdqa  32(%r11),%xmm10
+       paddd   %xmm1,%xmm9
+       rorl    $7,%ecx
+       addl    %esi,%eax
+       pxor    %xmm8,%xmm2
+       addl    36(%rsp),%ebp
+       xorl    %edx,%edi
+       movl    %eax,%esi
+       roll    $5,%eax
+       movdqa  %xmm2,%xmm8
+       movdqa  %xmm9,16(%rsp)
+       xorl    %ecx,%edi
+       addl    %eax,%ebp
+       rorl    $7,%ebx
+       addl    %edi,%ebp
+       pslld   $2,%xmm2
+       addl    40(%rsp),%edx
+       xorl    %ecx,%esi
+       psrld   $30,%xmm8
+       movl    %ebp,%edi
        roll    $5,%ebp
-       xorl    24(%rsp),%eax
-       xorl    %edi,%ebx
-       addl    %ebp,%r11d
-       xorl    44(%rsp),%eax
-       roll    $30,%edx
-       addl    %ebx,%r11d
-       roll    $1,%eax
-       movl    %eax,56(%rsp)
-       leal    -899497514(%rax,%rdi,1),%ebp
-       movl    60(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %r11d,%edi
-       xorl    4(%rsp),%eax
-       xorl    %r12d,%ebx
-       roll    $5,%edi
-       xorl    28(%rsp),%eax
-       xorl    %esi,%ebx
+       xorl    %ebx,%esi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %esi,%edx
+       por     %xmm8,%xmm2
+       addl    44(%rsp),%ecx
+       xorl    %ebx,%edi
+       movdqa  %xmm2,%xmm9
+       movl    %edx,%esi
+       roll    $5,%edx
+       xorl    %eax,%edi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %edi,%ecx
+       addl    48(%rsp),%ebx
+       pxor    %xmm7,%xmm3
+.byte  102,68,15,58,15,201,8
+       xorl    %eax,%esi
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       pxor    %xmm4,%xmm3
+       xorl    %ebp,%esi
+       addl    %ecx,%ebx
+       movdqa  %xmm10,%xmm8
+       paddd   %xmm2,%xmm10
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       pxor    %xmm9,%xmm3
+       addl    52(%rsp),%eax
+       xorl    %ebp,%edi
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       movdqa  %xmm3,%xmm9
+       movdqa  %xmm10,32(%rsp)
+       xorl    %edx,%edi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       pslld   $2,%xmm3
+       addl    56(%rsp),%ebp
+       xorl    %edx,%esi
+       psrld   $30,%xmm9
+       movl    %eax,%edi
+       roll    $5,%eax
+       xorl    %ecx,%esi
+       addl    %eax,%ebp
+       rorl    $7,%ebx
+       addl    %esi,%ebp
+       por     %xmm9,%xmm3
+       addl    60(%rsp),%edx
+       xorl    %ecx,%edi
+       movdqa  %xmm3,%xmm10
+       movl    %ebp,%esi
+       roll    $5,%ebp
+       xorl    %ebx,%edi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %edi,%edx
+       addl    0(%rsp),%ecx
+       pxor    %xmm0,%xmm4
+.byte  102,68,15,58,15,210,8
+       xorl    %ebx,%esi
+       movl    %edx,%edi
+       roll    $5,%edx
+       pxor    %xmm5,%xmm4
+       xorl    %eax,%esi
+       addl    %edx,%ecx
+       movdqa  %xmm8,%xmm9
+       paddd   %xmm3,%xmm8
+       rorl    $7,%ebp
+       addl    %esi,%ecx
+       pxor    %xmm10,%xmm4
+       addl    4(%rsp),%ebx
+       xorl    %eax,%edi
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       movdqa  %xmm4,%xmm10
+       movdqa  %xmm8,48(%rsp)
+       xorl    %ebp,%edi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %edi,%ebx
+       pslld   $2,%xmm4
+       addl    8(%rsp),%eax
+       xorl    %ebp,%esi
+       psrld   $30,%xmm10
+       movl    %ebx,%edi
+       roll    $5,%ebx
+       xorl    %edx,%esi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %esi,%eax
+       por     %xmm10,%xmm4
+       addl    12(%rsp),%ebp
+       xorl    %edx,%edi
+       movdqa  %xmm4,%xmm8
+       movl    %eax,%esi
+       roll    $5,%eax
+       xorl    %ecx,%edi
+       addl    %eax,%ebp
+       rorl    $7,%ebx
        addl    %edi,%ebp
-       xorl    48(%rsp),%eax
-       roll    $30,%r12d
-       addl    %ebx,%ebp
-       roll    $1,%eax
-       movl    %eax,60(%rsp)
-       leal    -899497514(%rax,%rsi,1),%edi
-       movl    0(%rsp),%eax
-       movl    %r12d,%ebx
+       addl    16(%rsp),%edx
+       pxor    %xmm1,%xmm5
+.byte  102,68,15,58,15,195,8
+       xorl    %ecx,%esi
+       movl    %ebp,%edi
+       roll    $5,%ebp
+       pxor    %xmm6,%xmm5
+       xorl    %ebx,%esi
+       addl    %ebp,%edx
+       movdqa  %xmm9,%xmm10
+       paddd   %xmm4,%xmm9
+       rorl    $7,%eax
+       addl    %esi,%edx
+       pxor    %xmm8,%xmm5
+       addl    20(%rsp),%ecx
+       xorl    %ebx,%edi
+       movl    %edx,%esi
+       roll    $5,%edx
+       movdqa  %xmm5,%xmm8
+       movdqa  %xmm9,0(%rsp)
+       xorl    %eax,%edi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %edi,%ecx
+       pslld   $2,%xmm5
+       addl    24(%rsp),%ebx
+       xorl    %eax,%esi
+       psrld   $30,%xmm8
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       xorl    %ebp,%esi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       por     %xmm8,%xmm5
+       addl    28(%rsp),%eax
+       xorl    %ebp,%edi
+       movdqa  %xmm5,%xmm9
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       xorl    %edx,%edi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       movl    %ecx,%edi
+       pxor    %xmm2,%xmm6
+.byte  102,68,15,58,15,204,8
+       xorl    %edx,%ecx
+       addl    32(%rsp),%ebp
+       andl    %edx,%edi
+       pxor    %xmm7,%xmm6
+       andl    %ecx,%esi
+       rorl    $7,%ebx
+       movdqa  %xmm10,%xmm8
+       paddd   %xmm5,%xmm10
+       addl    %edi,%ebp
+       movl    %eax,%edi
+       pxor    %xmm9,%xmm6
+       roll    $5,%eax
+       addl    %esi,%ebp
+       xorl    %edx,%ecx
+       addl    %eax,%ebp
+       movdqa  %xmm6,%xmm9
+       movdqa  %xmm10,16(%rsp)
+       movl    %ebx,%esi
+       xorl    %ecx,%ebx
+       addl    36(%rsp),%edx
+       andl    %ecx,%esi
+       pslld   $2,%xmm6
+       andl    %ebx,%edi
+       rorl    $7,%eax
+       psrld   $30,%xmm9
+       addl    %esi,%edx
        movl    %ebp,%esi
-       xorl    8(%rsp),%eax
-       xorl    %r11d,%ebx
-       roll    $5,%esi
-       xorl    32(%rsp),%eax
-       xorl    %edx,%ebx
-       addl    %esi,%edi
-       xorl    52(%rsp),%eax
-       roll    $30,%r11d
-       addl    %ebx,%edi
-       roll    $1,%eax
-       movl    %eax,0(%rsp)
-       leal    -899497514(%rax,%rdx,1),%esi
-       movl    4(%rsp),%eax
-       movl    %r11d,%ebx
-       movl    %edi,%edx
-       xorl    12(%rsp),%eax
-       xorl    %ebp,%ebx
+       roll    $5,%ebp
+       addl    %edi,%edx
+       xorl    %ecx,%ebx
+       addl    %ebp,%edx
+       por     %xmm9,%xmm6
+       movl    %eax,%edi
+       xorl    %ebx,%eax
+       movdqa  %xmm6,%xmm10
+       addl    40(%rsp),%ecx
+       andl    %ebx,%edi
+       andl    %eax,%esi
+       rorl    $7,%ebp
+       addl    %edi,%ecx
+       movl    %edx,%edi
        roll    $5,%edx
-       xorl    36(%rsp),%eax
-       xorl    %r12d,%ebx
-       addl    %edx,%esi
-       xorl    56(%rsp),%eax
-       roll    $30,%ebp
-       addl    %ebx,%esi
-       roll    $1,%eax
-       movl    %eax,4(%rsp)
-       leal    -899497514(%rax,%r12,1),%edx
-       movl    8(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %esi,%r12d
-       xorl    16(%rsp),%eax
-       xorl    %edi,%ebx
-       roll    $5,%r12d
-       xorl    40(%rsp),%eax
-       xorl    %r11d,%ebx
-       addl    %r12d,%edx
-       xorl    60(%rsp),%eax
-       roll    $30,%edi
-       addl    %ebx,%edx
-       roll    $1,%eax
-       movl    %eax,8(%rsp)
-       leal    -899497514(%rax,%r11,1),%r12d
-       movl    12(%rsp),%eax
-       movl    %edi,%ebx
-       movl    %edx,%r11d
-       xorl    20(%rsp),%eax
-       xorl    %esi,%ebx
-       roll    $5,%r11d
-       xorl    44(%rsp),%eax
-       xorl    %ebp,%ebx
-       addl    %r11d,%r12d
-       xorl    0(%rsp),%eax
-       roll    $30,%esi
-       addl    %ebx,%r12d
-       roll    $1,%eax
-       movl    %eax,12(%rsp)
-       leal    -899497514(%rax,%rbp,1),%r11d
-       movl    16(%rsp),%eax
-       movl    %esi,%ebx
-       movl    %r12d,%ebp
-       xorl    24(%rsp),%eax
-       xorl    %edx,%ebx
+       addl    %esi,%ecx
+       xorl    %ebx,%eax
+       addl    %edx,%ecx
+       movl    %ebp,%esi
+       xorl    %eax,%ebp
+       addl    44(%rsp),%ebx
+       andl    %eax,%esi
+       andl    %ebp,%edi
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       addl    %edi,%ebx
+       xorl    %eax,%ebp
+       addl    %ecx,%ebx
+       movl    %edx,%edi
+       pxor    %xmm3,%xmm7
+.byte  102,68,15,58,15,213,8
+       xorl    %ebp,%edx
+       addl    48(%rsp),%eax
+       andl    %ebp,%edi
+       pxor    %xmm0,%xmm7
+       andl    %edx,%esi
+       rorl    $7,%ecx
+       movdqa  48(%r11),%xmm9
+       paddd   %xmm6,%xmm8
+       addl    %edi,%eax
+       movl    %ebx,%edi
+       pxor    %xmm10,%xmm7
+       roll    $5,%ebx
+       addl    %esi,%eax
+       xorl    %ebp,%edx
+       addl    %ebx,%eax
+       movdqa  %xmm7,%xmm10
+       movdqa  %xmm8,32(%rsp)
+       movl    %ecx,%esi
+       xorl    %edx,%ecx
+       addl    52(%rsp),%ebp
+       andl    %edx,%esi
+       pslld   $2,%xmm7
+       andl    %ecx,%edi
+       rorl    $7,%ebx
+       psrld   $30,%xmm10
+       addl    %esi,%ebp
+       movl    %eax,%esi
+       roll    $5,%eax
+       addl    %edi,%ebp
+       xorl    %edx,%ecx
+       addl    %eax,%ebp
+       por     %xmm10,%xmm7
+       movl    %ebx,%edi
+       xorl    %ecx,%ebx
+       movdqa  %xmm7,%xmm8
+       addl    56(%rsp),%edx
+       andl    %ecx,%edi
+       andl    %ebx,%esi
+       rorl    $7,%eax
+       addl    %edi,%edx
+       movl    %ebp,%edi
        roll    $5,%ebp
-       xorl    48(%rsp),%eax
-       xorl    %edi,%ebx
-       addl    %ebp,%r11d
-       xorl    4(%rsp),%eax
-       roll    $30,%edx
-       addl    %ebx,%r11d
-       roll    $1,%eax
-       movl    %eax,16(%rsp)
-       leal    -899497514(%rax,%rdi,1),%ebp
-       movl    20(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %r11d,%edi
-       xorl    28(%rsp),%eax
-       xorl    %r12d,%ebx
-       roll    $5,%edi
-       xorl    52(%rsp),%eax
-       xorl    %esi,%ebx
+       addl    %esi,%edx
+       xorl    %ecx,%ebx
+       addl    %ebp,%edx
+       movl    %eax,%esi
+       xorl    %ebx,%eax
+       addl    60(%rsp),%ecx
+       andl    %ebx,%esi
+       andl    %eax,%edi
+       rorl    $7,%ebp
+       addl    %esi,%ecx
+       movl    %edx,%esi
+       roll    $5,%edx
+       addl    %edi,%ecx
+       xorl    %ebx,%eax
+       addl    %edx,%ecx
+       movl    %ebp,%edi
+       pxor    %xmm4,%xmm0
+.byte  102,68,15,58,15,198,8
+       xorl    %eax,%ebp
+       addl    0(%rsp),%ebx
+       andl    %eax,%edi
+       pxor    %xmm1,%xmm0
+       andl    %ebp,%esi
+       rorl    $7,%edx
+       movdqa  %xmm9,%xmm10
+       paddd   %xmm7,%xmm9
+       addl    %edi,%ebx
+       movl    %ecx,%edi
+       pxor    %xmm8,%xmm0
+       roll    $5,%ecx
+       addl    %esi,%ebx
+       xorl    %eax,%ebp
+       addl    %ecx,%ebx
+       movdqa  %xmm0,%xmm8
+       movdqa  %xmm9,48(%rsp)
+       movl    %edx,%esi
+       xorl    %ebp,%edx
+       addl    4(%rsp),%eax
+       andl    %ebp,%esi
+       pslld   $2,%xmm0
+       andl    %edx,%edi
+       rorl    $7,%ecx
+       psrld   $30,%xmm8
+       addl    %esi,%eax
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       addl    %edi,%eax
+       xorl    %ebp,%edx
+       addl    %ebx,%eax
+       por     %xmm8,%xmm0
+       movl    %ecx,%edi
+       xorl    %edx,%ecx
+       movdqa  %xmm0,%xmm9
+       addl    8(%rsp),%ebp
+       andl    %edx,%edi
+       andl    %ecx,%esi
+       rorl    $7,%ebx
        addl    %edi,%ebp
-       xorl    8(%rsp),%eax
-       roll    $30,%r12d
-       addl    %ebx,%ebp
-       roll    $1,%eax
-       movl    %eax,20(%rsp)
-       leal    -899497514(%rax,%rsi,1),%edi
-       movl    24(%rsp),%eax
-       movl    %r12d,%ebx
+       movl    %eax,%edi
+       roll    $5,%eax
+       addl    %esi,%ebp
+       xorl    %edx,%ecx
+       addl    %eax,%ebp
+       movl    %ebx,%esi
+       xorl    %ecx,%ebx
+       addl    12(%rsp),%edx
+       andl    %ecx,%esi
+       andl    %ebx,%edi
+       rorl    $7,%eax
+       addl    %esi,%edx
        movl    %ebp,%esi
-       xorl    32(%rsp),%eax
-       xorl    %r11d,%ebx
-       roll    $5,%esi
-       xorl    56(%rsp),%eax
-       xorl    %edx,%ebx
-       addl    %esi,%edi
-       xorl    12(%rsp),%eax
-       roll    $30,%r11d
-       addl    %ebx,%edi
-       roll    $1,%eax
-       movl    %eax,24(%rsp)
-       leal    -899497514(%rax,%rdx,1),%esi
-       movl    28(%rsp),%eax
-       movl    %r11d,%ebx
-       movl    %edi,%edx
-       xorl    36(%rsp),%eax
-       xorl    %ebp,%ebx
+       roll    $5,%ebp
+       addl    %edi,%edx
+       xorl    %ecx,%ebx
+       addl    %ebp,%edx
+       movl    %eax,%edi
+       pxor    %xmm5,%xmm1
+.byte  102,68,15,58,15,207,8
+       xorl    %ebx,%eax
+       addl    16(%rsp),%ecx
+       andl    %ebx,%edi
+       pxor    %xmm2,%xmm1
+       andl    %eax,%esi
+       rorl    $7,%ebp
+       movdqa  %xmm10,%xmm8
+       paddd   %xmm0,%xmm10
+       addl    %edi,%ecx
+       movl    %edx,%edi
+       pxor    %xmm9,%xmm1
        roll    $5,%edx
-       xorl    60(%rsp),%eax
-       xorl    %r12d,%ebx
-       addl    %edx,%esi
-       xorl    16(%rsp),%eax
-       roll    $30,%ebp
-       addl    %ebx,%esi
-       roll    $1,%eax
-       movl    %eax,28(%rsp)
-       leal    -899497514(%rax,%r12,1),%edx
-       movl    32(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %esi,%r12d
-       xorl    40(%rsp),%eax
-       xorl    %edi,%ebx
-       roll    $5,%r12d
-       xorl    0(%rsp),%eax
-       xorl    %r11d,%ebx
-       addl    %r12d,%edx
-       xorl    20(%rsp),%eax
-       roll    $30,%edi
-       addl    %ebx,%edx
-       roll    $1,%eax
-       movl    %eax,32(%rsp)
-       leal    -899497514(%rax,%r11,1),%r12d
-       movl    36(%rsp),%eax
-       movl    %edi,%ebx
-       movl    %edx,%r11d
-       xorl    44(%rsp),%eax
-       xorl    %esi,%ebx
-       roll    $5,%r11d
-       xorl    4(%rsp),%eax
-       xorl    %ebp,%ebx
-       addl    %r11d,%r12d
-       xorl    24(%rsp),%eax
-       roll    $30,%esi
-       addl    %ebx,%r12d
-       roll    $1,%eax
-       movl    %eax,36(%rsp)
-       leal    -899497514(%rax,%rbp,1),%r11d
-       movl    40(%rsp),%eax
-       movl    %esi,%ebx
-       movl    %r12d,%ebp
-       xorl    48(%rsp),%eax
-       xorl    %edx,%ebx
+       addl    %esi,%ecx
+       xorl    %ebx,%eax
+       addl    %edx,%ecx
+       movdqa  %xmm1,%xmm9
+       movdqa  %xmm10,0(%rsp)
+       movl    %ebp,%esi
+       xorl    %eax,%ebp
+       addl    20(%rsp),%ebx
+       andl    %eax,%esi
+       pslld   $2,%xmm1
+       andl    %ebp,%edi
+       rorl    $7,%edx
+       psrld   $30,%xmm9
+       addl    %esi,%ebx
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       addl    %edi,%ebx
+       xorl    %eax,%ebp
+       addl    %ecx,%ebx
+       por     %xmm9,%xmm1
+       movl    %edx,%edi
+       xorl    %ebp,%edx
+       movdqa  %xmm1,%xmm10
+       addl    24(%rsp),%eax
+       andl    %ebp,%edi
+       andl    %edx,%esi
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       movl    %ebx,%edi
+       roll    $5,%ebx
+       addl    %esi,%eax
+       xorl    %ebp,%edx
+       addl    %ebx,%eax
+       movl    %ecx,%esi
+       xorl    %edx,%ecx
+       addl    28(%rsp),%ebp
+       andl    %edx,%esi
+       andl    %ecx,%edi
+       rorl    $7,%ebx
+       addl    %esi,%ebp
+       movl    %eax,%esi
+       roll    $5,%eax
+       addl    %edi,%ebp
+       xorl    %edx,%ecx
+       addl    %eax,%ebp
+       movl    %ebx,%edi
+       pxor    %xmm6,%xmm2
+.byte  102,68,15,58,15,208,8
+       xorl    %ecx,%ebx
+       addl    32(%rsp),%edx
+       andl    %ecx,%edi
+       pxor    %xmm3,%xmm2
+       andl    %ebx,%esi
+       rorl    $7,%eax
+       movdqa  %xmm8,%xmm9
+       paddd   %xmm1,%xmm8
+       addl    %edi,%edx
+       movl    %ebp,%edi
+       pxor    %xmm10,%xmm2
        roll    $5,%ebp
-       xorl    8(%rsp),%eax
-       xorl    %edi,%ebx
-       addl    %ebp,%r11d
-       xorl    28(%rsp),%eax
-       roll    $30,%edx
-       addl    %ebx,%r11d
-       roll    $1,%eax
-       movl    %eax,40(%rsp)
-       leal    -899497514(%rax,%rdi,1),%ebp
-       movl    44(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %r11d,%edi
-       xorl    52(%rsp),%eax
-       xorl    %r12d,%ebx
-       roll    $5,%edi
-       xorl    12(%rsp),%eax
-       xorl    %esi,%ebx
+       addl    %esi,%edx
+       xorl    %ecx,%ebx
+       addl    %ebp,%edx
+       movdqa  %xmm2,%xmm10
+       movdqa  %xmm8,16(%rsp)
+       movl    %eax,%esi
+       xorl    %ebx,%eax
+       addl    36(%rsp),%ecx
+       andl    %ebx,%esi
+       pslld   $2,%xmm2
+       andl    %eax,%edi
+       rorl    $7,%ebp
+       psrld   $30,%xmm10
+       addl    %esi,%ecx
+       movl    %edx,%esi
+       roll    $5,%edx
+       addl    %edi,%ecx
+       xorl    %ebx,%eax
+       addl    %edx,%ecx
+       por     %xmm10,%xmm2
+       movl    %ebp,%edi
+       xorl    %eax,%ebp
+       movdqa  %xmm2,%xmm8
+       addl    40(%rsp),%ebx
+       andl    %eax,%edi
+       andl    %ebp,%esi
+       rorl    $7,%edx
+       addl    %edi,%ebx
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       addl    %esi,%ebx
+       xorl    %eax,%ebp
+       addl    %ecx,%ebx
+       movl    %edx,%esi
+       xorl    %ebp,%edx
+       addl    44(%rsp),%eax
+       andl    %ebp,%esi
+       andl    %edx,%edi
+       rorl    $7,%ecx
+       addl    %esi,%eax
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       addl    %edi,%eax
+       xorl    %ebp,%edx
+       addl    %ebx,%eax
+       addl    48(%rsp),%ebp
+       pxor    %xmm7,%xmm3
+.byte  102,68,15,58,15,193,8
+       xorl    %edx,%esi
+       movl    %eax,%edi
+       roll    $5,%eax
+       pxor    %xmm4,%xmm3
+       xorl    %ecx,%esi
+       addl    %eax,%ebp
+       movdqa  %xmm9,%xmm10
+       paddd   %xmm2,%xmm9
+       rorl    $7,%ebx
+       addl    %esi,%ebp
+       pxor    %xmm8,%xmm3
+       addl    52(%rsp),%edx
+       xorl    %ecx,%edi
+       movl    %ebp,%esi
+       roll    $5,%ebp
+       movdqa  %xmm3,%xmm8
+       movdqa  %xmm9,32(%rsp)
+       xorl    %ebx,%edi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %edi,%edx
+       pslld   $2,%xmm3
+       addl    56(%rsp),%ecx
+       xorl    %ebx,%esi
+       psrld   $30,%xmm8
+       movl    %edx,%edi
+       roll    $5,%edx
+       xorl    %eax,%esi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %esi,%ecx
+       por     %xmm8,%xmm3
+       addl    60(%rsp),%ebx
+       xorl    %eax,%edi
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       xorl    %ebp,%edi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %edi,%ebx
+       addl    0(%rsp),%eax
+       paddd   %xmm3,%xmm10
+       xorl    %ebp,%esi
+       movl    %ebx,%edi
+       roll    $5,%ebx
+       xorl    %edx,%esi
+       movdqa  %xmm10,48(%rsp)
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %esi,%eax
+       addl    4(%rsp),%ebp
+       xorl    %edx,%edi
+       movl    %eax,%esi
+       roll    $5,%eax
+       xorl    %ecx,%edi
+       addl    %eax,%ebp
+       rorl    $7,%ebx
        addl    %edi,%ebp
-       xorl    32(%rsp),%eax
-       roll    $30,%r12d
-       addl    %ebx,%ebp
-       roll    $1,%eax
-       movl    %eax,44(%rsp)
-       leal    -899497514(%rax,%rsi,1),%edi
-       movl    48(%rsp),%eax
-       movl    %r12d,%ebx
+       addl    8(%rsp),%edx
+       xorl    %ecx,%esi
+       movl    %ebp,%edi
+       roll    $5,%ebp
+       xorl    %ebx,%esi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %esi,%edx
+       addl    12(%rsp),%ecx
+       xorl    %ebx,%edi
+       movl    %edx,%esi
+       roll    $5,%edx
+       xorl    %eax,%edi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %edi,%ecx
+       cmpq    %r10,%r9
+       je      .Ldone_ssse3
+       movdqa  64(%r11),%xmm6
+       movdqa  0(%r11),%xmm9
+       movdqu  0(%r9),%xmm0
+       movdqu  16(%r9),%xmm1
+       movdqu  32(%r9),%xmm2
+       movdqu  48(%r9),%xmm3
+.byte  102,15,56,0,198
+       addq    $64,%r9
+       addl    16(%rsp),%ebx
+       xorl    %eax,%esi
+.byte  102,15,56,0,206
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       paddd   %xmm9,%xmm0
+       xorl    %ebp,%esi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       movdqa  %xmm0,0(%rsp)
+       addl    20(%rsp),%eax
+       xorl    %ebp,%edi
+       psubd   %xmm9,%xmm0
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       xorl    %edx,%edi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       addl    24(%rsp),%ebp
+       xorl    %edx,%esi
+       movl    %eax,%edi
+       roll    $5,%eax
+       xorl    %ecx,%esi
+       addl    %eax,%ebp
+       rorl    $7,%ebx
+       addl    %esi,%ebp
+       addl    28(%rsp),%edx
+       xorl    %ecx,%edi
        movl    %ebp,%esi
-       xorl    56(%rsp),%eax
-       xorl    %r11d,%ebx
-       roll    $5,%esi
-       xorl    16(%rsp),%eax
-       xorl    %edx,%ebx
-       addl    %esi,%edi
-       xorl    36(%rsp),%eax
-       roll    $30,%r11d
-       addl    %ebx,%edi
-       roll    $1,%eax
-       movl    %eax,48(%rsp)
-       leal    -899497514(%rax,%rdx,1),%esi
-       movl    52(%rsp),%eax
-       movl    %r11d,%ebx
-       movl    %edi,%edx
-       xorl    60(%rsp),%eax
-       xorl    %ebp,%ebx
+       roll    $5,%ebp
+       xorl    %ebx,%edi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %edi,%edx
+       addl    32(%rsp),%ecx
+       xorl    %ebx,%esi
+.byte  102,15,56,0,214
+       movl    %edx,%edi
        roll    $5,%edx
-       xorl    20(%rsp),%eax
-       xorl    %r12d,%ebx
-       addl    %edx,%esi
-       xorl    40(%rsp),%eax
-       roll    $30,%ebp
-       addl    %ebx,%esi
-       roll    $1,%eax
-       leal    -899497514(%rax,%r12,1),%edx
-       movl    56(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %esi,%r12d
-       xorl    0(%rsp),%eax
-       xorl    %edi,%ebx
-       roll    $5,%r12d
-       xorl    24(%rsp),%eax
-       xorl    %r11d,%ebx
-       addl    %r12d,%edx
-       xorl    44(%rsp),%eax
-       roll    $30,%edi
-       addl    %ebx,%edx
-       roll    $1,%eax
-       leal    -899497514(%rax,%r11,1),%r12d
-       movl    60(%rsp),%eax
-       movl    %edi,%ebx
-       movl    %edx,%r11d
-       xorl    4(%rsp),%eax
-       xorl    %esi,%ebx
-       roll    $5,%r11d
-       xorl    28(%rsp),%eax
-       xorl    %ebp,%ebx
-       addl    %r11d,%r12d
-       xorl    48(%rsp),%eax
-       roll    $30,%esi
-       addl    %ebx,%r12d
-       roll    $1,%eax
-       leal    -899497514(%rax,%rbp,1),%r11d
-       movl    %esi,%ebx
-       movl    %r12d,%ebp
-       xorl    %edx,%ebx
+       paddd   %xmm9,%xmm1
+       xorl    %eax,%esi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %esi,%ecx
+       movdqa  %xmm1,16(%rsp)
+       addl    36(%rsp),%ebx
+       xorl    %eax,%edi
+       psubd   %xmm9,%xmm1
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       xorl    %ebp,%edi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %edi,%ebx
+       addl    40(%rsp),%eax
+       xorl    %ebp,%esi
+       movl    %ebx,%edi
+       roll    $5,%ebx
+       xorl    %edx,%esi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %esi,%eax
+       addl    44(%rsp),%ebp
+       xorl    %edx,%edi
+       movl    %eax,%esi
+       roll    $5,%eax
+       xorl    %ecx,%edi
+       addl    %eax,%ebp
+       rorl    $7,%ebx
+       addl    %edi,%ebp
+       addl    48(%rsp),%edx
+       xorl    %ecx,%esi
+.byte  102,15,56,0,222
+       movl    %ebp,%edi
        roll    $5,%ebp
-       xorl    %edi,%ebx
-       addl    %ebp,%r11d
-       roll    $30,%edx
-       addl    %ebx,%r11d
-       addl    0(%r8),%r11d
-       addl    4(%r8),%r12d
-       addl    8(%r8),%edx
-       addl    12(%r8),%esi
-       addl    16(%r8),%edi
-       movl    %r11d,0(%r8)
-       movl    %r12d,4(%r8)
-       movl    %edx,8(%r8)
-       movl    %esi,12(%r8)
-       movl    %edi,16(%r8)
-
-       xchgl   %r11d,%edx
-       xchgl   %r12d,%esi
-       xchgl   %r11d,%edi
-       xchgl   %r12d,%ebp
+       paddd   %xmm9,%xmm2
+       xorl    %ebx,%esi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %esi,%edx
+       movdqa  %xmm2,32(%rsp)
+       addl    52(%rsp),%ecx
+       xorl    %ebx,%edi
+       psubd   %xmm9,%xmm2
+       movl    %edx,%esi
+       roll    $5,%edx
+       xorl    %eax,%edi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %edi,%ecx
+       addl    56(%rsp),%ebx
+       xorl    %eax,%esi
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       xorl    %ebp,%esi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       addl    60(%rsp),%eax
+       xorl    %ebp,%edi
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       xorl    %edx,%edi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       addl    0(%r8),%eax
+       addl    4(%r8),%esi
+       addl    8(%r8),%ecx
+       addl    12(%r8),%edx
+       movl    %eax,0(%r8)
+       addl    16(%r8),%ebp
+       movl    %esi,4(%r8)
+       movl    %esi,%ebx
+       movl    %ecx,8(%r8)
+       movl    %edx,12(%r8)
+       movl    %ebp,16(%r8)
+       jmp     .Loop_ssse3
 
-       leaq    64(%r9),%r9
-       subq    $1,%r10
-       jnz     .Lloop
-       movq    64(%rsp),%rsi
-       movq    (%rsi),%r12
+.align 16
+.Ldone_ssse3:
+       addl    16(%rsp),%ebx
+       xorl    %eax,%esi
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       xorl    %ebp,%esi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       addl    20(%rsp),%eax
+       xorl    %ebp,%edi
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       xorl    %edx,%edi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       addl    24(%rsp),%ebp
+       xorl    %edx,%esi
+       movl    %eax,%edi
+       roll    $5,%eax
+       xorl    %ecx,%esi
+       addl    %eax,%ebp
+       rorl    $7,%ebx
+       addl    %esi,%ebp
+       addl    28(%rsp),%edx
+       xorl    %ecx,%edi
+       movl    %ebp,%esi
+       roll    $5,%ebp
+       xorl    %ebx,%edi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %edi,%edx
+       addl    32(%rsp),%ecx
+       xorl    %ebx,%esi
+       movl    %edx,%edi
+       roll    $5,%edx
+       xorl    %eax,%esi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %esi,%ecx
+       addl    36(%rsp),%ebx
+       xorl    %eax,%edi
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       xorl    %ebp,%edi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %edi,%ebx
+       addl    40(%rsp),%eax
+       xorl    %ebp,%esi
+       movl    %ebx,%edi
+       roll    $5,%ebx
+       xorl    %edx,%esi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %esi,%eax
+       addl    44(%rsp),%ebp
+       xorl    %edx,%edi
+       movl    %eax,%esi
+       roll    $5,%eax
+       xorl    %ecx,%edi
+       addl    %eax,%ebp
+       rorl    $7,%ebx
+       addl    %edi,%ebp
+       addl    48(%rsp),%edx
+       xorl    %ecx,%esi
+       movl    %ebp,%edi
+       roll    $5,%ebp
+       xorl    %ebx,%esi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %esi,%edx
+       addl    52(%rsp),%ecx
+       xorl    %ebx,%edi
+       movl    %edx,%esi
+       roll    $5,%edx
+       xorl    %eax,%edi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %edi,%ecx
+       addl    56(%rsp),%ebx
+       xorl    %eax,%esi
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       xorl    %ebp,%esi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       addl    60(%rsp),%eax
+       xorl    %ebp,%edi
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       xorl    %edx,%edi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       addl    0(%r8),%eax
+       addl    4(%r8),%esi
+       addl    8(%r8),%ecx
+       movl    %eax,0(%r8)
+       addl    12(%r8),%edx
+       movl    %esi,4(%r8)
+       addl    16(%r8),%ebp
+       movl    %ecx,8(%r8)
+       movl    %edx,12(%r8)
+       movl    %ebp,16(%r8)
+       leaq    64(%rsp),%rsi
+       movq    0(%rsi),%r12
        movq    8(%rsi),%rbp
        movq    16(%rsi),%rbx
        leaq    24(%rsi),%rsp
-.Lepilogue:
+.Lepilogue_ssse3:
        .byte   0xf3,0xc3
-.size  sha1_block_data_order,.-sha1_block_data_order
+.size  sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
+.align 64
+K_XX_XX:
+.long  0x5a827999,0x5a827999,0x5a827999,0x5a827999
+
+.long  0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1
+
+.long  0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc
+
+.long  0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6
+
+.long  0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+
 .byte  83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
-.align 16
+.align 64

diff --git a/deps/openssl/asm/x64-elf-gas/sha/sha512-x86_64.s b/deps/openssl/asm/x64-elf-gas/sha/sha512-x86_64.s
index ddf7b90..576d7d8 100644 (file)
--- a/deps/openssl/asm/x64-elf-gas/sha/sha512-x86_64.s
+++ b/deps/openssl/asm/x64-elf-gas/sha/sha512-x86_64.s
@@ -38,1880 +38,1688 @@ sha256_block_data_order:
 .Lloop:
        xorq    %rdi,%rdi
        movl    0(%rsi),%r12d
-       bswapl  %r12d
        movl    %r8d,%r13d
-       movl    %r8d,%r14d
+       movl    %eax,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %r9d,%r15d
+       movl    %r12d,0(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r8d,%r13d
        xorl    %r10d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r11d,%r12d
+       xorl    %eax,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r8d,%r15d
-       movl    %r12d,0(%rsp)
+       movl    %ebx,%r11d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r8d,%r13d
        xorl    %r10d,%r15d
-       addl    %r11d,%r12d
-
-       movl    %eax,%r11d
-       addl    %r13d,%r12d
 
+       xorl    %ecx,%r11d
+       xorl    %eax,%r14d
        addl    %r15d,%r12d
-       movl    %eax,%r13d
-       movl    %eax,%r14d
+       movl    %ebx,%r15d
 
-       rorl    $2,%r11d
-       rorl    $13,%r13d
-       movl    %eax,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %eax,%r11d
+       andl    %ecx,%r15d
 
-       xorl    %r13d,%r11d
-       rorl    $9,%r13d
-       orl     %ecx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r11d
 
-       xorl    %r13d,%r11d
-       andl    %ecx,%r15d
        addl    %r12d,%edx
-
-       andl    %ebx,%r14d
        addl    %r12d,%r11d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r11d
+
        movl    4(%rsi),%r12d
-       bswapl  %r12d
        movl    %edx,%r13d
-       movl    %edx,%r14d
+       movl    %r11d,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %r8d,%r15d
+       movl    %r12d,4(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %edx,%r13d
        xorl    %r9d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r10d,%r12d
+       xorl    %r11d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %edx,%r15d
-       movl    %r12d,4(%rsp)
+       movl    %eax,%r10d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %edx,%r13d
        xorl    %r9d,%r15d
-       addl    %r10d,%r12d
-
-       movl    %r11d,%r10d
-       addl    %r13d,%r12d
 
+       xorl    %ebx,%r10d
+       xorl    %r11d,%r14d
        addl    %r15d,%r12d
-       movl    %r11d,%r13d
-       movl    %r11d,%r14d
+       movl    %eax,%r15d
 
-       rorl    $2,%r10d
-       rorl    $13,%r13d
-       movl    %r11d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r11d,%r10d
+       andl    %ebx,%r15d
 
-       xorl    %r13d,%r10d
-       rorl    $9,%r13d
-       orl     %ebx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r10d
 
-       xorl    %r13d,%r10d
-       andl    %ebx,%r15d
        addl    %r12d,%ecx
-
-       andl    %eax,%r14d
        addl    %r12d,%r10d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r10d
+
        movl    8(%rsi),%r12d
-       bswapl  %r12d
        movl    %ecx,%r13d
-       movl    %ecx,%r14d
+       movl    %r10d,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %edx,%r15d
+       movl    %r12d,8(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %ecx,%r13d
        xorl    %r8d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r9d,%r12d
+       xorl    %r10d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %ecx,%r15d
-       movl    %r12d,8(%rsp)
+       movl    %r11d,%r9d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %ecx,%r13d
        xorl    %r8d,%r15d
-       addl    %r9d,%r12d
-
-       movl    %r10d,%r9d
-       addl    %r13d,%r12d
 
+       xorl    %eax,%r9d
+       xorl    %r10d,%r14d
        addl    %r15d,%r12d
-       movl    %r10d,%r13d
-       movl    %r10d,%r14d
+       movl    %r11d,%r15d
 
-       rorl    $2,%r9d
-       rorl    $13,%r13d
-       movl    %r10d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r10d,%r9d
+       andl    %eax,%r15d
 
-       xorl    %r13d,%r9d
-       rorl    $9,%r13d
-       orl     %eax,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r9d
 
-       xorl    %r13d,%r9d
-       andl    %eax,%r15d
        addl    %r12d,%ebx
-
-       andl    %r11d,%r14d
        addl    %r12d,%r9d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r9d
+
        movl    12(%rsi),%r12d
-       bswapl  %r12d
        movl    %ebx,%r13d
-       movl    %ebx,%r14d
+       movl    %r9d,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %ecx,%r15d
+       movl    %r12d,12(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %ebx,%r13d
        xorl    %edx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r8d,%r12d
+       xorl    %r9d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %ebx,%r15d
-       movl    %r12d,12(%rsp)
+       movl    %r10d,%r8d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %ebx,%r13d
        xorl    %edx,%r15d
-       addl    %r8d,%r12d
-
-       movl    %r9d,%r8d
-       addl    %r13d,%r12d
 
+       xorl    %r11d,%r8d
+       xorl    %r9d,%r14d
        addl    %r15d,%r12d
-       movl    %r9d,%r13d
-       movl    %r9d,%r14d
+       movl    %r10d,%r15d
 
-       rorl    $2,%r8d
-       rorl    $13,%r13d
-       movl    %r9d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r9d,%r8d
+       andl    %r11d,%r15d
 
-       xorl    %r13d,%r8d
-       rorl    $9,%r13d
-       orl     %r11d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r8d
 
-       xorl    %r13d,%r8d
-       andl    %r11d,%r15d
        addl    %r12d,%eax
-
-       andl    %r10d,%r14d
        addl    %r12d,%r8d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r8d
+
        movl    16(%rsi),%r12d
-       bswapl  %r12d
        movl    %eax,%r13d
-       movl    %eax,%r14d
+       movl    %r8d,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %ebx,%r15d
+       movl    %r12d,16(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %eax,%r13d
        xorl    %ecx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %edx,%r12d
+       xorl    %r8d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %eax,%r15d
-       movl    %r12d,16(%rsp)
+       movl    %r9d,%edx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %eax,%r13d
        xorl    %ecx,%r15d
-       addl    %edx,%r12d
-
-       movl    %r8d,%edx
-       addl    %r13d,%r12d
 
+       xorl    %r10d,%edx
+       xorl    %r8d,%r14d
        addl    %r15d,%r12d
-       movl    %r8d,%r13d
-       movl    %r8d,%r14d
+       movl    %r9d,%r15d
 
-       rorl    $2,%edx
-       rorl    $13,%r13d
-       movl    %r8d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r8d,%edx
+       andl    %r10d,%r15d
 
-       xorl    %r13d,%edx
-       rorl    $9,%r13d
-       orl     %r10d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%edx
 
-       xorl    %r13d,%edx
-       andl    %r10d,%r15d
        addl    %r12d,%r11d
-
-       andl    %r9d,%r14d
        addl    %r12d,%edx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%edx
+
        movl    20(%rsi),%r12d
-       bswapl  %r12d
        movl    %r11d,%r13d
-       movl    %r11d,%r14d
+       movl    %edx,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %eax,%r15d
+       movl    %r12d,20(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r11d,%r13d
        xorl    %ebx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %ecx,%r12d
+       xorl    %edx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r11d,%r15d
-       movl    %r12d,20(%rsp)
+       movl    %r8d,%ecx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r11d,%r13d
        xorl    %ebx,%r15d
-       addl    %ecx,%r12d
-
-       movl    %edx,%ecx
-       addl    %r13d,%r12d
 
+       xorl    %r9d,%ecx
+       xorl    %edx,%r14d
        addl    %r15d,%r12d
-       movl    %edx,%r13d
-       movl    %edx,%r14d
+       movl    %r8d,%r15d
 
-       rorl    $2,%ecx
-       rorl    $13,%r13d
-       movl    %edx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %edx,%ecx
+       andl    %r9d,%r15d
 
-       xorl    %r13d,%ecx
-       rorl    $9,%r13d
-       orl     %r9d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%ecx
 
-       xorl    %r13d,%ecx
-       andl    %r9d,%r15d
        addl    %r12d,%r10d
-
-       andl    %r8d,%r14d
        addl    %r12d,%ecx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%ecx
+
        movl    24(%rsi),%r12d
-       bswapl  %r12d
        movl    %r10d,%r13d
-       movl    %r10d,%r14d
+       movl    %ecx,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %r11d,%r15d
+       movl    %r12d,24(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r10d,%r13d
        xorl    %eax,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %ebx,%r12d
+       xorl    %ecx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r10d,%r15d
-       movl    %r12d,24(%rsp)
+       movl    %edx,%ebx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r10d,%r13d
        xorl    %eax,%r15d
-       addl    %ebx,%r12d
-
-       movl    %ecx,%ebx
-       addl    %r13d,%r12d
 
+       xorl    %r8d,%ebx
+       xorl    %ecx,%r14d
        addl    %r15d,%r12d
-       movl    %ecx,%r13d
-       movl    %ecx,%r14d
+       movl    %edx,%r15d
 
-       rorl    $2,%ebx
-       rorl    $13,%r13d
-       movl    %ecx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %ecx,%ebx
+       andl    %r8d,%r15d
 
-       xorl    %r13d,%ebx
-       rorl    $9,%r13d
-       orl     %r8d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%ebx
 
-       xorl    %r13d,%ebx
-       andl    %r8d,%r15d
        addl    %r12d,%r9d
-
-       andl    %edx,%r14d
        addl    %r12d,%ebx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%ebx
+
        movl    28(%rsi),%r12d
-       bswapl  %r12d
        movl    %r9d,%r13d
-       movl    %r9d,%r14d
+       movl    %ebx,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %r10d,%r15d
+       movl    %r12d,28(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r9d,%r13d
        xorl    %r11d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %eax,%r12d
+       xorl    %ebx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r9d,%r15d
-       movl    %r12d,28(%rsp)
+       movl    %ecx,%eax
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r9d,%r13d
        xorl    %r11d,%r15d
-       addl    %eax,%r12d
-
-       movl    %ebx,%eax
-       addl    %r13d,%r12d
 
+       xorl    %edx,%eax
+       xorl    %ebx,%r14d
        addl    %r15d,%r12d
-       movl    %ebx,%r13d
-       movl    %ebx,%r14d
+       movl    %ecx,%r15d
 
-       rorl    $2,%eax
-       rorl    $13,%r13d
-       movl    %ebx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %ebx,%eax
+       andl    %edx,%r15d
 
-       xorl    %r13d,%eax
-       rorl    $9,%r13d
-       orl     %edx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%eax
 
-       xorl    %r13d,%eax
-       andl    %edx,%r15d
        addl    %r12d,%r8d
-
-       andl    %ecx,%r14d
        addl    %r12d,%eax
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%eax
+
        movl    32(%rsi),%r12d
-       bswapl  %r12d
        movl    %r8d,%r13d
-       movl    %r8d,%r14d
+       movl    %eax,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %r9d,%r15d
+       movl    %r12d,32(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r8d,%r13d
        xorl    %r10d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r11d,%r12d
+       xorl    %eax,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r8d,%r15d
-       movl    %r12d,32(%rsp)
+       movl    %ebx,%r11d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r8d,%r13d
        xorl    %r10d,%r15d
-       addl    %r11d,%r12d
-
-       movl    %eax,%r11d
-       addl    %r13d,%r12d
 
+       xorl    %ecx,%r11d
+       xorl    %eax,%r14d
        addl    %r15d,%r12d
-       movl    %eax,%r13d
-       movl    %eax,%r14d
+       movl    %ebx,%r15d
 
-       rorl    $2,%r11d
-       rorl    $13,%r13d
-       movl    %eax,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %eax,%r11d
+       andl    %ecx,%r15d
 
-       xorl    %r13d,%r11d
-       rorl    $9,%r13d
-       orl     %ecx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r11d
 
-       xorl    %r13d,%r11d
-       andl    %ecx,%r15d
        addl    %r12d,%edx
-
-       andl    %ebx,%r14d
        addl    %r12d,%r11d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r11d
+
        movl    36(%rsi),%r12d
-       bswapl  %r12d
        movl    %edx,%r13d
-       movl    %edx,%r14d
+       movl    %r11d,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %r8d,%r15d
-
-       rorl    $6,%r13d
-       rorl    $11,%r14d
-       xorl    %r9d,%r15d
-
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
-       andl    %edx,%r15d
        movl    %r12d,36(%rsp)
 
-       xorl    %r14d,%r13d
+       rorl    $9,%r14d
+       xorl    %edx,%r13d
        xorl    %r9d,%r15d
-       addl    %r10d,%r12d
-
-       movl    %r11d,%r10d
-       addl    %r13d,%r12d
 
-       addl    %r15d,%r12d
-       movl    %r11d,%r13d
-       movl    %r11d,%r14d
+       rorl    $5,%r13d
+       addl    %r10d,%r12d
+       xorl    %r11d,%r14d
 
-       rorl    $2,%r10d
-       rorl    $13,%r13d
-       movl    %r11d,%r15d
        addl    (%rbp,%rdi,4),%r12d
+       andl    %edx,%r15d
+       movl    %eax,%r10d
+
+       rorl    $11,%r14d
+       xorl    %edx,%r13d
+       xorl    %r9d,%r15d
 
-       xorl    %r13d,%r10d
-       rorl    $9,%r13d
-       orl     %ebx,%r14d
+       xorl    %ebx,%r10d
+       xorl    %r11d,%r14d
+       addl    %r15d,%r12d
+       movl    %eax,%r15d
 
-       xorl    %r13d,%r10d
+       rorl    $6,%r13d
+       andl    %r11d,%r10d
        andl    %ebx,%r15d
-       addl    %r12d,%ecx
 
-       andl    %eax,%r14d
-       addl    %r12d,%r10d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r10d
 
-       orl     %r15d,%r14d
+       addl    %r12d,%ecx
+       addl    %r12d,%r10d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r10d
+
        movl    40(%rsi),%r12d
-       bswapl  %r12d
        movl    %ecx,%r13d
-       movl    %ecx,%r14d
+       movl    %r10d,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %edx,%r15d
+       movl    %r12d,40(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %ecx,%r13d
        xorl    %r8d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r9d,%r12d
+       xorl    %r10d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %ecx,%r15d
-       movl    %r12d,40(%rsp)
+       movl    %r11d,%r9d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %ecx,%r13d
        xorl    %r8d,%r15d
-       addl    %r9d,%r12d
-
-       movl    %r10d,%r9d
-       addl    %r13d,%r12d
 
+       xorl    %eax,%r9d
+       xorl    %r10d,%r14d
        addl    %r15d,%r12d
-       movl    %r10d,%r13d
-       movl    %r10d,%r14d
+       movl    %r11d,%r15d
 
-       rorl    $2,%r9d
-       rorl    $13,%r13d
-       movl    %r10d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r10d,%r9d
+       andl    %eax,%r15d
 
-       xorl    %r13d,%r9d
-       rorl    $9,%r13d
-       orl     %eax,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r9d
 
-       xorl    %r13d,%r9d
-       andl    %eax,%r15d
        addl    %r12d,%ebx
-
-       andl    %r11d,%r14d
        addl    %r12d,%r9d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r9d
+
        movl    44(%rsi),%r12d
-       bswapl  %r12d
        movl    %ebx,%r13d
-       movl    %ebx,%r14d
+       movl    %r9d,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %ecx,%r15d
+       movl    %r12d,44(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %ebx,%r13d
        xorl    %edx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r8d,%r12d
+       xorl    %r9d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %ebx,%r15d
-       movl    %r12d,44(%rsp)
+       movl    %r10d,%r8d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %ebx,%r13d
        xorl    %edx,%r15d
-       addl    %r8d,%r12d
-
-       movl    %r9d,%r8d
-       addl    %r13d,%r12d
 
+       xorl    %r11d,%r8d
+       xorl    %r9d,%r14d
        addl    %r15d,%r12d
-       movl    %r9d,%r13d
-       movl    %r9d,%r14d
+       movl    %r10d,%r15d
 
-       rorl    $2,%r8d
-       rorl    $13,%r13d
-       movl    %r9d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r9d,%r8d
+       andl    %r11d,%r15d
 
-       xorl    %r13d,%r8d
-       rorl    $9,%r13d
-       orl     %r11d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r8d
 
-       xorl    %r13d,%r8d
-       andl    %r11d,%r15d
        addl    %r12d,%eax
-
-       andl    %r10d,%r14d
        addl    %r12d,%r8d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r8d
+
        movl    48(%rsi),%r12d
-       bswapl  %r12d
        movl    %eax,%r13d
-       movl    %eax,%r14d
+       movl    %r8d,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %ebx,%r15d
+       movl    %r12d,48(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %eax,%r13d
        xorl    %ecx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %edx,%r12d
+       xorl    %r8d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %eax,%r15d
-       movl    %r12d,48(%rsp)
+       movl    %r9d,%edx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %eax,%r13d
        xorl    %ecx,%r15d
-       addl    %edx,%r12d
-
-       movl    %r8d,%edx
-       addl    %r13d,%r12d
 
+       xorl    %r10d,%edx
+       xorl    %r8d,%r14d
        addl    %r15d,%r12d
-       movl    %r8d,%r13d
-       movl    %r8d,%r14d
+       movl    %r9d,%r15d
 
-       rorl    $2,%edx
-       rorl    $13,%r13d
-       movl    %r8d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r8d,%edx
+       andl    %r10d,%r15d
 
-       xorl    %r13d,%edx
-       rorl    $9,%r13d
-       orl     %r10d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%edx
 
-       xorl    %r13d,%edx
-       andl    %r10d,%r15d
        addl    %r12d,%r11d
-
-       andl    %r9d,%r14d
        addl    %r12d,%edx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%edx
+
        movl    52(%rsi),%r12d
-       bswapl  %r12d
        movl    %r11d,%r13d
-       movl    %r11d,%r14d
+       movl    %edx,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %eax,%r15d
+       movl    %r12d,52(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r11d,%r13d
        xorl    %ebx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %ecx,%r12d
+       xorl    %edx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r11d,%r15d
-       movl    %r12d,52(%rsp)
+       movl    %r8d,%ecx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r11d,%r13d
        xorl    %ebx,%r15d
-       addl    %ecx,%r12d
-
-       movl    %edx,%ecx
-       addl    %r13d,%r12d
 
+       xorl    %r9d,%ecx
+       xorl    %edx,%r14d
        addl    %r15d,%r12d
-       movl    %edx,%r13d
-       movl    %edx,%r14d
+       movl    %r8d,%r15d
 
-       rorl    $2,%ecx
-       rorl    $13,%r13d
-       movl    %edx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %edx,%ecx
+       andl    %r9d,%r15d
 
-       xorl    %r13d,%ecx
-       rorl    $9,%r13d
-       orl     %r9d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%ecx
 
-       xorl    %r13d,%ecx
-       andl    %r9d,%r15d
        addl    %r12d,%r10d
-
-       andl    %r8d,%r14d
        addl    %r12d,%ecx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%ecx
+
        movl    56(%rsi),%r12d
-       bswapl  %r12d
        movl    %r10d,%r13d
-       movl    %r10d,%r14d
+       movl    %ecx,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %r11d,%r15d
+       movl    %r12d,56(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r10d,%r13d
        xorl    %eax,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %ebx,%r12d
+       xorl    %ecx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r10d,%r15d
-       movl    %r12d,56(%rsp)
+       movl    %edx,%ebx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r10d,%r13d
        xorl    %eax,%r15d
-       addl    %ebx,%r12d
-
-       movl    %ecx,%ebx
-       addl    %r13d,%r12d
 
+       xorl    %r8d,%ebx
+       xorl    %ecx,%r14d
        addl    %r15d,%r12d
-       movl    %ecx,%r13d
-       movl    %ecx,%r14d
+       movl    %edx,%r15d
 
-       rorl    $2,%ebx
-       rorl    $13,%r13d
-       movl    %ecx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %ecx,%ebx
+       andl    %r8d,%r15d
 
-       xorl    %r13d,%ebx
-       rorl    $9,%r13d
-       orl     %r8d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%ebx
 
-       xorl    %r13d,%ebx
-       andl    %r8d,%r15d
        addl    %r12d,%r9d
-
-       andl    %edx,%r14d
        addl    %r12d,%ebx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%ebx
+
        movl    60(%rsi),%r12d
-       bswapl  %r12d
        movl    %r9d,%r13d
-       movl    %r9d,%r14d
+       movl    %ebx,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %r10d,%r15d
+       movl    %r12d,60(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r9d,%r13d
        xorl    %r11d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %eax,%r12d
+       xorl    %ebx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r9d,%r15d
-       movl    %r12d,60(%rsp)
+       movl    %ecx,%eax
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r9d,%r13d
        xorl    %r11d,%r15d
-       addl    %eax,%r12d
-
-       movl    %ebx,%eax
-       addl    %r13d,%r12d
 
+       xorl    %edx,%eax
+       xorl    %ebx,%r14d
        addl    %r15d,%r12d
-       movl    %ebx,%r13d
-       movl    %ebx,%r14d
+       movl    %ecx,%r15d
 
-       rorl    $2,%eax
-       rorl    $13,%r13d
-       movl    %ebx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %ebx,%eax
+       andl    %edx,%r15d
 
-       xorl    %r13d,%eax
-       rorl    $9,%r13d
-       orl     %edx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%eax
 
-       xorl    %r13d,%eax
-       andl    %edx,%r15d
        addl    %r12d,%r8d
-
-       andl    %ecx,%r14d
        addl    %r12d,%eax
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%eax
+
        jmp     .Lrounds_16_xx
 .align 16
 .Lrounds_16_xx:
        movl    4(%rsp),%r13d
-       movl    56(%rsp),%r12d
-
-       movl    %r13d,%r15d
+       movl    56(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    36(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    36(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    0(%rsp),%r12d
        movl    %r8d,%r13d
-       movl    %r8d,%r14d
+       addl    %r14d,%r12d
+       movl    %eax,%r14d
+       rorl    $14,%r13d
        movl    %r9d,%r15d
+       movl    %r12d,0(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r8d,%r13d
        xorl    %r10d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r11d,%r12d
+       xorl    %eax,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r8d,%r15d
-       movl    %r12d,0(%rsp)
+       movl    %ebx,%r11d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r8d,%r13d
        xorl    %r10d,%r15d
-       addl    %r11d,%r12d
-
-       movl    %eax,%r11d
-       addl    %r13d,%r12d
 
+       xorl    %ecx,%r11d
+       xorl    %eax,%r14d
        addl    %r15d,%r12d
-       movl    %eax,%r13d
-       movl    %eax,%r14d
+       movl    %ebx,%r15d
 
-       rorl    $2,%r11d
-       rorl    $13,%r13d
-       movl    %eax,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %eax,%r11d
+       andl    %ecx,%r15d
 
-       xorl    %r13d,%r11d
-       rorl    $9,%r13d
-       orl     %ecx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r11d
 
-       xorl    %r13d,%r11d
-       andl    %ecx,%r15d
        addl    %r12d,%edx
-
-       andl    %ebx,%r14d
        addl    %r12d,%r11d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r11d
-       movl    8(%rsp),%r13d
-       movl    60(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    8(%rsp),%r13d
+       movl    60(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    40(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    40(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    4(%rsp),%r12d
        movl    %edx,%r13d
-       movl    %edx,%r14d
+       addl    %r14d,%r12d
+       movl    %r11d,%r14d
+       rorl    $14,%r13d
        movl    %r8d,%r15d
+       movl    %r12d,4(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %edx,%r13d
        xorl    %r9d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r10d,%r12d
+       xorl    %r11d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %edx,%r15d
-       movl    %r12d,4(%rsp)
+       movl    %eax,%r10d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %edx,%r13d
        xorl    %r9d,%r15d
-       addl    %r10d,%r12d
-
-       movl    %r11d,%r10d
-       addl    %r13d,%r12d
 
+       xorl    %ebx,%r10d
+       xorl    %r11d,%r14d
        addl    %r15d,%r12d
-       movl    %r11d,%r13d
-       movl    %r11d,%r14d
+       movl    %eax,%r15d
 
-       rorl    $2,%r10d
-       rorl    $13,%r13d
-       movl    %r11d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r11d,%r10d
+       andl    %ebx,%r15d
 
-       xorl    %r13d,%r10d
-       rorl    $9,%r13d
-       orl     %ebx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r10d
 
-       xorl    %r13d,%r10d
-       andl    %ebx,%r15d
        addl    %r12d,%ecx
-
-       andl    %eax,%r14d
        addl    %r12d,%r10d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r10d
-       movl    12(%rsp),%r13d
-       movl    0(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    12(%rsp),%r13d
+       movl    0(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    44(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    44(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    8(%rsp),%r12d
        movl    %ecx,%r13d
-       movl    %ecx,%r14d
+       addl    %r14d,%r12d
+       movl    %r10d,%r14d
+       rorl    $14,%r13d
        movl    %edx,%r15d
+       movl    %r12d,8(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %ecx,%r13d
        xorl    %r8d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r9d,%r12d
+       xorl    %r10d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %ecx,%r15d
-       movl    %r12d,8(%rsp)
+       movl    %r11d,%r9d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %ecx,%r13d
        xorl    %r8d,%r15d
-       addl    %r9d,%r12d
-
-       movl    %r10d,%r9d
-       addl    %r13d,%r12d
 
+       xorl    %eax,%r9d
+       xorl    %r10d,%r14d
        addl    %r15d,%r12d
-       movl    %r10d,%r13d
-       movl    %r10d,%r14d
+       movl    %r11d,%r15d
 
-       rorl    $2,%r9d
-       rorl    $13,%r13d
-       movl    %r10d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r10d,%r9d
+       andl    %eax,%r15d
 
-       xorl    %r13d,%r9d
-       rorl    $9,%r13d
-       orl     %eax,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r9d
 
-       xorl    %r13d,%r9d
-       andl    %eax,%r15d
        addl    %r12d,%ebx
-
-       andl    %r11d,%r14d
        addl    %r12d,%r9d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r9d
-       movl    16(%rsp),%r13d
-       movl    4(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    16(%rsp),%r13d
+       movl    4(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    48(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    48(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    12(%rsp),%r12d
        movl    %ebx,%r13d
-       movl    %ebx,%r14d
+       addl    %r14d,%r12d
+       movl    %r9d,%r14d
+       rorl    $14,%r13d
        movl    %ecx,%r15d
+       movl    %r12d,12(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %ebx,%r13d
        xorl    %edx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r8d,%r12d
+       xorl    %r9d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %ebx,%r15d
-       movl    %r12d,12(%rsp)
+       movl    %r10d,%r8d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %ebx,%r13d
        xorl    %edx,%r15d
-       addl    %r8d,%r12d
-
-       movl    %r9d,%r8d
-       addl    %r13d,%r12d
 
+       xorl    %r11d,%r8d
+       xorl    %r9d,%r14d
        addl    %r15d,%r12d
-       movl    %r9d,%r13d
-       movl    %r9d,%r14d
+       movl    %r10d,%r15d
 
-       rorl    $2,%r8d
-       rorl    $13,%r13d
-       movl    %r9d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r9d,%r8d
+       andl    %r11d,%r15d
 
-       xorl    %r13d,%r8d
-       rorl    $9,%r13d
-       orl     %r11d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r8d
 
-       xorl    %r13d,%r8d
-       andl    %r11d,%r15d
        addl    %r12d,%eax
-
-       andl    %r10d,%r14d
        addl    %r12d,%r8d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r8d
-       movl    20(%rsp),%r13d
-       movl    8(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    20(%rsp),%r13d
+       movl    8(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    52(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    52(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    16(%rsp),%r12d
        movl    %eax,%r13d
-       movl    %eax,%r14d
+       addl    %r14d,%r12d
+       movl    %r8d,%r14d
+       rorl    $14,%r13d
        movl    %ebx,%r15d
+       movl    %r12d,16(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %eax,%r13d
        xorl    %ecx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %edx,%r12d
+       xorl    %r8d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %eax,%r15d
-       movl    %r12d,16(%rsp)
+       movl    %r9d,%edx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %eax,%r13d
        xorl    %ecx,%r15d
-       addl    %edx,%r12d
-
-       movl    %r8d,%edx
-       addl    %r13d,%r12d
 
+       xorl    %r10d,%edx
+       xorl    %r8d,%r14d
        addl    %r15d,%r12d
-       movl    %r8d,%r13d
-       movl    %r8d,%r14d
+       movl    %r9d,%r15d
 
-       rorl    $2,%edx
-       rorl    $13,%r13d
-       movl    %r8d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r8d,%edx
+       andl    %r10d,%r15d
 
-       xorl    %r13d,%edx
-       rorl    $9,%r13d
-       orl     %r10d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%edx
 
-       xorl    %r13d,%edx
-       andl    %r10d,%r15d
        addl    %r12d,%r11d
-
-       andl    %r9d,%r14d
        addl    %r12d,%edx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%edx
-       movl    24(%rsp),%r13d
-       movl    12(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    24(%rsp),%r13d
+       movl    12(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    56(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    56(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    20(%rsp),%r12d
        movl    %r11d,%r13d
-       movl    %r11d,%r14d
+       addl    %r14d,%r12d
+       movl    %edx,%r14d
+       rorl    $14,%r13d
        movl    %eax,%r15d
+       movl    %r12d,20(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r11d,%r13d
        xorl    %ebx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %ecx,%r12d
+       xorl    %edx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r11d,%r15d
-       movl    %r12d,20(%rsp)
+       movl    %r8d,%ecx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r11d,%r13d
        xorl    %ebx,%r15d
-       addl    %ecx,%r12d
-
-       movl    %edx,%ecx
-       addl    %r13d,%r12d
 
+       xorl    %r9d,%ecx
+       xorl    %edx,%r14d
        addl    %r15d,%r12d
-       movl    %edx,%r13d
-       movl    %edx,%r14d
+       movl    %r8d,%r15d
 
-       rorl    $2,%ecx
-       rorl    $13,%r13d
-       movl    %edx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %edx,%ecx
+       andl    %r9d,%r15d
 
-       xorl    %r13d,%ecx
-       rorl    $9,%r13d
-       orl     %r9d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%ecx
 
-       xorl    %r13d,%ecx
-       andl    %r9d,%r15d
        addl    %r12d,%r10d
-
-       andl    %r8d,%r14d
        addl    %r12d,%ecx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%ecx
-       movl    28(%rsp),%r13d
-       movl    16(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    28(%rsp),%r13d
+       movl    16(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    60(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    60(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    24(%rsp),%r12d
        movl    %r10d,%r13d
-       movl    %r10d,%r14d
+       addl    %r14d,%r12d
+       movl    %ecx,%r14d
+       rorl    $14,%r13d
        movl    %r11d,%r15d
+       movl    %r12d,24(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r10d,%r13d
        xorl    %eax,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %ebx,%r12d
+       xorl    %ecx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r10d,%r15d
-       movl    %r12d,24(%rsp)
+       movl    %edx,%ebx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r10d,%r13d
        xorl    %eax,%r15d
-       addl    %ebx,%r12d
-
-       movl    %ecx,%ebx
-       addl    %r13d,%r12d
 
+       xorl    %r8d,%ebx
+       xorl    %ecx,%r14d
        addl    %r15d,%r12d
-       movl    %ecx,%r13d
-       movl    %ecx,%r14d
+       movl    %edx,%r15d
 
-       rorl    $2,%ebx
-       rorl    $13,%r13d
-       movl    %ecx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %ecx,%ebx
+       andl    %r8d,%r15d
 
-       xorl    %r13d,%ebx
-       rorl    $9,%r13d
-       orl     %r8d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%ebx
 
-       xorl    %r13d,%ebx
-       andl    %r8d,%r15d
        addl    %r12d,%r9d
-
-       andl    %edx,%r14d
        addl    %r12d,%ebx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%ebx
-       movl    32(%rsp),%r13d
-       movl    20(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    32(%rsp),%r13d
+       movl    20(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    0(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    0(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    28(%rsp),%r12d
        movl    %r9d,%r13d
-       movl    %r9d,%r14d
+       addl    %r14d,%r12d
+       movl    %ebx,%r14d
+       rorl    $14,%r13d
        movl    %r10d,%r15d
+       movl    %r12d,28(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r9d,%r13d
        xorl    %r11d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %eax,%r12d
+       xorl    %ebx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r9d,%r15d
-       movl    %r12d,28(%rsp)
+       movl    %ecx,%eax
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r9d,%r13d
        xorl    %r11d,%r15d
-       addl    %eax,%r12d
-
-       movl    %ebx,%eax
-       addl    %r13d,%r12d
 
+       xorl    %edx,%eax
+       xorl    %ebx,%r14d
        addl    %r15d,%r12d
-       movl    %ebx,%r13d
-       movl    %ebx,%r14d
+       movl    %ecx,%r15d
 
-       rorl    $2,%eax
-       rorl    $13,%r13d
-       movl    %ebx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %ebx,%eax
+       andl    %edx,%r15d
 
-       xorl    %r13d,%eax
-       rorl    $9,%r13d
-       orl     %edx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%eax
 
-       xorl    %r13d,%eax
-       andl    %edx,%r15d
        addl    %r12d,%r8d
-
-       andl    %ecx,%r14d
        addl    %r12d,%eax
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%eax
-       movl    36(%rsp),%r13d
-       movl    24(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    36(%rsp),%r13d
+       movl    24(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    4(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    4(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    32(%rsp),%r12d
        movl    %r8d,%r13d
-       movl    %r8d,%r14d
+       addl    %r14d,%r12d
+       movl    %eax,%r14d
+       rorl    $14,%r13d
        movl    %r9d,%r15d
+       movl    %r12d,32(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r8d,%r13d
        xorl    %r10d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r11d,%r12d
+       xorl    %eax,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r8d,%r15d
-       movl    %r12d,32(%rsp)
+       movl    %ebx,%r11d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r8d,%r13d
        xorl    %r10d,%r15d
-       addl    %r11d,%r12d
-
-       movl    %eax,%r11d
-       addl    %r13d,%r12d
 
+       xorl    %ecx,%r11d
+       xorl    %eax,%r14d
        addl    %r15d,%r12d
-       movl    %eax,%r13d
-       movl    %eax,%r14d
-
-       rorl    $2,%r11d
-       rorl    $13,%r13d
-       movl    %eax,%r15d
-       addl    (%rbp,%rdi,4),%r12d
-
-       xorl    %r13d,%r11d
-       rorl    $9,%r13d
-       orl     %ecx,%r14d
+       movl    %ebx,%r15d
 
-       xorl    %r13d,%r11d
+       rorl    $6,%r13d
+       andl    %eax,%r11d
        andl    %ecx,%r15d
-       addl    %r12d,%edx
 
-       andl    %ebx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r11d
+
+       addl    %r12d,%edx
        addl    %r12d,%r11d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r11d
-       movl    40(%rsp),%r13d
-       movl    28(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    40(%rsp),%r13d
+       movl    28(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
-
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
 
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    8(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    8(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    36(%rsp),%r12d
        movl    %edx,%r13d
-       movl    %edx,%r14d
+       addl    %r14d,%r12d
+       movl    %r11d,%r14d
+       rorl    $14,%r13d
        movl    %r8d,%r15d
+       movl    %r12d,36(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %edx,%r13d
        xorl    %r9d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r10d,%r12d
+       xorl    %r11d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %edx,%r15d
-       movl    %r12d,36(%rsp)
+       movl    %eax,%r10d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %edx,%r13d
        xorl    %r9d,%r15d
-       addl    %r10d,%r12d
-
-       movl    %r11d,%r10d
-       addl    %r13d,%r12d
 
+       xorl    %ebx,%r10d
+       xorl    %r11d,%r14d
        addl    %r15d,%r12d
-       movl    %r11d,%r13d
-       movl    %r11d,%r14d
+       movl    %eax,%r15d
 
-       rorl    $2,%r10d
-       rorl    $13,%r13d
-       movl    %r11d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r11d,%r10d
+       andl    %ebx,%r15d
 
-       xorl    %r13d,%r10d
-       rorl    $9,%r13d
-       orl     %ebx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r10d
 
-       xorl    %r13d,%r10d
-       andl    %ebx,%r15d
        addl    %r12d,%ecx
-
-       andl    %eax,%r14d
        addl    %r12d,%r10d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r10d
-       movl    44(%rsp),%r13d
-       movl    32(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    44(%rsp),%r13d
+       movl    32(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
-
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
 
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    12(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    12(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    40(%rsp),%r12d
        movl    %ecx,%r13d
-       movl    %ecx,%r14d
+       addl    %r14d,%r12d
+       movl    %r10d,%r14d
+       rorl    $14,%r13d
        movl    %edx,%r15d
+       movl    %r12d,40(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %ecx,%r13d
        xorl    %r8d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r9d,%r12d
+       xorl    %r10d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %ecx,%r15d
-       movl    %r12d,40(%rsp)
+       movl    %r11d,%r9d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %ecx,%r13d
        xorl    %r8d,%r15d
-       addl    %r9d,%r12d
-
-       movl    %r10d,%r9d
-       addl    %r13d,%r12d
 
+       xorl    %eax,%r9d
+       xorl    %r10d,%r14d
        addl    %r15d,%r12d
-       movl    %r10d,%r13d
-       movl    %r10d,%r14d
+       movl    %r11d,%r15d
 
-       rorl    $2,%r9d
-       rorl    $13,%r13d
-       movl    %r10d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r10d,%r9d
+       andl    %eax,%r15d
 
-       xorl    %r13d,%r9d
-       rorl    $9,%r13d
-       orl     %eax,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r9d
 
-       xorl    %r13d,%r9d
-       andl    %eax,%r15d
        addl    %r12d,%ebx
-
-       andl    %r11d,%r14d
        addl    %r12d,%r9d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r9d
-       movl    48(%rsp),%r13d
-       movl    36(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    48(%rsp),%r13d
+       movl    36(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
-
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
 
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    16(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    16(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    44(%rsp),%r12d
        movl    %ebx,%r13d
-       movl    %ebx,%r14d
+       addl    %r14d,%r12d
+       movl    %r9d,%r14d
+       rorl    $14,%r13d
        movl    %ecx,%r15d
+       movl    %r12d,44(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %ebx,%r13d
        xorl    %edx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r8d,%r12d
+       xorl    %r9d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %ebx,%r15d
-       movl    %r12d,44(%rsp)
+       movl    %r10d,%r8d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %ebx,%r13d
        xorl    %edx,%r15d
-       addl    %r8d,%r12d
-
-       movl    %r9d,%r8d
-       addl    %r13d,%r12d
 
+       xorl    %r11d,%r8d
+       xorl    %r9d,%r14d
        addl    %r15d,%r12d
-       movl    %r9d,%r13d
-       movl    %r9d,%r14d
+       movl    %r10d,%r15d
 
-       rorl    $2,%r8d
-       rorl    $13,%r13d
-       movl    %r9d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r9d,%r8d
+       andl    %r11d,%r15d
 
-       xorl    %r13d,%r8d
-       rorl    $9,%r13d
-       orl     %r11d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r8d
 
-       xorl    %r13d,%r8d
-       andl    %r11d,%r15d
        addl    %r12d,%eax
-
-       andl    %r10d,%r14d
        addl    %r12d,%r8d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r8d
-       movl    52(%rsp),%r13d
-       movl    40(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    52(%rsp),%r13d
+       movl    40(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
-
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
 
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    20(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    20(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    48(%rsp),%r12d
        movl    %eax,%r13d
-       movl    %eax,%r14d
+       addl    %r14d,%r12d
+       movl    %r8d,%r14d
+       rorl    $14,%r13d
        movl    %ebx,%r15d
+       movl    %r12d,48(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %eax,%r13d
        xorl    %ecx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %edx,%r12d
+       xorl    %r8d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %eax,%r15d
-       movl    %r12d,48(%rsp)
+       movl    %r9d,%edx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %eax,%r13d
        xorl    %ecx,%r15d
-       addl    %edx,%r12d
-
-       movl    %r8d,%edx
-       addl    %r13d,%r12d
 
+       xorl    %r10d,%edx
+       xorl    %r8d,%r14d
        addl    %r15d,%r12d
-       movl    %r8d,%r13d
-       movl    %r8d,%r14d
+       movl    %r9d,%r15d
 
-       rorl    $2,%edx
-       rorl    $13,%r13d
-       movl    %r8d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r8d,%edx
+       andl    %r10d,%r15d
 
-       xorl    %r13d,%edx
-       rorl    $9,%r13d
-       orl     %r10d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%edx
 
-       xorl    %r13d,%edx
-       andl    %r10d,%r15d
        addl    %r12d,%r11d
-
-       andl    %r9d,%r14d
        addl    %r12d,%edx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%edx
-       movl    56(%rsp),%r13d
-       movl    44(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    56(%rsp),%r13d
+       movl    44(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
-
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
 
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    24(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    24(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    52(%rsp),%r12d
        movl    %r11d,%r13d
-       movl    %r11d,%r14d
+       addl    %r14d,%r12d
+       movl    %edx,%r14d
+       rorl    $14,%r13d
        movl    %eax,%r15d
+       movl    %r12d,52(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r11d,%r13d
        xorl    %ebx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %ecx,%r12d
+       xorl    %edx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r11d,%r15d
-       movl    %r12d,52(%rsp)
+       movl    %r8d,%ecx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r11d,%r13d
        xorl    %ebx,%r15d
-       addl    %ecx,%r12d
-
-       movl    %edx,%ecx
-       addl    %r13d,%r12d
 
+       xorl    %r9d,%ecx
+       xorl    %edx,%r14d
        addl    %r15d,%r12d
-       movl    %edx,%r13d
-       movl    %edx,%r14d
+       movl    %r8d,%r15d
 
-       rorl    $2,%ecx
-       rorl    $13,%r13d
-       movl    %edx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %edx,%ecx
+       andl    %r9d,%r15d
 
-       xorl    %r13d,%ecx
-       rorl    $9,%r13d
-       orl     %r9d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%ecx
 
-       xorl    %r13d,%ecx
-       andl    %r9d,%r15d
        addl    %r12d,%r10d
-
-       andl    %r8d,%r14d
        addl    %r12d,%ecx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%ecx
-       movl    60(%rsp),%r13d
-       movl    48(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    60(%rsp),%r13d
+       movl    48(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
-
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
 
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    28(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    28(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    56(%rsp),%r12d
        movl    %r10d,%r13d
-       movl    %r10d,%r14d
+       addl    %r14d,%r12d
+       movl    %ecx,%r14d
+       rorl    $14,%r13d
        movl    %r11d,%r15d
+       movl    %r12d,56(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r10d,%r13d
        xorl    %eax,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %ebx,%r12d
+       xorl    %ecx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r10d,%r15d
-       movl    %r12d,56(%rsp)
+       movl    %edx,%ebx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r10d,%r13d
        xorl    %eax,%r15d
-       addl    %ebx,%r12d
-
-       movl    %ecx,%ebx
-       addl    %r13d,%r12d
 
+       xorl    %r8d,%ebx
+       xorl    %ecx,%r14d
        addl    %r15d,%r12d
-       movl    %ecx,%r13d
-       movl    %ecx,%r14d
+       movl    %edx,%r15d
 
-       rorl    $2,%ebx
-       rorl    $13,%r13d
-       movl    %ecx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %ecx,%ebx
+       andl    %r8d,%r15d
 
-       xorl    %r13d,%ebx
-       rorl    $9,%r13d
-       orl     %r8d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%ebx
 
-       xorl    %r13d,%ebx
-       andl    %r8d,%r15d
        addl    %r12d,%r9d
-
-       andl    %edx,%r14d
        addl    %r12d,%ebx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%ebx
-       movl    0(%rsp),%r13d
-       movl    52(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    0(%rsp),%r13d
+       movl    52(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
-
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
 
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    32(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    32(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    60(%rsp),%r12d
        movl    %r9d,%r13d
-       movl    %r9d,%r14d
+       addl    %r14d,%r12d
+       movl    %ebx,%r14d
+       rorl    $14,%r13d
        movl    %r10d,%r15d
+       movl    %r12d,60(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r9d,%r13d
        xorl    %r11d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %eax,%r12d
+       xorl    %ebx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r9d,%r15d
-       movl    %r12d,60(%rsp)
+       movl    %ecx,%eax
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r9d,%r13d
        xorl    %r11d,%r15d
-       addl    %eax,%r12d
-
-       movl    %ebx,%eax
-       addl    %r13d,%r12d
 
+       xorl    %edx,%eax
+       xorl    %ebx,%r14d
        addl    %r15d,%r12d
-       movl    %ebx,%r13d
-       movl    %ebx,%r14d
+       movl    %ecx,%r15d
 
-       rorl    $2,%eax
-       rorl    $13,%r13d
-       movl    %ebx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %ebx,%eax
+       andl    %edx,%r15d
 
-       xorl    %r13d,%eax
-       rorl    $9,%r13d
-       orl     %edx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%eax
 
-       xorl    %r13d,%eax
-       andl    %edx,%r15d
        addl    %r12d,%r8d
-
-       andl    %ecx,%r14d
        addl    %r12d,%eax
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%eax
+
        cmpq    $64,%rdi
        jb      .Lrounds_16_xx
 

diff --git a/deps/openssl/asm/x64-elf-gas/x86_64cpuid.s b/deps/openssl/asm/x64-elf-gas/x86_64cpuid.s
index 0a565a9..e0a8287 100644 (file)
--- a/deps/openssl/asm/x64-elf-gas/x86_64cpuid.s
+++ b/deps/openssl/asm/x64-elf-gas/x86_64cpuid.s
@@ -1,7 +1,11 @@
 
+.hidden        OPENSSL_cpuid_setup
 .section       .init
        call    OPENSSL_cpuid_setup
 
+.hidden        OPENSSL_ia32cap_P
+.comm  OPENSSL_ia32cap_P,8,4
+
 .text
 
 
@@ -67,7 +71,15 @@ OPENSSL_ia32_cpuid:
 
        movl    $2147483648,%eax
        cpuid
-       cmpl    $2147483656,%eax
+       cmpl    $2147483649,%eax
+       jb      .Lintel
+       movl    %eax,%r10d
+       movl    $2147483649,%eax
+       cpuid
+       orl     %ecx,%r9d
+       andl    $2049,%r9d
+
+       cmpl    $2147483656,%r10d
        jb      .Lintel
 
        movl    $2147483656,%eax
@@ -78,12 +90,12 @@ OPENSSL_ia32_cpuid:
        movl    $1,%eax
        cpuid
        btl     $28,%edx
-       jnc     .Ldone
+       jnc     .Lgeneric
        shrl    $16,%ebx
        cmpb    %r10b,%bl
-       ja      .Ldone
+       ja      .Lgeneric
        andl    $4026531839,%edx
-       jmp     .Ldone
+       jmp     .Lgeneric
 
 .Lintel:
        cmpl    $4,%r11d
@@ -100,30 +112,48 @@ OPENSSL_ia32_cpuid:
 .Lnocacheinfo:
        movl    $1,%eax
        cpuid
+       andl    $3220176895,%edx
        cmpl    $0,%r9d
        jne     .Lnotintel
-       orl     $1048576,%edx
+       orl     $1073741824,%edx
        andb    $15,%ah
        cmpb    $15,%ah
-       je      .Lnotintel
-       orl     $1073741824,%edx
+       jne     .Lnotintel
+       orl     $1048576,%edx
 .Lnotintel:
        btl     $28,%edx
-       jnc     .Ldone
+       jnc     .Lgeneric
        andl    $4026531839,%edx
        cmpl    $0,%r10d
-       je      .Ldone
+       je      .Lgeneric
 
        orl     $268435456,%edx
        shrl    $16,%ebx
        cmpb    $1,%bl
-       ja      .Ldone
+       ja      .Lgeneric
        andl    $4026531839,%edx
+.Lgeneric:
+       andl    $2048,%r9d
+       andl    $4294965247,%ecx
+       orl     %ecx,%r9d
+
+       movl    %edx,%r10d
+       btl     $27,%r9d
+       jnc     .Lclear_avx
+       xorl    %ecx,%ecx
+.byte  0x0f,0x01,0xd0
+
+       andl    $6,%eax
+       cmpl    $6,%eax
+       je      .Ldone
+.Lclear_avx:
+       movl    $4026525695,%eax
+       andl    %eax,%r9d
 .Ldone:
-       shlq    $32,%rcx
-       movl    %edx,%eax
+       shlq    $32,%r9
+       movl    %r10d,%eax
        movq    %r8,%rbx
-       orq     %rcx,%rax
+       orq     %r9,%rax
        .byte   0xf3,0xc3
 .size  OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid
 
@@ -192,3 +222,17 @@ OPENSSL_wipe_cpu:
        leaq    8(%rsp),%rax
        .byte   0xf3,0xc3
 .size  OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
+.globl OPENSSL_ia32_rdrand
+.type  OPENSSL_ia32_rdrand,@function
+.align 16
+OPENSSL_ia32_rdrand:
+       movl    $8,%ecx
+.Loop_rdrand:
+.byte  72,15,199,240
+       jc      .Lbreak_rdrand
+       loop    .Loop_rdrand
+.Lbreak_rdrand:
+       cmpq    $0,%rax
+       cmoveq  %rcx,%rax
+       .byte   0xf3,0xc3
+.size  OPENSSL_ia32_rdrand,.-OPENSSL_ia32_rdrand

diff --git a/deps/openssl/asm/x64-macosx-gas/aes/aes-x86_64.s b/deps/openssl/asm/x64-macosx-gas/aes/aes-x86_64.s
index d42e1ea..88120a1 100644 (file)
--- a/deps/openssl/asm/x64-macosx-gas/aes/aes-x86_64.s
+++ b/deps/openssl/asm/x64-macosx-gas/aes/aes-x86_64.s
@@ -333,6 +333,9 @@ L$enc_compact_done:
 .globl _AES_encrypt
 
 .p2align       4
+.globl _asm_AES_encrypt
+.private_extern        _asm_AES_encrypt
+_asm_AES_encrypt:
 _AES_encrypt:
        pushq   %rbx
        pushq   %rbp
@@ -780,6 +783,9 @@ L$dec_compact_done:
 .globl _AES_decrypt
 
 .p2align       4
+.globl _asm_AES_decrypt
+.private_extern        _asm_AES_decrypt
+_asm_AES_decrypt:
 _AES_decrypt:
        pushq   %rbx
        pushq   %rbp
@@ -843,10 +849,10 @@ L$dec_prologue:
 L$dec_epilogue:
        .byte   0xf3,0xc3
 
-.globl _AES_set_encrypt_key
+.globl _private_AES_set_encrypt_key
 
 .p2align       4
-_AES_set_encrypt_key:
+_private_AES_set_encrypt_key:
        pushq   %rbx
        pushq   %rbp
        pushq   %r12
@@ -1109,10 +1115,10 @@ L$exit:
 .byte  0xf3,0xc3
 
 
-.globl _AES_set_decrypt_key
+.globl _private_AES_set_decrypt_key
 
 .p2align       4
-_AES_set_decrypt_key:
+_private_AES_set_decrypt_key:
        pushq   %rbx
        pushq   %rbp
        pushq   %r12
@@ -1300,6 +1306,9 @@ L$dec_key_epilogue:
 
 .p2align       4
 
+.globl _asm_AES_cbc_encrypt
+.private_extern        _asm_AES_cbc_encrypt
+_asm_AES_cbc_encrypt:
 _AES_cbc_encrypt:
        cmpq    $0,%rdx
        je      L$cbc_epilogue

diff --git a/deps/openssl/asm/x64-macosx-gas/bn/x86_64-mont.s b/deps/openssl/asm/x64-macosx-gas/bn/x86_64-mont.s
index 23292a0..ece106c 100644 (file)
--- a/deps/openssl/asm/x64-macosx-gas/bn/x86_64-mont.s
+++ b/deps/openssl/asm/x64-macosx-gas/bn/x86_64-mont.s
@@ -5,6 +5,16 @@
 
 .p2align       4
 _bn_mul_mont:
+       testl   $3,%r9d
+       jnz     L$mul_enter
+       cmpl    $8,%r9d
+       jb      L$mul_enter
+       cmpq    %rsi,%rdx
+       jne     L$mul4x_enter
+       jmp     L$sqr4x_enter
+
+.p2align       4
+L$mul_enter:
        pushq   %rbx
        pushq   %rbp
        pushq   %r12
@@ -20,48 +30,63 @@ _bn_mul_mont:
        andq    $-1024,%rsp
 
        movq    %r11,8(%rsp,%r9,8)
-L$prologue:
+L$mul_body:
        movq    %rdx,%r12
-
        movq    (%r8),%r8
+       movq    (%r12),%rbx
+       movq    (%rsi),%rax
 
        xorq    %r14,%r14
        xorq    %r15,%r15
 
-       movq    (%r12),%rbx
-       movq    (%rsi),%rax
+       movq    %r8,%rbp
        mulq    %rbx
        movq    %rax,%r10
-       movq    %rdx,%r11
+       movq    (%rcx),%rax
 
-       imulq   %r8,%rax
-       movq    %rax,%rbp
+       imulq   %r10,%rbp
+       movq    %rdx,%r11
 
-       mulq    (%rcx)
-       addq    %r10,%rax
+       mulq    %rbp
+       addq    %rax,%r10
+       movq    8(%rsi),%rax
        adcq    $0,%rdx
        movq    %rdx,%r13
 
        leaq    1(%r15),%r15
+       jmp     L$1st_enter
+
+.p2align       4
 L$1st:
+       addq    %rax,%r13
        movq    (%rsi,%r15,8),%rax
-       mulq    %rbx
-       addq    %r11,%rax
        adcq    $0,%rdx
-       movq    %rax,%r10
+       addq    %r11,%r13
+       movq    %r10,%r11
+       adcq    $0,%rdx
+       movq    %r13,-16(%rsp,%r15,8)
+       movq    %rdx,%r13
+
+L$1st_enter:
+       mulq    %rbx
+       addq    %rax,%r11
        movq    (%rcx,%r15,8),%rax
-       movq    %rdx,%r11
+       adcq    $0,%rdx
+       leaq    1(%r15),%r15
+       movq    %rdx,%r10
 
        mulq    %rbp
-       addq    %r13,%rax
-       leaq    1(%r15),%r15
+       cmpq    %r9,%r15
+       jne     L$1st
+
+       addq    %rax,%r13
+       movq    (%rsi),%rax
        adcq    $0,%rdx
-       addq    %r10,%rax
+       addq    %r11,%r13
        adcq    $0,%rdx
-       movq    %rax,-16(%rsp,%r15,8)
-       cmpq    %r9,%r15
+       movq    %r13,-16(%rsp,%r15,8)
        movq    %rdx,%r13
-       jl      L$1st
+       movq    %r10,%r11
 
        xorq    %rdx,%rdx
        addq    %r11,%r13
@@ -70,50 +95,64 @@ L$1st:
        movq    %rdx,(%rsp,%r9,8)
 
        leaq    1(%r14),%r14
-.p2align       2
+       jmp     L$outer
+.p2align       4
 L$outer:
-       xorq    %r15,%r15
-
        movq    (%r12,%r14,8),%rbx
-       movq    (%rsi),%rax
+       xorq    %r15,%r15
+       movq    %r8,%rbp
+       movq    (%rsp),%r10
        mulq    %rbx
-       addq    (%rsp),%rax
+       addq    %rax,%r10
+       movq    (%rcx),%rax
        adcq    $0,%rdx
-       movq    %rax,%r10
-       movq    %rdx,%r11
 
-       imulq   %r8,%rax
-       movq    %rax,%rbp
+       imulq   %r10,%rbp
+       movq    %rdx,%r11
 
-       mulq    (%rcx,%r15,8)
-       addq    %r10,%rax
-       movq    8(%rsp),%r10
+       mulq    %rbp
+       addq    %rax,%r10
+       movq    8(%rsi),%rax
        adcq    $0,%rdx
+       movq    8(%rsp),%r10
        movq    %rdx,%r13
 
        leaq    1(%r15),%r15
-.p2align       2
+       jmp     L$inner_enter
+
+.p2align       4
 L$inner:
+       addq    %rax,%r13
        movq    (%rsi,%r15,8),%rax
-       mulq    %rbx
-       addq    %r11,%rax
        adcq    $0,%rdx
-       addq    %rax,%r10
+       addq    %r10,%r13
+       movq    (%rsp,%r15,8),%r10
+       adcq    $0,%rdx
+       movq    %r13,-16(%rsp,%r15,8)
+       movq    %rdx,%r13
+
+L$inner_enter:
+       mulq    %rbx
+       addq    %rax,%r11
        movq    (%rcx,%r15,8),%rax
        adcq    $0,%rdx
+       addq    %r11,%r10
        movq    %rdx,%r11
+       adcq    $0,%r11
+       leaq    1(%r15),%r15
 
        mulq    %rbp
-       addq    %r13,%rax
-       leaq    1(%r15),%r15
-       adcq    $0,%rdx
-       addq    %r10,%rax
+       cmpq    %r9,%r15
+       jne     L$inner
+
+       addq    %rax,%r13
+       movq    (%rsi),%rax
        adcq    $0,%rdx
+       addq    %r10,%r13
        movq    (%rsp,%r15,8),%r10
-       cmpq    %r9,%r15
-       movq    %rax,-16(%rsp,%r15,8)
+       adcq    $0,%rdx
+       movq    %r13,-16(%rsp,%r15,8)
        movq    %rdx,%r13
-       jl      L$inner
 
        xorq    %rdx,%rdx
        addq    %r11,%r13
@@ -127,35 +166,434 @@ L$inner:
        cmpq    %r9,%r14
        jl      L$outer
 
-       leaq    (%rsp),%rsi
-       leaq    -1(%r9),%r15
-
-       movq    (%rsi),%rax
        xorq    %r14,%r14
+       movq    (%rsp),%rax
+       leaq    (%rsp),%rsi
+       movq    %r9,%r15
        jmp     L$sub
 .p2align       4
 L$sub: sbbq    (%rcx,%r14,8),%rax
        movq    %rax,(%rdi,%r14,8)
-       decq    %r15
        movq    8(%rsi,%r14,8),%rax
        leaq    1(%r14),%r14
-       jge     L$sub
+       decq    %r15
+       jnz     L$sub
 
        sbbq    $0,%rax
+       xorq    %r14,%r14
        andq    %rax,%rsi
        notq    %rax
        movq    %rdi,%rcx
        andq    %rax,%rcx
-       leaq    -1(%r9),%r15
+       movq    %r9,%r15
        orq     %rcx,%rsi
 .p2align       4
 L$copy:
+       movq    (%rsi,%r14,8),%rax
+       movq    %r14,(%rsp,%r14,8)
+       movq    %rax,(%rdi,%r14,8)
+       leaq    1(%r14),%r14
+       subq    $1,%r15
+       jnz     L$copy
+
+       movq    8(%rsp,%r9,8),%rsi
+       movq    $1,%rax
+       movq    (%rsi),%r15
+       movq    8(%rsi),%r14
+       movq    16(%rsi),%r13
+       movq    24(%rsi),%r12
+       movq    32(%rsi),%rbp
+       movq    40(%rsi),%rbx
+       leaq    48(%rsi),%rsp
+L$mul_epilogue:
+       .byte   0xf3,0xc3
+
+
+.p2align       4
+bn_mul4x_mont:
+L$mul4x_enter:
+       pushq   %rbx
+       pushq   %rbp
+       pushq   %r12
+       pushq   %r13
+       pushq   %r14
+       pushq   %r15
+
+       movl    %r9d,%r9d
+       leaq    4(%r9),%r10
+       movq    %rsp,%r11
+       negq    %r10
+       leaq    (%rsp,%r10,8),%rsp
+       andq    $-1024,%rsp
+
+       movq    %r11,8(%rsp,%r9,8)
+L$mul4x_body:
+       movq    %rdi,16(%rsp,%r9,8)
+       movq    %rdx,%r12
+       movq    (%r8),%r8
+       movq    (%r12),%rbx
+       movq    (%rsi),%rax
+
+       xorq    %r14,%r14
+       xorq    %r15,%r15
+
+       movq    %r8,%rbp
+       mulq    %rbx
+       movq    %rax,%r10
+       movq    (%rcx),%rax
+
+       imulq   %r10,%rbp
+       movq    %rdx,%r11
+
+       mulq    %rbp
+       addq    %rax,%r10
+       movq    8(%rsi),%rax
+       adcq    $0,%rdx
+       movq    %rdx,%rdi
+
+       mulq    %rbx
+       addq    %rax,%r11
+       movq    8(%rcx),%rax
+       adcq    $0,%rdx
+       movq    %rdx,%r10
+
+       mulq    %rbp
+       addq    %rax,%rdi
+       movq    16(%rsi),%rax
+       adcq    $0,%rdx
+       addq    %r11,%rdi
+       leaq    4(%r15),%r15
+       adcq    $0,%rdx
+       movq    %rdi,(%rsp)
+       movq    %rdx,%r13
+       jmp     L$1st4x
+.p2align       4
+L$1st4x:
+       mulq    %rbx
+       addq    %rax,%r10
+       movq    -16(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       movq    %rdx,%r11
+
+       mulq    %rbp
+       addq    %rax,%r13
+       movq    -8(%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r10,%r13
+       adcq    $0,%rdx
+       movq    %r13,-24(%rsp,%r15,8)
+       movq    %rdx,%rdi
+
+       mulq    %rbx
+       addq    %rax,%r11
+       movq    -8(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       movq    %rdx,%r10
+
+       mulq    %rbp
+       addq    %rax,%rdi
+       movq    (%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r11,%rdi
+       adcq    $0,%rdx
+       movq    %rdi,-16(%rsp,%r15,8)
+       movq    %rdx,%r13
+
+       mulq    %rbx
+       addq    %rax,%r10
+       movq    (%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       movq    %rdx,%r11
+
+       mulq    %rbp
+       addq    %rax,%r13
+       movq    8(%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r10,%r13
+       adcq    $0,%rdx
+       movq    %r13,-8(%rsp,%r15,8)
+       movq    %rdx,%rdi
+
+       mulq    %rbx
+       addq    %rax,%r11
+       movq    8(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       leaq    4(%r15),%r15
+       movq    %rdx,%r10
+
+       mulq    %rbp
+       addq    %rax,%rdi
+       movq    -16(%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r11,%rdi
+       adcq    $0,%rdx
+       movq    %rdi,-32(%rsp,%r15,8)
+       movq    %rdx,%r13
+       cmpq    %r9,%r15
+       jl      L$1st4x
+
+       mulq    %rbx
+       addq    %rax,%r10
+       movq    -16(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       movq    %rdx,%r11
+
+       mulq    %rbp
+       addq    %rax,%r13
+       movq    -8(%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r10,%r13
+       adcq    $0,%rdx
+       movq    %r13,-24(%rsp,%r15,8)
+       movq    %rdx,%rdi
+
+       mulq    %rbx
+       addq    %rax,%r11
+       movq    -8(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       movq    %rdx,%r10
+
+       mulq    %rbp
+       addq    %rax,%rdi
+       movq    (%rsi),%rax
+       adcq    $0,%rdx
+       addq    %r11,%rdi
+       adcq    $0,%rdx
+       movq    %rdi,-16(%rsp,%r15,8)
+       movq    %rdx,%r13
+
+       xorq    %rdi,%rdi
+       addq    %r10,%r13
+       adcq    $0,%rdi
+       movq    %r13,-8(%rsp,%r15,8)
+       movq    %rdi,(%rsp,%r15,8)
+
+       leaq    1(%r14),%r14
+.p2align       2
+L$outer4x:
+       movq    (%r12,%r14,8),%rbx
+       xorq    %r15,%r15
+       movq    (%rsp),%r10
+       movq    %r8,%rbp
+       mulq    %rbx
+       addq    %rax,%r10
+       movq    (%rcx),%rax
+       adcq    $0,%rdx
+
+       imulq   %r10,%rbp
+       movq    %rdx,%r11
+
+       mulq    %rbp
+       addq    %rax,%r10
+       movq    8(%rsi),%rax
+       adcq    $0,%rdx
+       movq    %rdx,%rdi
+
+       mulq    %rbx
+       addq    %rax,%r11
+       movq    8(%rcx),%rax
+       adcq    $0,%rdx
+       addq    8(%rsp),%r11
+       adcq    $0,%rdx
+       movq    %rdx,%r10
+
+       mulq    %rbp
+       addq    %rax,%rdi
+       movq    16(%rsi),%rax
+       adcq    $0,%rdx
+       addq    %r11,%rdi
+       leaq    4(%r15),%r15
+       adcq    $0,%rdx
+       movq    %rdi,(%rsp)
+       movq    %rdx,%r13
+       jmp     L$inner4x
+.p2align       4
+L$inner4x:
+       mulq    %rbx
+       addq    %rax,%r10
+       movq    -16(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    -16(%rsp,%r15,8),%r10
+       adcq    $0,%rdx
+       movq    %rdx,%r11
+
+       mulq    %rbp
+       addq    %rax,%r13
+       movq    -8(%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r10,%r13
+       adcq    $0,%rdx
+       movq    %r13,-24(%rsp,%r15,8)
+       movq    %rdx,%rdi
+
+       mulq    %rbx
+       addq    %rax,%r11
+       movq    -8(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    -8(%rsp,%r15,8),%r11
+       adcq    $0,%rdx
+       movq    %rdx,%r10
+
+       mulq    %rbp
+       addq    %rax,%rdi
        movq    (%rsi,%r15,8),%rax
-       movq    %rax,(%rdi,%r15,8)
-       movq    %r14,(%rsp,%r15,8)
+       adcq    $0,%rdx
+       addq    %r11,%rdi
+       adcq    $0,%rdx
+       movq    %rdi,-16(%rsp,%r15,8)
+       movq    %rdx,%r13
+
+       mulq    %rbx
+       addq    %rax,%r10
+       movq    (%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    (%rsp,%r15,8),%r10
+       adcq    $0,%rdx
+       movq    %rdx,%r11
+
+       mulq    %rbp
+       addq    %rax,%r13
+       movq    8(%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r10,%r13
+       adcq    $0,%rdx
+       movq    %r13,-8(%rsp,%r15,8)
+       movq    %rdx,%rdi
+
+       mulq    %rbx
+       addq    %rax,%r11
+       movq    8(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    8(%rsp,%r15,8),%r11
+       adcq    $0,%rdx
+       leaq    4(%r15),%r15
+       movq    %rdx,%r10
+
+       mulq    %rbp
+       addq    %rax,%rdi
+       movq    -16(%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r11,%rdi
+       adcq    $0,%rdx
+       movq    %rdi,-32(%rsp,%r15,8)
+       movq    %rdx,%r13
+       cmpq    %r9,%r15
+       jl      L$inner4x
+
+       mulq    %rbx
+       addq    %rax,%r10
+       movq    -16(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    -16(%rsp,%r15,8),%r10
+       adcq    $0,%rdx
+       movq    %rdx,%r11
+
+       mulq    %rbp
+       addq    %rax,%r13
+       movq    -8(%rsi,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    %r10,%r13
+       adcq    $0,%rdx
+       movq    %r13,-24(%rsp,%r15,8)
+       movq    %rdx,%rdi
+
+       mulq    %rbx
+       addq    %rax,%r11
+       movq    -8(%rcx,%r15,8),%rax
+       adcq    $0,%rdx
+       addq    -8(%rsp,%r15,8),%r11
+       adcq    $0,%rdx
+       leaq    1(%r14),%r14
+       movq    %rdx,%r10
+
+       mulq    %rbp
+       addq    %rax,%rdi
+       movq    (%rsi),%rax
+       adcq    $0,%rdx
+       addq    %r11,%rdi
+       adcq    $0,%rdx
+       movq    %rdi,-16(%rsp,%r15,8)
+       movq    %rdx,%r13
+
+       xorq    %rdi,%rdi
+       addq    %r10,%r13
+       adcq    $0,%rdi
+       addq    (%rsp,%r9,8),%r13
+       adcq    $0,%rdi
+       movq    %r13,-8(%rsp,%r15,8)
+       movq    %rdi,(%rsp,%r15,8)
+
+       cmpq    %r9,%r14
+       jl      L$outer4x
+       movq    16(%rsp,%r9,8),%rdi
+       movq    0(%rsp),%rax
+       pxor    %xmm0,%xmm0
+       movq    8(%rsp),%rdx
+       shrq    $2,%r9
+       leaq    (%rsp),%rsi
+       xorq    %r14,%r14
+
+       subq    0(%rcx),%rax
+       movq    16(%rsi),%rbx
+       movq    24(%rsi),%rbp
+       sbbq    8(%rcx),%rdx
+       leaq    -1(%r9),%r15
+       jmp     L$sub4x
+.p2align       4
+L$sub4x:
+       movq    %rax,0(%rdi,%r14,8)
+       movq    %rdx,8(%rdi,%r14,8)
+       sbbq    16(%rcx,%r14,8),%rbx
+       movq    32(%rsi,%r14,8),%rax
+       movq    40(%rsi,%r14,8),%rdx
+       sbbq    24(%rcx,%r14,8),%rbp
+       movq    %rbx,16(%rdi,%r14,8)
+       movq    %rbp,24(%rdi,%r14,8)
+       sbbq    32(%rcx,%r14,8),%rax
+       movq    48(%rsi,%r14,8),%rbx
+       movq    56(%rsi,%r14,8),%rbp
+       sbbq    40(%rcx,%r14,8),%rdx
+       leaq    4(%r14),%r14
        decq    %r15
-       jge     L$copy
+       jnz     L$sub4x
 
+       movq    %rax,0(%rdi,%r14,8)
+       movq    32(%rsi,%r14,8),%rax
+       sbbq    16(%rcx,%r14,8),%rbx
+       movq    %rdx,8(%rdi,%r14,8)
+       sbbq    24(%rcx,%r14,8),%rbp
+       movq    %rbx,16(%rdi,%r14,8)
+
+       sbbq    $0,%rax
+       movq    %rbp,24(%rdi,%r14,8)
+       xorq    %r14,%r14
+       andq    %rax,%rsi
+       notq    %rax
+       movq    %rdi,%rcx
+       andq    %rax,%rcx
+       leaq    -1(%r9),%r15
+       orq     %rcx,%rsi
+
+       movdqu  (%rsi),%xmm1
+       movdqa  %xmm0,(%rsp)
+       movdqu  %xmm1,(%rdi)
+       jmp     L$copy4x
+.p2align       4
+L$copy4x:
+       movdqu  16(%rsi,%r14,1),%xmm2
+       movdqu  32(%rsi,%r14,1),%xmm1
+       movdqa  %xmm0,16(%rsp,%r14,1)
+       movdqu  %xmm2,16(%rdi,%r14,1)
+       movdqa  %xmm0,32(%rsp,%r14,1)
+       movdqu  %xmm1,32(%rdi,%r14,1)
+       leaq    32(%r14),%r14
+       decq    %r15
+       jnz     L$copy4x
+
+       shlq    $2,%r9
+       movdqu  16(%rsi,%r14,1),%xmm2
+       movdqa  %xmm0,16(%rsp,%r14,1)
+       movdqu  %xmm2,16(%rdi,%r14,1)
        movq    8(%rsp,%r9,8),%rsi
        movq    $1,%rax
        movq    (%rsi),%r15
@@ -165,7 +603,772 @@ L$copy:
        movq    32(%rsi),%rbp
        movq    40(%rsi),%rbx
        leaq    48(%rsi),%rsp
-L$epilogue:
+L$mul4x_epilogue:
+       .byte   0xf3,0xc3
+
+
+.p2align       4
+bn_sqr4x_mont:
+L$sqr4x_enter:
+       pushq   %rbx
+       pushq   %rbp
+       pushq   %r12
+       pushq   %r13
+       pushq   %r14
+       pushq   %r15
+
+       shll    $3,%r9d
+       xorq    %r10,%r10
+       movq    %rsp,%r11
+       subq    %r9,%r10
+       movq    (%r8),%r8
+       leaq    -72(%rsp,%r10,2),%rsp
+       andq    $-1024,%rsp
+
+
+
+
+
+
+
+
+
+
+
+       movq    %rdi,32(%rsp)
+       movq    %rcx,40(%rsp)
+       movq    %r8,48(%rsp)
+       movq    %r11,56(%rsp)
+L$sqr4x_body:
+
+
+
+
+
+
+
+       leaq    32(%r10),%rbp
+       leaq    (%rsi,%r9,1),%rsi
+
+       movq    %r9,%rcx
+
+
+       movq    -32(%rsi,%rbp,1),%r14
+       leaq    64(%rsp,%r9,2),%rdi
+       movq    -24(%rsi,%rbp,1),%rax
+       leaq    -32(%rdi,%rbp,1),%rdi
+       movq    -16(%rsi,%rbp,1),%rbx
+       movq    %rax,%r15
+
+       mulq    %r14
+       movq    %rax,%r10
+       movq    %rbx,%rax
+       movq    %rdx,%r11
+       movq    %r10,-24(%rdi,%rbp,1)
+
+       xorq    %r10,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+       movq    %r11,-16(%rdi,%rbp,1)
+
+       leaq    -16(%rbp),%rcx
+
+
+       movq    8(%rsi,%rcx,1),%rbx
+       mulq    %r15
+       movq    %rax,%r12
+       movq    %rbx,%rax
+       movq    %rdx,%r13
+
+       xorq    %r11,%r11
+       addq    %r12,%r10
+       leaq    16(%rcx),%rcx
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %rbx,%rax
+       adcq    %rdx,%r11
+       movq    %r10,-8(%rdi,%rcx,1)
+       jmp     L$sqr4x_1st
+
+.p2align       4
+L$sqr4x_1st:
+       movq    (%rsi,%rcx,1),%rbx
+       xorq    %r12,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       movq    %rbx,%rax
+       adcq    %rdx,%r12
+
+       xorq    %r10,%r10
+       addq    %r13,%r11
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+       movq    %r11,(%rdi,%rcx,1)
+
+
+       movq    8(%rsi,%rcx,1),%rbx
+       xorq    %r13,%r13
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %rbx,%rax
+       adcq    %rdx,%r13
+
+       xorq    %r11,%r11
+       addq    %r12,%r10
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %rbx,%rax
+       adcq    %rdx,%r11
+       movq    %r10,8(%rdi,%rcx,1)
+
+       movq    16(%rsi,%rcx,1),%rbx
+       xorq    %r12,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       movq    %rbx,%rax
+       adcq    %rdx,%r12
+
+       xorq    %r10,%r10
+       addq    %r13,%r11
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+       movq    %r11,16(%rdi,%rcx,1)
+
+
+       movq    24(%rsi,%rcx,1),%rbx
+       xorq    %r13,%r13
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %rbx,%rax
+       adcq    %rdx,%r13
+
+       xorq    %r11,%r11
+       addq    %r12,%r10
+       leaq    32(%rcx),%rcx
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %rbx,%rax
+       adcq    %rdx,%r11
+       movq    %r10,-8(%rdi,%rcx,1)
+
+       cmpq    $0,%rcx
+       jne     L$sqr4x_1st
+
+       xorq    %r12,%r12
+       addq    %r11,%r13
+       adcq    $0,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       adcq    %rdx,%r12
+
+       movq    %r13,(%rdi)
+       leaq    16(%rbp),%rbp
+       movq    %r12,8(%rdi)
+       jmp     L$sqr4x_outer
+
+.p2align       4
+L$sqr4x_outer:
+       movq    -32(%rsi,%rbp,1),%r14
+       leaq    64(%rsp,%r9,2),%rdi
+       movq    -24(%rsi,%rbp,1),%rax
+       leaq    -32(%rdi,%rbp,1),%rdi
+       movq    -16(%rsi,%rbp,1),%rbx
+       movq    %rax,%r15
+
+       movq    -24(%rdi,%rbp,1),%r10
+       xorq    %r11,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %rbx,%rax
+       adcq    %rdx,%r11
+       movq    %r10,-24(%rdi,%rbp,1)
+
+       xorq    %r10,%r10
+       addq    -16(%rdi,%rbp,1),%r11
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+       movq    %r11,-16(%rdi,%rbp,1)
+
+       leaq    -16(%rbp),%rcx
+       xorq    %r12,%r12
+
+
+       movq    8(%rsi,%rcx,1),%rbx
+       xorq    %r13,%r13
+       addq    8(%rdi,%rcx,1),%r12
+       adcq    $0,%r13
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %rbx,%rax
+       adcq    %rdx,%r13
+
+       xorq    %r11,%r11
+       addq    %r12,%r10
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %rbx,%rax
+       adcq    %rdx,%r11
+       movq    %r10,8(%rdi,%rcx,1)
+
+       leaq    16(%rcx),%rcx
+       jmp     L$sqr4x_inner
+
+.p2align       4
+L$sqr4x_inner:
+       movq    (%rsi,%rcx,1),%rbx
+       xorq    %r12,%r12
+       addq    (%rdi,%rcx,1),%r13
+       adcq    $0,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       movq    %rbx,%rax
+       adcq    %rdx,%r12
+
+       xorq    %r10,%r10
+       addq    %r13,%r11
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+       movq    %r11,(%rdi,%rcx,1)
+
+       movq    8(%rsi,%rcx,1),%rbx
+       xorq    %r13,%r13
+       addq    8(%rdi,%rcx,1),%r12
+       adcq    $0,%r13
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %rbx,%rax
+       adcq    %rdx,%r13
+
+       xorq    %r11,%r11
+       addq    %r12,%r10
+       leaq    16(%rcx),%rcx
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %rbx,%rax
+       adcq    %rdx,%r11
+       movq    %r10,-8(%rdi,%rcx,1)
+
+       cmpq    $0,%rcx
+       jne     L$sqr4x_inner
+
+       xorq    %r12,%r12
+       addq    %r11,%r13
+       adcq    $0,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       adcq    %rdx,%r12
+
+       movq    %r13,(%rdi)
+       movq    %r12,8(%rdi)
+
+       addq    $16,%rbp
+       jnz     L$sqr4x_outer
+
+
+       movq    -32(%rsi),%r14
+       leaq    64(%rsp,%r9,2),%rdi
+       movq    -24(%rsi),%rax
+       leaq    -32(%rdi,%rbp,1),%rdi
+       movq    -16(%rsi),%rbx
+       movq    %rax,%r15
+
+       xorq    %r11,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %rbx,%rax
+       adcq    %rdx,%r11
+       movq    %r10,-24(%rdi)
+
+       xorq    %r10,%r10
+       addq    %r13,%r11
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+       movq    %r11,-16(%rdi)
+
+       movq    -8(%rsi),%rbx
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %rbx,%rax
+       adcq    $0,%rdx
+
+       xorq    %r11,%r11
+       addq    %r12,%r10
+       movq    %rdx,%r13
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %rbx,%rax
+       adcq    %rdx,%r11
+       movq    %r10,-8(%rdi)
+
+       xorq    %r12,%r12
+       addq    %r11,%r13
+       adcq    $0,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       movq    -16(%rsi),%rax
+       adcq    %rdx,%r12
+
+       movq    %r13,(%rdi)
+       movq    %r12,8(%rdi)
+
+       mulq    %rbx
+       addq    $16,%rbp
+       xorq    %r14,%r14
+       subq    %r9,%rbp
+       xorq    %r15,%r15
+
+       addq    %r12,%rax
+       adcq    $0,%rdx
+       movq    %rax,8(%rdi)
+       movq    %rdx,16(%rdi)
+       movq    %r15,24(%rdi)
+
+       movq    -16(%rsi,%rbp,1),%rax
+       leaq    64(%rsp,%r9,2),%rdi
+       xorq    %r10,%r10
+       movq    -24(%rdi,%rbp,2),%r11
+
+       leaq    (%r14,%r10,2),%r12
+       shrq    $63,%r10
+       leaq    (%rcx,%r11,2),%r13
+       shrq    $63,%r11
+       orq     %r10,%r13
+       movq    -16(%rdi,%rbp,2),%r10
+       movq    %r11,%r14
+       mulq    %rax
+       negq    %r15
+       movq    -8(%rdi,%rbp,2),%r11
+       adcq    %rax,%r12
+       movq    -8(%rsi,%rbp,1),%rax
+       movq    %r12,-32(%rdi,%rbp,2)
+       adcq    %rdx,%r13
+
+       leaq    (%r14,%r10,2),%rbx
+       movq    %r13,-24(%rdi,%rbp,2)
+       sbbq    %r15,%r15
+       shrq    $63,%r10
+       leaq    (%rcx,%r11,2),%r8
+       shrq    $63,%r11
+       orq     %r10,%r8
+       movq    0(%rdi,%rbp,2),%r10
+       movq    %r11,%r14
+       mulq    %rax
+       negq    %r15
+       movq    8(%rdi,%rbp,2),%r11
+       adcq    %rax,%rbx
+       movq    0(%rsi,%rbp,1),%rax
+       movq    %rbx,-16(%rdi,%rbp,2)
+       adcq    %rdx,%r8
+       leaq    16(%rbp),%rbp
+       movq    %r8,-40(%rdi,%rbp,2)
+       sbbq    %r15,%r15
+       jmp     L$sqr4x_shift_n_add
+
+.p2align       4
+L$sqr4x_shift_n_add:
+       leaq    (%r14,%r10,2),%r12
+       shrq    $63,%r10
+       leaq    (%rcx,%r11,2),%r13
+       shrq    $63,%r11
+       orq     %r10,%r13
+       movq    -16(%rdi,%rbp,2),%r10
+       movq    %r11,%r14
+       mulq    %rax
+       negq    %r15
+       movq    -8(%rdi,%rbp,2),%r11
+       adcq    %rax,%r12
+       movq    -8(%rsi,%rbp,1),%rax
+       movq    %r12,-32(%rdi,%rbp,2)
+       adcq    %rdx,%r13
+
+       leaq    (%r14,%r10,2),%rbx
+       movq    %r13,-24(%rdi,%rbp,2)
+       sbbq    %r15,%r15
+       shrq    $63,%r10
+       leaq    (%rcx,%r11,2),%r8
+       shrq    $63,%r11
+       orq     %r10,%r8
+       movq    0(%rdi,%rbp,2),%r10
+       movq    %r11,%r14
+       mulq    %rax
+       negq    %r15
+       movq    8(%rdi,%rbp,2),%r11
+       adcq    %rax,%rbx
+       movq    0(%rsi,%rbp,1),%rax
+       movq    %rbx,-16(%rdi,%rbp,2)
+       adcq    %rdx,%r8
+
+       leaq    (%r14,%r10,2),%r12
+       movq    %r8,-8(%rdi,%rbp,2)
+       sbbq    %r15,%r15
+       shrq    $63,%r10
+       leaq    (%rcx,%r11,2),%r13
+       shrq    $63,%r11
+       orq     %r10,%r13
+       movq    16(%rdi,%rbp,2),%r10
+       movq    %r11,%r14
+       mulq    %rax
+       negq    %r15
+       movq    24(%rdi,%rbp,2),%r11
+       adcq    %rax,%r12
+       movq    8(%rsi,%rbp,1),%rax
+       movq    %r12,0(%rdi,%rbp,2)
+       adcq    %rdx,%r13
+
+       leaq    (%r14,%r10,2),%rbx
+       movq    %r13,8(%rdi,%rbp,2)
+       sbbq    %r15,%r15
+       shrq    $63,%r10
+       leaq    (%rcx,%r11,2),%r8
+       shrq    $63,%r11
+       orq     %r10,%r8
+       movq    32(%rdi,%rbp,2),%r10
+       movq    %r11,%r14
+       mulq    %rax
+       negq    %r15
+       movq    40(%rdi,%rbp,2),%r11
+       adcq    %rax,%rbx
+       movq    16(%rsi,%rbp,1),%rax
+       movq    %rbx,16(%rdi,%rbp,2)
+       adcq    %rdx,%r8
+       movq    %r8,24(%rdi,%rbp,2)
+       sbbq    %r15,%r15
+       addq    $32,%rbp
+       jnz     L$sqr4x_shift_n_add
+
+       leaq    (%r14,%r10,2),%r12
+       shrq    $63,%r10
+       leaq    (%rcx,%r11,2),%r13
+       shrq    $63,%r11
+       orq     %r10,%r13
+       movq    -16(%rdi),%r10
+       movq    %r11,%r14
+       mulq    %rax
+       negq    %r15
+       movq    -8(%rdi),%r11
+       adcq    %rax,%r12
+       movq    -8(%rsi),%rax
+       movq    %r12,-32(%rdi)
+       adcq    %rdx,%r13
+
+       leaq    (%r14,%r10,2),%rbx
+       movq    %r13,-24(%rdi)
+       sbbq    %r15,%r15
+       shrq    $63,%r10
+       leaq    (%rcx,%r11,2),%r8
+       shrq    $63,%r11
+       orq     %r10,%r8
+       mulq    %rax
+       negq    %r15
+       adcq    %rax,%rbx
+       adcq    %rdx,%r8
+       movq    %rbx,-16(%rdi)
+       movq    %r8,-8(%rdi)
+       movq    40(%rsp),%rsi
+       movq    48(%rsp),%r8
+       xorq    %rcx,%rcx
+       movq    %r9,0(%rsp)
+       subq    %r9,%rcx
+       movq    64(%rsp),%r10
+       movq    %r8,%r14
+       leaq    64(%rsp,%r9,2),%rax
+       leaq    64(%rsp,%r9,1),%rdi
+       movq    %rax,8(%rsp)
+       leaq    (%rsi,%r9,1),%rsi
+       xorq    %rbp,%rbp
+
+       movq    0(%rsi,%rcx,1),%rax
+       movq    8(%rsi,%rcx,1),%r9
+       imulq   %r10,%r14
+       movq    %rax,%rbx
+       jmp     L$sqr4x_mont_outer
+
+.p2align       4
+L$sqr4x_mont_outer:
+       xorq    %r11,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %r9,%rax
+       adcq    %rdx,%r11
+       movq    %r8,%r15
+
+       xorq    %r10,%r10
+       addq    8(%rdi,%rcx,1),%r11
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+
+       imulq   %r11,%r15
+
+       movq    16(%rsi,%rcx,1),%rbx
+       xorq    %r13,%r13
+       addq    %r11,%r12
+       adcq    $0,%r13
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %rbx,%rax
+       adcq    %rdx,%r13
+       movq    %r12,8(%rdi,%rcx,1)
+
+       xorq    %r11,%r11
+       addq    16(%rdi,%rcx,1),%r10
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %r9,%rax
+       adcq    %rdx,%r11
+
+       movq    24(%rsi,%rcx,1),%r9
+       xorq    %r12,%r12
+       addq    %r10,%r13
+       adcq    $0,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       movq    %r9,%rax
+       adcq    %rdx,%r12
+       movq    %r13,16(%rdi,%rcx,1)
+
+       xorq    %r10,%r10
+       addq    24(%rdi,%rcx,1),%r11
+       leaq    32(%rcx),%rcx
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+       jmp     L$sqr4x_mont_inner
+
+.p2align       4
+L$sqr4x_mont_inner:
+       movq    (%rsi,%rcx,1),%rbx
+       xorq    %r13,%r13
+       addq    %r11,%r12
+       adcq    $0,%r13
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %rbx,%rax
+       adcq    %rdx,%r13
+       movq    %r12,-8(%rdi,%rcx,1)
+
+       xorq    %r11,%r11
+       addq    (%rdi,%rcx,1),%r10
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %r9,%rax
+       adcq    %rdx,%r11
+
+       movq    8(%rsi,%rcx,1),%r9
+       xorq    %r12,%r12
+       addq    %r10,%r13
+       adcq    $0,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       movq    %r9,%rax
+       adcq    %rdx,%r12
+       movq    %r13,(%rdi,%rcx,1)
+
+       xorq    %r10,%r10
+       addq    8(%rdi,%rcx,1),%r11
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+
+
+       movq    16(%rsi,%rcx,1),%rbx
+       xorq    %r13,%r13
+       addq    %r11,%r12
+       adcq    $0,%r13
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %rbx,%rax
+       adcq    %rdx,%r13
+       movq    %r12,8(%rdi,%rcx,1)
+
+       xorq    %r11,%r11
+       addq    16(%rdi,%rcx,1),%r10
+       adcq    $0,%r11
+       mulq    %r14
+       addq    %rax,%r10
+       movq    %r9,%rax
+       adcq    %rdx,%r11
+
+       movq    24(%rsi,%rcx,1),%r9
+       xorq    %r12,%r12
+       addq    %r10,%r13
+       adcq    $0,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       movq    %r9,%rax
+       adcq    %rdx,%r12
+       movq    %r13,16(%rdi,%rcx,1)
+
+       xorq    %r10,%r10
+       addq    24(%rdi,%rcx,1),%r11
+       leaq    32(%rcx),%rcx
+       adcq    $0,%r10
+       mulq    %r14
+       addq    %rax,%r11
+       movq    %rbx,%rax
+       adcq    %rdx,%r10
+       cmpq    $0,%rcx
+       jne     L$sqr4x_mont_inner
+
+       subq    0(%rsp),%rcx
+       movq    %r8,%r14
+
+       xorq    %r13,%r13
+       addq    %r11,%r12
+       adcq    $0,%r13
+       mulq    %r15
+       addq    %rax,%r12
+       movq    %r9,%rax
+       adcq    %rdx,%r13
+       movq    %r12,-8(%rdi)
+
+       xorq    %r11,%r11
+       addq    (%rdi),%r10
+       adcq    $0,%r11
+       movq    0(%rsi,%rcx,1),%rbx
+       addq    %rbp,%r10
+       adcq    $0,%r11
+
+       imulq   16(%rdi,%rcx,1),%r14
+       xorq    %r12,%r12
+       movq    8(%rsi,%rcx,1),%r9
+       addq    %r10,%r13
+       movq    16(%rdi,%rcx,1),%r10
+       adcq    $0,%r12
+       mulq    %r15
+       addq    %rax,%r13
+       movq    %rbx,%rax
+       adcq    %rdx,%r12
+       movq    %r13,(%rdi)
+
+       xorq    %rbp,%rbp
+       addq    8(%rdi),%r12
+       adcq    %rbp,%rbp
+       addq    %r11,%r12
+       leaq    16(%rdi),%rdi
+       adcq    $0,%rbp
+       movq    %r12,-8(%rdi)
+       cmpq    8(%rsp),%rdi
+       jb      L$sqr4x_mont_outer
+
+       movq    0(%rsp),%r9
+       movq    %rbp,(%rdi)
+       movq    64(%rsp,%r9,1),%rax
+       leaq    64(%rsp,%r9,1),%rbx
+       movq    40(%rsp),%rsi
+       shrq    $5,%r9
+       movq    8(%rbx),%rdx
+       xorq    %rbp,%rbp
+
+       movq    32(%rsp),%rdi
+       subq    0(%rsi),%rax
+       movq    16(%rbx),%r10
+       movq    24(%rbx),%r11
+       sbbq    8(%rsi),%rdx
+       leaq    -1(%r9),%rcx
+       jmp     L$sqr4x_sub
+.p2align       4
+L$sqr4x_sub:
+       movq    %rax,0(%rdi,%rbp,8)
+       movq    %rdx,8(%rdi,%rbp,8)
+       sbbq    16(%rsi,%rbp,8),%r10
+       movq    32(%rbx,%rbp,8),%rax
+       movq    40(%rbx,%rbp,8),%rdx
+       sbbq    24(%rsi,%rbp,8),%r11
+       movq    %r10,16(%rdi,%rbp,8)
+       movq    %r11,24(%rdi,%rbp,8)
+       sbbq    32(%rsi,%rbp,8),%rax
+       movq    48(%rbx,%rbp,8),%r10
+       movq    56(%rbx,%rbp,8),%r11
+       sbbq    40(%rsi,%rbp,8),%rdx
+       leaq    4(%rbp),%rbp
+       decq    %rcx
+       jnz     L$sqr4x_sub
+
+       movq    %rax,0(%rdi,%rbp,8)
+       movq    32(%rbx,%rbp,8),%rax
+       sbbq    16(%rsi,%rbp,8),%r10
+       movq    %rdx,8(%rdi,%rbp,8)
+       sbbq    24(%rsi,%rbp,8),%r11
+       movq    %r10,16(%rdi,%rbp,8)
+
+       sbbq    $0,%rax
+       movq    %r11,24(%rdi,%rbp,8)
+       xorq    %rbp,%rbp
+       andq    %rax,%rbx
+       notq    %rax
+       movq    %rdi,%rsi
+       andq    %rax,%rsi
+       leaq    -1(%r9),%rcx
+       orq     %rsi,%rbx
+
+       pxor    %xmm0,%xmm0
+       leaq    64(%rsp,%r9,8),%rsi
+       movdqu  (%rbx),%xmm1
+       leaq    (%rsi,%r9,8),%rsi
+       movdqa  %xmm0,64(%rsp)
+       movdqa  %xmm0,(%rsi)
+       movdqu  %xmm1,(%rdi)
+       jmp     L$sqr4x_copy
+.p2align       4
+L$sqr4x_copy:
+       movdqu  16(%rbx,%rbp,1),%xmm2
+       movdqu  32(%rbx,%rbp,1),%xmm1
+       movdqa  %xmm0,80(%rsp,%rbp,1)
+       movdqa  %xmm0,96(%rsp,%rbp,1)
+       movdqa  %xmm0,16(%rsi,%rbp,1)
+       movdqa  %xmm0,32(%rsi,%rbp,1)
+       movdqu  %xmm2,16(%rdi,%rbp,1)
+       movdqu  %xmm1,32(%rdi,%rbp,1)
+       leaq    32(%rbp),%rbp
+       decq    %rcx
+       jnz     L$sqr4x_copy
+
+       movdqu  16(%rbx,%rbp,1),%xmm2
+       movdqa  %xmm0,80(%rsp,%rbp,1)
+       movdqa  %xmm0,16(%rsi,%rbp,1)
+       movdqu  %xmm2,16(%rdi,%rbp,1)
+       movq    56(%rsp),%rsi
+       movq    $1,%rax
+       movq    0(%rsi),%r15
+       movq    8(%rsi),%r14
+       movq    16(%rsi),%r13
+       movq    24(%rsi),%r12
+       movq    32(%rsi),%rbp
+       movq    40(%rsi),%rbx
+       leaq    48(%rsi),%rsp
+L$sqr4x_epilogue:
        .byte   0xf3,0xc3
 
 .byte  77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0

diff --git a/deps/openssl/asm/x64-macosx-gas/md5/md5-x86_64.s b/deps/openssl/asm/x64-macosx-gas/md5/md5-x86_64.s
index 96f6ea1..cdecac7 100644 (file)
--- a/deps/openssl/asm/x64-macosx-gas/md5/md5-x86_64.s
+++ b/deps/openssl/asm/x64-macosx-gas/md5/md5-x86_64.s
@@ -668,4 +668,3 @@ L$end:
        addq    $40,%rsp
 L$epilogue:
        .byte   0xf3,0xc3
-

diff --git a/deps/openssl/asm/x64-macosx-gas/rc4/rc4-x86_64.s b/deps/openssl/asm/x64-macosx-gas/rc4/rc4-x86_64.s
index 41183ce..8c4f29e 100644 (file)
--- a/deps/openssl/asm/x64-macosx-gas/rc4/rc4-x86_64.s
+++ b/deps/openssl/asm/x64-macosx-gas/rc4/rc4-x86_64.s
@@ -1,6 +1,7 @@
 .text
 
 
+
 .globl _RC4
 
 .p2align       4
@@ -12,316 +13,511 @@ L$entry:
        pushq   %r12
        pushq   %r13
 L$prologue:
+       movq    %rsi,%r11
+       movq    %rdx,%r12
+       movq    %rcx,%r13
+       xorq    %r10,%r10
+       xorq    %rcx,%rcx
 
-       addq    $8,%rdi
-       movl    -8(%rdi),%r8d
-       movl    -4(%rdi),%r12d
+       leaq    8(%rdi),%rdi
+       movb    -8(%rdi),%r10b
+       movb    -4(%rdi),%cl
        cmpl    $-1,256(%rdi)
        je      L$RC4_CHAR
-       incb    %r8b
-       movl    (%rdi,%r8,4),%r9d
-       testq   $-8,%rsi
-       jz      L$loop1
-       jmp     L$loop8
-.p2align       4
-L$loop8:
-       addb    %r9b,%r12b
-       movq    %r8,%r10
-       movl    (%rdi,%r12,4),%r13d
-       rorq    $8,%rax
-       incb    %r10b
-       movl    (%rdi,%r10,4),%r11d
-       cmpq    %r10,%r12
-       movl    %r9d,(%rdi,%r12,4)
-       cmoveq  %r9,%r11
-       movl    %r13d,(%rdi,%r8,4)
-       addb    %r9b,%r13b
-       movb    (%rdi,%r13,4),%al
-       addb    %r11b,%r12b
-       movq    %r10,%r8
-       movl    (%rdi,%r12,4),%r13d
-       rorq    $8,%rax
-       incb    %r8b
-       movl    (%rdi,%r8,4),%r9d
-       cmpq    %r8,%r12
-       movl    %r11d,(%rdi,%r12,4)
-       cmoveq  %r11,%r9
-       movl    %r13d,(%rdi,%r10,4)
-       addb    %r11b,%r13b
-       movb    (%rdi,%r13,4),%al
-       addb    %r9b,%r12b
-       movq    %r8,%r10
-       movl    (%rdi,%r12,4),%r13d
-       rorq    $8,%rax
+       movl    _OPENSSL_ia32cap_P(%rip),%r8d
+       xorq    %rbx,%rbx
        incb    %r10b
-       movl    (%rdi,%r10,4),%r11d
-       cmpq    %r10,%r12
-       movl    %r9d,(%rdi,%r12,4)
-       cmoveq  %r9,%r11
-       movl    %r13d,(%rdi,%r8,4)
-       addb    %r9b,%r13b
-       movb    (%rdi,%r13,4),%al
-       addb    %r11b,%r12b
-       movq    %r10,%r8
-       movl    (%rdi,%r12,4),%r13d
-       rorq    $8,%rax
-       incb    %r8b
-       movl    (%rdi,%r8,4),%r9d
-       cmpq    %r8,%r12
-       movl    %r11d,(%rdi,%r12,4)
-       cmoveq  %r11,%r9
-       movl    %r13d,(%rdi,%r10,4)
-       addb    %r11b,%r13b
-       movb    (%rdi,%r13,4),%al
-       addb    %r9b,%r12b
-       movq    %r8,%r10
-       movl    (%rdi,%r12,4),%r13d
-       rorq    $8,%rax
+       subq    %r10,%rbx
+       subq    %r12,%r13
+       movl    (%rdi,%r10,4),%eax
+       testq   $-16,%r11
+       jz      L$loop1
+       btl     $30,%r8d
+       jc      L$intel
+       andq    $7,%rbx
+       leaq    1(%r10),%rsi
+       jz      L$oop8
+       subq    %rbx,%r11
+L$oop8_warmup:
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       movl    %edx,(%rdi,%r10,4)
+       addb    %dl,%al
        incb    %r10b
-       movl    (%rdi,%r10,4),%r11d
-       cmpq    %r10,%r12
-       movl    %r9d,(%rdi,%r12,4)
-       cmoveq  %r9,%r11
-       movl    %r13d,(%rdi,%r8,4)
-       addb    %r9b,%r13b
-       movb    (%rdi,%r13,4),%al
-       addb    %r11b,%r12b
-       movq    %r10,%r8
-       movl    (%rdi,%r12,4),%r13d
-       rorq    $8,%rax
-       incb    %r8b
-       movl    (%rdi,%r8,4),%r9d
-       cmpq    %r8,%r12
-       movl    %r11d,(%rdi,%r12,4)
-       cmoveq  %r11,%r9
-       movl    %r13d,(%rdi,%r10,4)
-       addb    %r11b,%r13b
-       movb    (%rdi,%r13,4),%al
-       addb    %r9b,%r12b
-       movq    %r8,%r10
-       movl    (%rdi,%r12,4),%r13d
-       rorq    $8,%rax
+       movl    (%rdi,%rax,4),%edx
+       movl    (%rdi,%r10,4),%eax
+       xorb    (%r12),%dl
+       movb    %dl,(%r13,%r12,1)
+       leaq    1(%r12),%r12
+       decq    %rbx
+       jnz     L$oop8_warmup
+
+       leaq    1(%r10),%rsi
+       jmp     L$oop8
+.p2align       4
+L$oop8:
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       movl    0(%rdi,%rsi,4),%ebx
+       rorq    $8,%r8
+       movl    %edx,0(%rdi,%r10,4)
+       addb    %al,%dl
+       movb    (%rdi,%rdx,4),%r8b
+       addb    %bl,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       movl    4(%rdi,%rsi,4),%eax
+       rorq    $8,%r8
+       movl    %edx,4(%rdi,%r10,4)
+       addb    %bl,%dl
+       movb    (%rdi,%rdx,4),%r8b
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       movl    8(%rdi,%rsi,4),%ebx
+       rorq    $8,%r8
+       movl    %edx,8(%rdi,%r10,4)
+       addb    %al,%dl
+       movb    (%rdi,%rdx,4),%r8b
+       addb    %bl,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       movl    12(%rdi,%rsi,4),%eax
+       rorq    $8,%r8
+       movl    %edx,12(%rdi,%r10,4)
+       addb    %bl,%dl
+       movb    (%rdi,%rdx,4),%r8b
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       movl    16(%rdi,%rsi,4),%ebx
+       rorq    $8,%r8
+       movl    %edx,16(%rdi,%r10,4)
+       addb    %al,%dl
+       movb    (%rdi,%rdx,4),%r8b
+       addb    %bl,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       movl    20(%rdi,%rsi,4),%eax
+       rorq    $8,%r8
+       movl    %edx,20(%rdi,%r10,4)
+       addb    %bl,%dl
+       movb    (%rdi,%rdx,4),%r8b
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       movl    24(%rdi,%rsi,4),%ebx
+       rorq    $8,%r8
+       movl    %edx,24(%rdi,%r10,4)
+       addb    %al,%dl
+       movb    (%rdi,%rdx,4),%r8b
+       addb    $8,%sil
+       addb    %bl,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       movl    -4(%rdi,%rsi,4),%eax
+       rorq    $8,%r8
+       movl    %edx,28(%rdi,%r10,4)
+       addb    %bl,%dl
+       movb    (%rdi,%rdx,4),%r8b
+       addb    $8,%r10b
+       rorq    $8,%r8
+       subq    $8,%r11
+
+       xorq    (%r12),%r8
+       movq    %r8,(%r13,%r12,1)
+       leaq    8(%r12),%r12
+
+       testq   $-8,%r11
+       jnz     L$oop8
+       cmpq    $0,%r11
+       jne     L$loop1
+       jmp     L$exit
+
+.p2align       4
+L$intel:
+       testq   $-32,%r11
+       jz      L$loop1
+       andq    $15,%rbx
+       jz      L$oop16_is_hot
+       subq    %rbx,%r11
+L$oop16_warmup:
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       movl    %edx,(%rdi,%r10,4)
+       addb    %dl,%al
        incb    %r10b
-       movl    (%rdi,%r10,4),%r11d
-       cmpq    %r10,%r12
-       movl    %r9d,(%rdi,%r12,4)
-       cmoveq  %r9,%r11
-       movl    %r13d,(%rdi,%r8,4)
-       addb    %r9b,%r13b
-       movb    (%rdi,%r13,4),%al
-       addb    %r11b,%r12b
-       movq    %r10,%r8
-       movl    (%rdi,%r12,4),%r13d
-       rorq    $8,%rax
-       incb    %r8b
-       movl    (%rdi,%r8,4),%r9d
-       cmpq    %r8,%r12
-       movl    %r11d,(%rdi,%r12,4)
-       cmoveq  %r11,%r9
-       movl    %r13d,(%rdi,%r10,4)
-       addb    %r11b,%r13b
-       movb    (%rdi,%r13,4),%al
-       rorq    $8,%rax
-       subq    $8,%rsi
-
-       xorq    (%rdx),%rax
-       addq    $8,%rdx
-       movq    %rax,(%rcx)
-       addq    $8,%rcx
-
-       testq   $-8,%rsi
-       jnz     L$loop8
-       cmpq    $0,%rsi
+       movl    (%rdi,%rax,4),%edx
+       movl    (%rdi,%r10,4),%eax
+       xorb    (%r12),%dl
+       movb    %dl,(%r13,%r12,1)
+       leaq    1(%r12),%r12
+       decq    %rbx
+       jnz     L$oop16_warmup
+
+       movq    %rcx,%rbx
+       xorq    %rcx,%rcx
+       movb    %bl,%cl
+
+L$oop16_is_hot:
+       leaq    (%rdi,%r10,4),%rsi
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       pxor    %xmm0,%xmm0
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    4(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,0(%rsi)
+       addb    %bl,%cl
+       pinsrw  $0,(%rdi,%rax,4),%xmm0
+       jmp     L$oop16_enter
+.p2align       4
+L$oop16:
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       pxor    %xmm0,%xmm2
+       psllq   $8,%xmm1
+       pxor    %xmm0,%xmm0
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    4(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,0(%rsi)
+       pxor    %xmm1,%xmm2
+       addb    %bl,%cl
+       pinsrw  $0,(%rdi,%rax,4),%xmm0
+       movdqu  %xmm2,(%r13,%r12,1)
+       leaq    16(%r12),%r12
+L$oop16_enter:
+       movl    (%rdi,%rcx,4),%edx
+       pxor    %xmm1,%xmm1
+       movl    %ebx,(%rdi,%rcx,4)
+       addb    %dl,%bl
+       movl    8(%rsi),%eax
+       movzbl  %bl,%ebx
+       movl    %edx,4(%rsi)
+       addb    %al,%cl
+       pinsrw  $0,(%rdi,%rbx,4),%xmm1
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    12(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,8(%rsi)
+       addb    %bl,%cl
+       pinsrw  $1,(%rdi,%rax,4),%xmm0
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       addb    %dl,%bl
+       movl    16(%rsi),%eax
+       movzbl  %bl,%ebx
+       movl    %edx,12(%rsi)
+       addb    %al,%cl
+       pinsrw  $1,(%rdi,%rbx,4),%xmm1
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    20(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,16(%rsi)
+       addb    %bl,%cl
+       pinsrw  $2,(%rdi,%rax,4),%xmm0
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       addb    %dl,%bl
+       movl    24(%rsi),%eax
+       movzbl  %bl,%ebx
+       movl    %edx,20(%rsi)
+       addb    %al,%cl
+       pinsrw  $2,(%rdi,%rbx,4),%xmm1
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    28(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,24(%rsi)
+       addb    %bl,%cl
+       pinsrw  $3,(%rdi,%rax,4),%xmm0
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       addb    %dl,%bl
+       movl    32(%rsi),%eax
+       movzbl  %bl,%ebx
+       movl    %edx,28(%rsi)
+       addb    %al,%cl
+       pinsrw  $3,(%rdi,%rbx,4),%xmm1
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    36(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,32(%rsi)
+       addb    %bl,%cl
+       pinsrw  $4,(%rdi,%rax,4),%xmm0
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       addb    %dl,%bl
+       movl    40(%rsi),%eax
+       movzbl  %bl,%ebx
+       movl    %edx,36(%rsi)
+       addb    %al,%cl
+       pinsrw  $4,(%rdi,%rbx,4),%xmm1
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    44(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,40(%rsi)
+       addb    %bl,%cl
+       pinsrw  $5,(%rdi,%rax,4),%xmm0
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       addb    %dl,%bl
+       movl    48(%rsi),%eax
+       movzbl  %bl,%ebx
+       movl    %edx,44(%rsi)
+       addb    %al,%cl
+       pinsrw  $5,(%rdi,%rbx,4),%xmm1
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    52(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,48(%rsi)
+       addb    %bl,%cl
+       pinsrw  $6,(%rdi,%rax,4),%xmm0
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       addb    %dl,%bl
+       movl    56(%rsi),%eax
+       movzbl  %bl,%ebx
+       movl    %edx,52(%rsi)
+       addb    %al,%cl
+       pinsrw  $6,(%rdi,%rbx,4),%xmm1
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       addb    %dl,%al
+       movl    60(%rsi),%ebx
+       movzbl  %al,%eax
+       movl    %edx,56(%rsi)
+       addb    %bl,%cl
+       pinsrw  $7,(%rdi,%rax,4),%xmm0
+       addb    $16,%r10b
+       movdqu  (%r12),%xmm2
+       movl    (%rdi,%rcx,4),%edx
+       movl    %ebx,(%rdi,%rcx,4)
+       addb    %dl,%bl
+       movzbl  %bl,%ebx
+       movl    %edx,60(%rsi)
+       leaq    (%rdi,%r10,4),%rsi
+       pinsrw  $7,(%rdi,%rbx,4),%xmm1
+       movl    (%rsi),%eax
+       movq    %rcx,%rbx
+       xorq    %rcx,%rcx
+       subq    $16,%r11
+       movb    %bl,%cl
+       testq   $-16,%r11
+       jnz     L$oop16
+
+       psllq   $8,%xmm1
+       pxor    %xmm0,%xmm2
+       pxor    %xmm1,%xmm2
+       movdqu  %xmm2,(%r13,%r12,1)
+       leaq    16(%r12),%r12
+
+       cmpq    $0,%r11
        jne     L$loop1
        jmp     L$exit
 
 .p2align       4
 L$loop1:
-       addb    %r9b,%r12b
-       movl    (%rdi,%r12,4),%r13d
-       movl    %r9d,(%rdi,%r12,4)
-       movl    %r13d,(%rdi,%r8,4)
-       addb    %r13b,%r9b
-       incb    %r8b
-       movl    (%rdi,%r9,4),%r13d
-       movl    (%rdi,%r8,4),%r9d
-       xorb    (%rdx),%r13b
-       incq    %rdx
-       movb    %r13b,(%rcx)
-       incq    %rcx
-       decq    %rsi
+       addb    %al,%cl
+       movl    (%rdi,%rcx,4),%edx
+       movl    %eax,(%rdi,%rcx,4)
+       movl    %edx,(%rdi,%r10,4)
+       addb    %dl,%al
+       incb    %r10b
+       movl    (%rdi,%rax,4),%edx
+       movl    (%rdi,%r10,4),%eax
+       xorb    (%r12),%dl
+       movb    %dl,(%r13,%r12,1)
+       leaq    1(%r12),%r12
+       decq    %r11
        jnz     L$loop1
        jmp     L$exit
 
 .p2align       4
 L$RC4_CHAR:
-       addb    $1,%r8b
-       movzbl  (%rdi,%r8,1),%r9d
-       testq   $-8,%rsi
+       addb    $1,%r10b
+       movzbl  (%rdi,%r10,1),%eax
+       testq   $-8,%r11
        jz      L$cloop1
-       cmpl    $0,260(%rdi)
-       jnz     L$cloop1
        jmp     L$cloop8
 .p2align       4
 L$cloop8:
-       movl    (%rdx),%eax
-       movl    4(%rdx),%ebx
-       addb    %r9b,%r12b
-       leaq    1(%r8),%r10
-       movzbl  (%rdi,%r12,1),%r13d
-       movzbl  %r10b,%r10d
-       movzbl  (%rdi,%r10,1),%r11d
-       movb    %r9b,(%rdi,%r12,1)
-       cmpq    %r10,%r12
-       movb    %r13b,(%rdi,%r8,1)
+       movl    (%r12),%r8d
+       movl    4(%r12),%r9d
+       addb    %al,%cl
+       leaq    1(%r10),%rsi
+       movzbl  (%rdi,%rcx,1),%edx
+       movzbl  %sil,%esi
+       movzbl  (%rdi,%rsi,1),%ebx
+       movb    %al,(%rdi,%rcx,1)
+       cmpq    %rsi,%rcx
+       movb    %dl,(%rdi,%r10,1)
        jne     L$cmov0
 
-       movq    %r9,%r11
+       movq    %rax,%rbx
 L$cmov0:
-       addb    %r9b,%r13b
-       xorb    (%rdi,%r13,1),%al
-       rorl    $8,%eax
-       addb    %r11b,%r12b
-       leaq    1(%r10),%r8
-       movzbl  (%rdi,%r12,1),%r13d
-       movzbl  %r8b,%r8d
-       movzbl  (%rdi,%r8,1),%r9d
-       movb    %r11b,(%rdi,%r12,1)
-       cmpq    %r8,%r12
-       movb    %r13b,(%rdi,%r10,1)
+       addb    %al,%dl
+       xorb    (%rdi,%rdx,1),%r8b
+       rorl    $8,%r8d
+       addb    %bl,%cl
+       leaq    1(%rsi),%r10
+       movzbl  (%rdi,%rcx,1),%edx
+       movzbl  %r10b,%r10d
+       movzbl  (%rdi,%r10,1),%eax
+       movb    %bl,(%rdi,%rcx,1)
+       cmpq    %r10,%rcx
+       movb    %dl,(%rdi,%rsi,1)
        jne     L$cmov1
 
-       movq    %r11,%r9
+       movq    %rbx,%rax
 L$cmov1:
-       addb    %r11b,%r13b
-       xorb    (%rdi,%r13,1),%al
-       rorl    $8,%eax
-       addb    %r9b,%r12b
-       leaq    1(%r8),%r10
-       movzbl  (%rdi,%r12,1),%r13d
-       movzbl  %r10b,%r10d
-       movzbl  (%rdi,%r10,1),%r11d
-       movb    %r9b,(%rdi,%r12,1)
-       cmpq    %r10,%r12
-       movb    %r13b,(%rdi,%r8,1)
+       addb    %bl,%dl
+       xorb    (%rdi,%rdx,1),%r8b
+       rorl    $8,%r8d
+       addb    %al,%cl
+       leaq    1(%r10),%rsi
+       movzbl  (%rdi,%rcx,1),%edx
+       movzbl  %sil,%esi
+       movzbl  (%rdi,%rsi,1),%ebx
+       movb    %al,(%rdi,%rcx,1)
+       cmpq    %rsi,%rcx
+       movb    %dl,(%rdi,%r10,1)
        jne     L$cmov2
 
-       movq    %r9,%r11
+       movq    %rax,%rbx
 L$cmov2:
-       addb    %r9b,%r13b
-       xorb    (%rdi,%r13,1),%al
-       rorl    $8,%eax
-       addb    %r11b,%r12b
-       leaq    1(%r10),%r8
-       movzbl  (%rdi,%r12,1),%r13d
-       movzbl  %r8b,%r8d
-       movzbl  (%rdi,%r8,1),%r9d
-       movb    %r11b,(%rdi,%r12,1)
-       cmpq    %r8,%r12
-       movb    %r13b,(%rdi,%r10,1)
+       addb    %al,%dl
+       xorb    (%rdi,%rdx,1),%r8b
+       rorl    $8,%r8d
+       addb    %bl,%cl
+       leaq    1(%rsi),%r10
+       movzbl  (%rdi,%rcx,1),%edx
+       movzbl  %r10b,%r10d
+       movzbl  (%rdi,%r10,1),%eax
+       movb    %bl,(%rdi,%rcx,1)
+       cmpq    %r10,%rcx
+       movb    %dl,(%rdi,%rsi,1)
        jne     L$cmov3
 
-       movq    %r11,%r9
+       movq    %rbx,%rax
 L$cmov3:
-       addb    %r11b,%r13b
-       xorb    (%rdi,%r13,1),%al
-       rorl    $8,%eax
-       addb    %r9b,%r12b
-       leaq    1(%r8),%r10
-       movzbl  (%rdi,%r12,1),%r13d
-       movzbl  %r10b,%r10d
-       movzbl  (%rdi,%r10,1),%r11d
-       movb    %r9b,(%rdi,%r12,1)
-       cmpq    %r10,%r12
-       movb    %r13b,(%rdi,%r8,1)
+       addb    %bl,%dl
+       xorb    (%rdi,%rdx,1),%r8b
+       rorl    $8,%r8d
+       addb    %al,%cl
+       leaq    1(%r10),%rsi
+       movzbl  (%rdi,%rcx,1),%edx
+       movzbl  %sil,%esi
+       movzbl  (%rdi,%rsi,1),%ebx
+       movb    %al,(%rdi,%rcx,1)
+       cmpq    %rsi,%rcx
+       movb    %dl,(%rdi,%r10,1)
        jne     L$cmov4
 
-       movq    %r9,%r11
+       movq    %rax,%rbx
 L$cmov4:
-       addb    %r9b,%r13b
-       xorb    (%rdi,%r13,1),%bl
-       rorl    $8,%ebx
-       addb    %r11b,%r12b
-       leaq    1(%r10),%r8
-       movzbl  (%rdi,%r12,1),%r13d
-       movzbl  %r8b,%r8d
-       movzbl  (%rdi,%r8,1),%r9d
-       movb    %r11b,(%rdi,%r12,1)
-       cmpq    %r8,%r12
-       movb    %r13b,(%rdi,%r10,1)
+       addb    %al,%dl
+       xorb    (%rdi,%rdx,1),%r9b
+       rorl    $8,%r9d
+       addb    %bl,%cl
+       leaq    1(%rsi),%r10
+       movzbl  (%rdi,%rcx,1),%edx
+       movzbl  %r10b,%r10d
+       movzbl  (%rdi,%r10,1),%eax
+       movb    %bl,(%rdi,%rcx,1)
+       cmpq    %r10,%rcx
+       movb    %dl,(%rdi,%rsi,1)
        jne     L$cmov5
 
-       movq    %r11,%r9
+       movq    %rbx,%rax
 L$cmov5:
-       addb    %r11b,%r13b
-       xorb    (%rdi,%r13,1),%bl
-       rorl    $8,%ebx
-       addb    %r9b,%r12b
-       leaq    1(%r8),%r10
-       movzbl  (%rdi,%r12,1),%r13d
-       movzbl  %r10b,%r10d
-       movzbl  (%rdi,%r10,1),%r11d
-       movb    %r9b,(%rdi,%r12,1)
-       cmpq    %r10,%r12
-       movb    %r13b,(%rdi,%r8,1)
+       addb    %bl,%dl
+       xorb    (%rdi,%rdx,1),%r9b
+       rorl    $8,%r9d
+       addb    %al,%cl
+       leaq    1(%r10),%rsi
+       movzbl  (%rdi,%rcx,1),%edx
+       movzbl  %sil,%esi
+       movzbl  (%rdi,%rsi,1),%ebx
+       movb    %al,(%rdi,%rcx,1)
+       cmpq    %rsi,%rcx
+       movb    %dl,(%rdi,%r10,1)
        jne     L$cmov6
 
-       movq    %r9,%r11
+       movq    %rax,%rbx
 L$cmov6:
-       addb    %r9b,%r13b
-       xorb    (%rdi,%r13,1),%bl
-       rorl    $8,%ebx
-       addb    %r11b,%r12b
-       leaq    1(%r10),%r8
-       movzbl  (%rdi,%r12,1),%r13d
-       movzbl  %r8b,%r8d
-       movzbl  (%rdi,%r8,1),%r9d
-       movb    %r11b,(%rdi,%r12,1)
-       cmpq    %r8,%r12
-       movb    %r13b,(%rdi,%r10,1)
+       addb    %al,%dl
+       xorb    (%rdi,%rdx,1),%r9b
+       rorl    $8,%r9d
+       addb    %bl,%cl
+       leaq    1(%rsi),%r10
+       movzbl  (%rdi,%rcx,1),%edx
+       movzbl  %r10b,%r10d
+       movzbl  (%rdi,%r10,1),%eax
+       movb    %bl,(%rdi,%rcx,1)
+       cmpq    %r10,%rcx
+       movb    %dl,(%rdi,%rsi,1)
        jne     L$cmov7
 
-       movq    %r11,%r9
+       movq    %rbx,%rax
 L$cmov7:
-       addb    %r11b,%r13b
-       xorb    (%rdi,%r13,1),%bl
-       rorl    $8,%ebx
-       leaq    -8(%rsi),%rsi
-       movl    %eax,(%rcx)
-       leaq    8(%rdx),%rdx
-       movl    %ebx,4(%rcx)
-       leaq    8(%rcx),%rcx
-
-       testq   $-8,%rsi
+       addb    %bl,%dl
+       xorb    (%rdi,%rdx,1),%r9b
+       rorl    $8,%r9d
+       leaq    -8(%r11),%r11
+       movl    %r8d,(%r13)
+       leaq    8(%r12),%r12
+       movl    %r9d,4(%r13)
+       leaq    8(%r13),%r13
+
+       testq   $-8,%r11
        jnz     L$cloop8
-       cmpq    $0,%rsi
+       cmpq    $0,%r11
        jne     L$cloop1
        jmp     L$exit
 .p2align       4
 L$cloop1:
-       addb    %r9b,%r12b
-       movzbl  (%rdi,%r12,1),%r13d
-       movb    %r9b,(%rdi,%r12,1)
-       movb    %r13b,(%rdi,%r8,1)
-       addb    %r9b,%r13b
-       addb    $1,%r8b
-       movzbl  %r13b,%r13d
-       movzbl  %r8b,%r8d
-       movzbl  (%rdi,%r13,1),%r13d
-       movzbl  (%rdi,%r8,1),%r9d
-       xorb    (%rdx),%r13b
-       leaq    1(%rdx),%rdx
-       movb    %r13b,(%rcx)
-       leaq    1(%rcx),%rcx
-       subq    $1,%rsi
+       addb    %al,%cl
+       movzbl  %cl,%ecx
+       movzbl  (%rdi,%rcx,1),%edx
+       movb    %al,(%rdi,%rcx,1)
+       movb    %dl,(%rdi,%r10,1)
+       addb    %al,%dl
+       addb    $1,%r10b
+       movzbl  %dl,%edx
+       movzbl  %r10b,%r10d
+       movzbl  (%rdi,%rdx,1),%edx
+       movzbl  (%rdi,%r10,1),%eax
+       xorb    (%r12),%dl
+       leaq    1(%r12),%r12
+       movb    %dl,(%r13)
+       leaq    1(%r13),%r13
+       subq    $1,%r11
        jnz     L$cloop1
        jmp     L$exit
 
 .p2align       4
 L$exit:
-       subb    $1,%r8b
-       movl    %r8d,-8(%rdi)
-       movl    %r12d,-4(%rdi)
+       subb    $1,%r10b
+       movl    %r10d,-8(%rdi)
+       movl    %ecx,-4(%rdi)
 
        movq    (%rsp),%r13
        movq    8(%rsp),%r12
@@ -330,11 +526,10 @@ L$exit:
 L$epilogue:
        .byte   0xf3,0xc3
 
-
-.globl _RC4_set_key
+.globl _private_RC4_set_key
 
 .p2align       4
-_RC4_set_key:
+_private_RC4_set_key:
        leaq    8(%rdi),%rdi
        leaq    (%rdx,%rsi,1),%rdx
        negq    %rsi
@@ -346,11 +541,8 @@ _RC4_set_key:
 
        movl    _OPENSSL_ia32cap_P(%rip),%r8d
        btl     $20,%r8d
-       jnc     L$w1stloop
-       btl     $30,%r8d
-       setc    %r9b
-       movl    %r9d,260(%rdi)
-       jmp     L$c1stloop
+       jc      L$c1stloop
+       jmp     L$w1stloop
 
 .p2align       4
 L$w1stloop:
@@ -413,18 +605,19 @@ _RC4_options:
        leaq    L$opts(%rip),%rax
        movl    _OPENSSL_ia32cap_P(%rip),%edx
        btl     $20,%edx
-       jnc     L$done
-       addq    $12,%rax
+       jc      L$8xchar
        btl     $30,%edx
        jnc     L$done
-       addq    $13,%rax
+       addq    $25,%rax
+       .byte   0xf3,0xc3
+L$8xchar:
+       addq    $12,%rax
 L$done:
        .byte   0xf3,0xc3
 .p2align       6
 L$opts:
 .byte  114,99,52,40,56,120,44,105,110,116,41,0
 .byte  114,99,52,40,56,120,44,99,104,97,114,41,0
-.byte  114,99,52,40,49,120,44,99,104,97,114,41,0
+.byte  114,99,52,40,49,54,120,44,105,110,116,41,0
 .byte  82,67,52,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .p2align       6
-

diff --git a/deps/openssl/asm/x64-macosx-gas/sha/sha1-x86_64.s b/deps/openssl/asm/x64-macosx-gas/sha/sha1-x86_64.s
index f9dc256..9bb9bf0 100644 (file)
--- a/deps/openssl/asm/x64-macosx-gas/sha/sha1-x86_64.s
+++ b/deps/openssl/asm/x64-macosx-gas/sha/sha1-x86_64.s
@@ -1,12 +1,23 @@
 .text
 
+
+
 .globl _sha1_block_data_order
 
 .p2align       4
 _sha1_block_data_order:
+       movl    _OPENSSL_ia32cap_P+0(%rip),%r9d
+       movl    _OPENSSL_ia32cap_P+4(%rip),%r8d
+       testl   $512,%r8d
+       jz      L$ialu
+       jmp     _ssse3_shortcut
+
+.p2align       4
+L$ialu:
        pushq   %rbx
        pushq   %rbp
        pushq   %r12
+       pushq   %r13
        movq    %rsp,%r11
        movq    %rdi,%r8
        subq    $72,%rsp
@@ -16,1268 +27,2466 @@ _sha1_block_data_order:
        movq    %r11,64(%rsp)
 L$prologue:
 
-       movl    0(%r8),%edx
-       movl    4(%r8),%esi
-       movl    8(%r8),%edi
-       movl    12(%r8),%ebp
-       movl    16(%r8),%r11d
-.p2align       2
+       movl    0(%r8),%esi
+       movl    4(%r8),%edi
+       movl    8(%r8),%r11d
+       movl    12(%r8),%r12d
+       movl    16(%r8),%r13d
+       jmp     L$loop
+
+.p2align       4
 L$loop:
-       movl    0(%r9),%eax
-       bswapl  %eax
-       movl    %eax,0(%rsp)
-       leal    1518500249(%rax,%r11,1),%r12d
-       movl    %edi,%ebx
-       movl    4(%r9),%eax
-       movl    %edx,%r11d
-       xorl    %ebp,%ebx
-       bswapl  %eax
-       roll    $5,%r11d
-       andl    %esi,%ebx
-       movl    %eax,4(%rsp)
-       addl    %r11d,%r12d
-       xorl    %ebp,%ebx
+       movl    0(%r9),%edx
+       bswapl  %edx
+       movl    %edx,0(%rsp)
+       movl    %r11d,%eax
+       movl    4(%r9),%ebp
+       movl    %esi,%ecx
+       xorl    %r12d,%eax
+       bswapl  %ebp
+       roll    $5,%ecx
+       leal    1518500249(%rdx,%r13,1),%r13d
+       andl    %edi,%eax
+       movl    %ebp,4(%rsp)
+       addl    %ecx,%r13d
+       xorl    %r12d,%eax
+       roll    $30,%edi
+       addl    %eax,%r13d
+       movl    %edi,%eax
+       movl    8(%r9),%edx
+       movl    %r13d,%ecx
+       xorl    %r11d,%eax
+       bswapl  %edx
+       roll    $5,%ecx
+       leal    1518500249(%rbp,%r12,1),%r12d
+       andl    %esi,%eax
+       movl    %edx,8(%rsp)
+       addl    %ecx,%r12d
+       xorl    %r11d,%eax
        roll    $30,%esi
-       addl    %ebx,%r12d
-       leal    1518500249(%rax,%rbp,1),%r11d
-       movl    %esi,%ebx
-       movl    8(%r9),%eax
-       movl    %r12d,%ebp
-       xorl    %edi,%ebx
-       bswapl  %eax
-       roll    $5,%ebp
-       andl    %edx,%ebx
-       movl    %eax,8(%rsp)
-       addl    %ebp,%r11d
-       xorl    %edi,%ebx
-       roll    $30,%edx
-       addl    %ebx,%r11d
-       leal    1518500249(%rax,%rdi,1),%ebp
-       movl    %edx,%ebx
-       movl    12(%r9),%eax
-       movl    %r11d,%edi
-       xorl    %esi,%ebx
-       bswapl  %eax
-       roll    $5,%edi
-       andl    %r12d,%ebx
-       movl    %eax,12(%rsp)
-       addl    %edi,%ebp
-       xorl    %esi,%ebx
+       addl    %eax,%r12d
+       movl    %esi,%eax
+       movl    12(%r9),%ebp
+       movl    %r12d,%ecx
+       xorl    %edi,%eax
+       bswapl  %ebp
+       roll    $5,%ecx
+       leal    1518500249(%rdx,%r11,1),%r11d
+       andl    %r13d,%eax
+       movl    %ebp,12(%rsp)
+       addl    %ecx,%r11d
+       xorl    %edi,%eax
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       movl    %r13d,%eax
+       movl    16(%r9),%edx
+       movl    %r11d,%ecx
+       xorl    %esi,%eax
+       bswapl  %edx
+       roll    $5,%ecx
+       leal    1518500249(%rbp,%rdi,1),%edi
+       andl    %r12d,%eax
+       movl    %edx,16(%rsp)
+       addl    %ecx,%edi
+       xorl    %esi,%eax
        roll    $30,%r12d
-       addl    %ebx,%ebp
-       leal    1518500249(%rax,%rsi,1),%edi
-       movl    %r12d,%ebx
-       movl    16(%r9),%eax
-       movl    %ebp,%esi
-       xorl    %edx,%ebx
-       bswapl  %eax
-       roll    $5,%esi
-       andl    %r11d,%ebx
-       movl    %eax,16(%rsp)
-       addl    %esi,%edi
-       xorl    %edx,%ebx
+       addl    %eax,%edi
+       movl    %r12d,%eax
+       movl    20(%r9),%ebp
+       movl    %edi,%ecx
+       xorl    %r13d,%eax
+       bswapl  %ebp
+       roll    $5,%ecx
+       leal    1518500249(%rdx,%rsi,1),%esi
+       andl    %r11d,%eax
+       movl    %ebp,20(%rsp)
+       addl    %ecx,%esi
+       xorl    %r13d,%eax
        roll    $30,%r11d
-       addl    %ebx,%edi
-       leal    1518500249(%rax,%rdx,1),%esi
+       addl    %eax,%esi
+       movl    %r11d,%eax
+       movl    24(%r9),%edx
+       movl    %esi,%ecx
+       xorl    %r12d,%eax
+       bswapl  %edx
+       roll    $5,%ecx
+       leal    1518500249(%rbp,%r13,1),%r13d
+       andl    %edi,%eax
+       movl    %edx,24(%rsp)
+       addl    %ecx,%r13d
+       xorl    %r12d,%eax
+       roll    $30,%edi
+       addl    %eax,%r13d
+       movl    %edi,%eax
+       movl    28(%r9),%ebp
+       movl    %r13d,%ecx
+       xorl    %r11d,%eax
+       bswapl  %ebp
+       roll    $5,%ecx
+       leal    1518500249(%rdx,%r12,1),%r12d
+       andl    %esi,%eax
+       movl    %ebp,28(%rsp)
+       addl    %ecx,%r12d
+       xorl    %r11d,%eax
+       roll    $30,%esi
+       addl    %eax,%r12d
+       movl    %esi,%eax
+       movl    32(%r9),%edx
+       movl    %r12d,%ecx
+       xorl    %edi,%eax
+       bswapl  %edx
+       roll    $5,%ecx
+       leal    1518500249(%rbp,%r11,1),%r11d
+       andl    %r13d,%eax
+       movl    %edx,32(%rsp)
+       addl    %ecx,%r11d
+       xorl    %edi,%eax
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       movl    %r13d,%eax
+       movl    36(%r9),%ebp
+       movl    %r11d,%ecx
+       xorl    %esi,%eax
+       bswapl  %ebp
+       roll    $5,%ecx
+       leal    1518500249(%rdx,%rdi,1),%edi
+       andl    %r12d,%eax
+       movl    %ebp,36(%rsp)
+       addl    %ecx,%edi
+       xorl    %esi,%eax
+       roll    $30,%r12d
+       addl    %eax,%edi
+       movl    %r12d,%eax
+       movl    40(%r9),%edx
+       movl    %edi,%ecx
+       xorl    %r13d,%eax
+       bswapl  %edx
+       roll    $5,%ecx
+       leal    1518500249(%rbp,%rsi,1),%esi
+       andl    %r11d,%eax
+       movl    %edx,40(%rsp)
+       addl    %ecx,%esi
+       xorl    %r13d,%eax
+       roll    $30,%r11d
+       addl    %eax,%esi
+       movl    %r11d,%eax
+       movl    44(%r9),%ebp
+       movl    %esi,%ecx
+       xorl    %r12d,%eax
+       bswapl  %ebp
+       roll    $5,%ecx
+       leal    1518500249(%rdx,%r13,1),%r13d
+       andl    %edi,%eax
+       movl    %ebp,44(%rsp)
+       addl    %ecx,%r13d
+       xorl    %r12d,%eax
+       roll    $30,%edi
+       addl    %eax,%r13d
+       movl    %edi,%eax
+       movl    48(%r9),%edx
+       movl    %r13d,%ecx
+       xorl    %r11d,%eax
+       bswapl  %edx
+       roll    $5,%ecx
+       leal    1518500249(%rbp,%r12,1),%r12d
+       andl    %esi,%eax
+       movl    %edx,48(%rsp)
+       addl    %ecx,%r12d
+       xorl    %r11d,%eax
+       roll    $30,%esi
+       addl    %eax,%r12d
+       movl    %esi,%eax
+       movl    52(%r9),%ebp
+       movl    %r12d,%ecx
+       xorl    %edi,%eax
+       bswapl  %ebp
+       roll    $5,%ecx
+       leal    1518500249(%rdx,%r11,1),%r11d
+       andl    %r13d,%eax
+       movl    %ebp,52(%rsp)
+       addl    %ecx,%r11d
+       xorl    %edi,%eax
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       movl    %r13d,%eax
+       movl    56(%r9),%edx
+       movl    %r11d,%ecx
+       xorl    %esi,%eax
+       bswapl  %edx
+       roll    $5,%ecx
+       leal    1518500249(%rbp,%rdi,1),%edi
+       andl    %r12d,%eax
+       movl    %edx,56(%rsp)
+       addl    %ecx,%edi
+       xorl    %esi,%eax
+       roll    $30,%r12d
+       addl    %eax,%edi
+       movl    %r12d,%eax
+       movl    60(%r9),%ebp
+       movl    %edi,%ecx
+       xorl    %r13d,%eax
+       bswapl  %ebp
+       roll    $5,%ecx
+       leal    1518500249(%rdx,%rsi,1),%esi
+       andl    %r11d,%eax
+       movl    %ebp,60(%rsp)
+       addl    %ecx,%esi
+       xorl    %r13d,%eax
+       roll    $30,%r11d
+       addl    %eax,%esi
+       movl    0(%rsp),%edx
+       movl    %r11d,%eax
+       movl    %esi,%ecx
+       xorl    8(%rsp),%edx
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       xorl    32(%rsp),%edx
+       andl    %edi,%eax
+       leal    1518500249(%rbp,%r13,1),%r13d
+       xorl    52(%rsp),%edx
+       xorl    %r12d,%eax
+       roll    $1,%edx
+       addl    %ecx,%r13d
+       roll    $30,%edi
+       movl    %edx,0(%rsp)
+       addl    %eax,%r13d
+       movl    4(%rsp),%ebp
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    12(%rsp),%ebp
+       xorl    %r11d,%eax
+       roll    $5,%ecx
+       xorl    36(%rsp),%ebp
+       andl    %esi,%eax
+       leal    1518500249(%rdx,%r12,1),%r12d
+       xorl    56(%rsp),%ebp
+       xorl    %r11d,%eax
+       roll    $1,%ebp
+       addl    %ecx,%r12d
+       roll    $30,%esi
+       movl    %ebp,4(%rsp)
+       addl    %eax,%r12d
+       movl    8(%rsp),%edx
+       movl    %esi,%eax
+       movl    %r12d,%ecx
+       xorl    16(%rsp),%edx
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       xorl    40(%rsp),%edx
+       andl    %r13d,%eax
+       leal    1518500249(%rbp,%r11,1),%r11d
+       xorl    60(%rsp),%edx
+       xorl    %edi,%eax
+       roll    $1,%edx
+       addl    %ecx,%r11d
+       roll    $30,%r13d
+       movl    %edx,8(%rsp)
+       addl    %eax,%r11d
+       movl    12(%rsp),%ebp
+       movl    %r13d,%eax
+       movl    %r11d,%ecx
+       xorl    20(%rsp),%ebp
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       xorl    44(%rsp),%ebp
+       andl    %r12d,%eax
+       leal    1518500249(%rdx,%rdi,1),%edi
+       xorl    0(%rsp),%ebp
+       xorl    %esi,%eax
+       roll    $1,%ebp
+       addl    %ecx,%edi
+       roll    $30,%r12d
+       movl    %ebp,12(%rsp)
+       addl    %eax,%edi
+       movl    16(%rsp),%edx
+       movl    %r12d,%eax
+       movl    %edi,%ecx
+       xorl    24(%rsp),%edx
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       xorl    48(%rsp),%edx
+       andl    %r11d,%eax
+       leal    1518500249(%rbp,%rsi,1),%esi
+       xorl    4(%rsp),%edx
+       xorl    %r13d,%eax
+       roll    $1,%edx
+       addl    %ecx,%esi
+       roll    $30,%r11d
+       movl    %edx,16(%rsp)
+       addl    %eax,%esi
+       movl    20(%rsp),%ebp
+       movl    %r11d,%eax
+       movl    %esi,%ecx
+       xorl    28(%rsp),%ebp
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%r13,1),%r13d
+       xorl    52(%rsp),%ebp
+       xorl    %r12d,%eax
+       addl    %ecx,%r13d
+       xorl    8(%rsp),%ebp
+       roll    $30,%edi
+       addl    %eax,%r13d
+       roll    $1,%ebp
+       movl    %ebp,20(%rsp)
+       movl    24(%rsp),%edx
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    32(%rsp),%edx
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%r12,1),%r12d
+       xorl    56(%rsp),%edx
+       xorl    %r11d,%eax
+       addl    %ecx,%r12d
+       xorl    12(%rsp),%edx
+       roll    $30,%esi
+       addl    %eax,%r12d
+       roll    $1,%edx
+       movl    %edx,24(%rsp)
+       movl    28(%rsp),%ebp
+       movl    %esi,%eax
+       movl    %r12d,%ecx
+       xorl    36(%rsp),%ebp
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%r11,1),%r11d
+       xorl    60(%rsp),%ebp
+       xorl    %edi,%eax
+       addl    %ecx,%r11d
+       xorl    16(%rsp),%ebp
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       roll    $1,%ebp
+       movl    %ebp,28(%rsp)
+       movl    32(%rsp),%edx
+       movl    %r13d,%eax
+       movl    %r11d,%ecx
+       xorl    40(%rsp),%edx
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%rdi,1),%edi
+       xorl    0(%rsp),%edx
+       xorl    %esi,%eax
+       addl    %ecx,%edi
+       xorl    20(%rsp),%edx
+       roll    $30,%r12d
+       addl    %eax,%edi
+       roll    $1,%edx
+       movl    %edx,32(%rsp)
+       movl    36(%rsp),%ebp
+       movl    %r12d,%eax
+       movl    %edi,%ecx
+       xorl    44(%rsp),%ebp
+       xorl    %r11d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%rsi,1),%esi
+       xorl    4(%rsp),%ebp
+       xorl    %r13d,%eax
+       addl    %ecx,%esi
+       xorl    24(%rsp),%ebp
+       roll    $30,%r11d
+       addl    %eax,%esi
+       roll    $1,%ebp
+       movl    %ebp,36(%rsp)
+       movl    40(%rsp),%edx
+       movl    %r11d,%eax
+       movl    %esi,%ecx
+       xorl    48(%rsp),%edx
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%r13,1),%r13d
+       xorl    8(%rsp),%edx
+       xorl    %r12d,%eax
+       addl    %ecx,%r13d
+       xorl    28(%rsp),%edx
+       roll    $30,%edi
+       addl    %eax,%r13d
+       roll    $1,%edx
+       movl    %edx,40(%rsp)
+       movl    44(%rsp),%ebp
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    52(%rsp),%ebp
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%r12,1),%r12d
+       xorl    12(%rsp),%ebp
+       xorl    %r11d,%eax
+       addl    %ecx,%r12d
+       xorl    32(%rsp),%ebp
+       roll    $30,%esi
+       addl    %eax,%r12d
+       roll    $1,%ebp
+       movl    %ebp,44(%rsp)
+       movl    48(%rsp),%edx
+       movl    %esi,%eax
+       movl    %r12d,%ecx
+       xorl    56(%rsp),%edx
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%r11,1),%r11d
+       xorl    16(%rsp),%edx
+       xorl    %edi,%eax
+       addl    %ecx,%r11d
+       xorl    36(%rsp),%edx
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       roll    $1,%edx
+       movl    %edx,48(%rsp)
+       movl    52(%rsp),%ebp
+       movl    %r13d,%eax
+       movl    %r11d,%ecx
+       xorl    60(%rsp),%ebp
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%rdi,1),%edi
+       xorl    20(%rsp),%ebp
+       xorl    %esi,%eax
+       addl    %ecx,%edi
+       xorl    40(%rsp),%ebp
+       roll    $30,%r12d
+       addl    %eax,%edi
+       roll    $1,%ebp
+       movl    %ebp,52(%rsp)
+       movl    56(%rsp),%edx
+       movl    %r12d,%eax
+       movl    %edi,%ecx
+       xorl    0(%rsp),%edx
+       xorl    %r11d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%rsi,1),%esi
+       xorl    24(%rsp),%edx
+       xorl    %r13d,%eax
+       addl    %ecx,%esi
+       xorl    44(%rsp),%edx
+       roll    $30,%r11d
+       addl    %eax,%esi
+       roll    $1,%edx
+       movl    %edx,56(%rsp)
+       movl    60(%rsp),%ebp
+       movl    %r11d,%eax
+       movl    %esi,%ecx
+       xorl    4(%rsp),%ebp
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%r13,1),%r13d
+       xorl    28(%rsp),%ebp
+       xorl    %r12d,%eax
+       addl    %ecx,%r13d
+       xorl    48(%rsp),%ebp
+       roll    $30,%edi
+       addl    %eax,%r13d
+       roll    $1,%ebp
+       movl    %ebp,60(%rsp)
+       movl    0(%rsp),%edx
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    8(%rsp),%edx
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%r12,1),%r12d
+       xorl    32(%rsp),%edx
+       xorl    %r11d,%eax
+       addl    %ecx,%r12d
+       xorl    52(%rsp),%edx
+       roll    $30,%esi
+       addl    %eax,%r12d
+       roll    $1,%edx
+       movl    %edx,0(%rsp)
+       movl    4(%rsp),%ebp
+       movl    %esi,%eax
+       movl    %r12d,%ecx
+       xorl    12(%rsp),%ebp
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%r11,1),%r11d
+       xorl    36(%rsp),%ebp
+       xorl    %edi,%eax
+       addl    %ecx,%r11d
+       xorl    56(%rsp),%ebp
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       roll    $1,%ebp
+       movl    %ebp,4(%rsp)
+       movl    8(%rsp),%edx
+       movl    %r13d,%eax
+       movl    %r11d,%ecx
+       xorl    16(%rsp),%edx
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%rdi,1),%edi
+       xorl    40(%rsp),%edx
+       xorl    %esi,%eax
+       addl    %ecx,%edi
+       xorl    60(%rsp),%edx
+       roll    $30,%r12d
+       addl    %eax,%edi
+       roll    $1,%edx
+       movl    %edx,8(%rsp)
+       movl    12(%rsp),%ebp
+       movl    %r12d,%eax
+       movl    %edi,%ecx
+       xorl    20(%rsp),%ebp
+       xorl    %r11d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%rsi,1),%esi
+       xorl    44(%rsp),%ebp
+       xorl    %r13d,%eax
+       addl    %ecx,%esi
+       xorl    0(%rsp),%ebp
+       roll    $30,%r11d
+       addl    %eax,%esi
+       roll    $1,%ebp
+       movl    %ebp,12(%rsp)
+       movl    16(%rsp),%edx
+       movl    %r11d,%eax
+       movl    %esi,%ecx
+       xorl    24(%rsp),%edx
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%r13,1),%r13d
+       xorl    48(%rsp),%edx
+       xorl    %r12d,%eax
+       addl    %ecx,%r13d
+       xorl    4(%rsp),%edx
+       roll    $30,%edi
+       addl    %eax,%r13d
+       roll    $1,%edx
+       movl    %edx,16(%rsp)
+       movl    20(%rsp),%ebp
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    28(%rsp),%ebp
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%r12,1),%r12d
+       xorl    52(%rsp),%ebp
+       xorl    %r11d,%eax
+       addl    %ecx,%r12d
+       xorl    8(%rsp),%ebp
+       roll    $30,%esi
+       addl    %eax,%r12d
+       roll    $1,%ebp
+       movl    %ebp,20(%rsp)
+       movl    24(%rsp),%edx
+       movl    %esi,%eax
+       movl    %r12d,%ecx
+       xorl    32(%rsp),%edx
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%r11,1),%r11d
+       xorl    56(%rsp),%edx
+       xorl    %edi,%eax
+       addl    %ecx,%r11d
+       xorl    12(%rsp),%edx
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       roll    $1,%edx
+       movl    %edx,24(%rsp)
+       movl    28(%rsp),%ebp
+       movl    %r13d,%eax
+       movl    %r11d,%ecx
+       xorl    36(%rsp),%ebp
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rdx,%rdi,1),%edi
+       xorl    60(%rsp),%ebp
+       xorl    %esi,%eax
+       addl    %ecx,%edi
+       xorl    16(%rsp),%ebp
+       roll    $30,%r12d
+       addl    %eax,%edi
+       roll    $1,%ebp
+       movl    %ebp,28(%rsp)
+       movl    32(%rsp),%edx
+       movl    %r12d,%eax
+       movl    %edi,%ecx
+       xorl    40(%rsp),%edx
+       xorl    %r11d,%eax
+       roll    $5,%ecx
+       leal    1859775393(%rbp,%rsi,1),%esi
+       xorl    0(%rsp),%edx
+       xorl    %r13d,%eax
+       addl    %ecx,%esi
+       xorl    20(%rsp),%edx
+       roll    $30,%r11d
+       addl    %eax,%esi
+       roll    $1,%edx
+       movl    %edx,32(%rsp)
+       movl    36(%rsp),%ebp
+       movl    %r11d,%eax
        movl    %r11d,%ebx
-       movl    20(%r9),%eax
-       movl    %edi,%edx
-       xorl    %r12d,%ebx
-       bswapl  %eax
-       roll    $5,%edx
-       andl    %ebp,%ebx
-       movl    %eax,20(%rsp)
-       addl    %edx,%esi
+       xorl    44(%rsp),%ebp
+       andl    %r12d,%eax
+       movl    %esi,%ecx
+       xorl    4(%rsp),%ebp
        xorl    %r12d,%ebx
-       roll    $30,%ebp
-       addl    %ebx,%esi
-       leal    1518500249(%rax,%r12,1),%edx
-       movl    %ebp,%ebx
-       movl    24(%r9),%eax
-       movl    %esi,%r12d
-       xorl    %r11d,%ebx
-       bswapl  %eax
-       roll    $5,%r12d
+       leal    -1894007588(%rdx,%r13,1),%r13d
+       roll    $5,%ecx
+       xorl    24(%rsp),%ebp
+       addl    %eax,%r13d
        andl    %edi,%ebx
-       movl    %eax,24(%rsp)
-       addl    %r12d,%edx
-       xorl    %r11d,%ebx
+       roll    $1,%ebp
+       addl    %ebx,%r13d
        roll    $30,%edi
-       addl    %ebx,%edx
-       leal    1518500249(%rax,%r11,1),%r12d
+       movl    %ebp,36(%rsp)
+       addl    %ecx,%r13d
+       movl    40(%rsp),%edx
+       movl    %edi,%eax
        movl    %edi,%ebx
-       movl    28(%r9),%eax
-       movl    %edx,%r11d
-       xorl    %ebp,%ebx
-       bswapl  %eax
-       roll    $5,%r11d
+       xorl    48(%rsp),%edx
+       andl    %r11d,%eax
+       movl    %r13d,%ecx
+       xorl    8(%rsp),%edx
+       xorl    %r11d,%ebx
+       leal    -1894007588(%rbp,%r12,1),%r12d
+       roll    $5,%ecx
+       xorl    28(%rsp),%edx
+       addl    %eax,%r12d
        andl    %esi,%ebx
-       movl    %eax,28(%rsp)
-       addl    %r11d,%r12d
-       xorl    %ebp,%ebx
-       roll    $30,%esi
+       roll    $1,%edx
        addl    %ebx,%r12d
-       leal    1518500249(%rax,%rbp,1),%r11d
+       roll    $30,%esi
+       movl    %edx,40(%rsp)
+       addl    %ecx,%r12d
+       movl    44(%rsp),%ebp
+       movl    %esi,%eax
        movl    %esi,%ebx
-       movl    32(%r9),%eax
-       movl    %r12d,%ebp
-       xorl    %edi,%ebx
-       bswapl  %eax
-       roll    $5,%ebp
-       andl    %edx,%ebx
-       movl    %eax,32(%rsp)
-       addl    %ebp,%r11d
+       xorl    52(%rsp),%ebp
+       andl    %edi,%eax
+       movl    %r12d,%ecx
+       xorl    12(%rsp),%ebp
        xorl    %edi,%ebx
-       roll    $30,%edx
+       leal    -1894007588(%rdx,%r11,1),%r11d
+       roll    $5,%ecx
+       xorl    32(%rsp),%ebp
+       addl    %eax,%r11d
+       andl    %r13d,%ebx
+       roll    $1,%ebp
        addl    %ebx,%r11d
-       leal    1518500249(%rax,%rdi,1),%ebp
-       movl    %edx,%ebx
-       movl    36(%r9),%eax
-       movl    %r11d,%edi
+       roll    $30,%r13d
+       movl    %ebp,44(%rsp)
+       addl    %ecx,%r11d
+       movl    48(%rsp),%edx
+       movl    %r13d,%eax
+       movl    %r13d,%ebx
+       xorl    56(%rsp),%edx
+       andl    %esi,%eax
+       movl    %r11d,%ecx
+       xorl    16(%rsp),%edx
        xorl    %esi,%ebx
-       bswapl  %eax
-       roll    $5,%edi
+       leal    -1894007588(%rbp,%rdi,1),%edi
+       roll    $5,%ecx
+       xorl    36(%rsp),%edx
+       addl    %eax,%edi
        andl    %r12d,%ebx
-       movl    %eax,36(%rsp)
-       addl    %edi,%ebp
-       xorl    %esi,%ebx
+       roll    $1,%edx
+       addl    %ebx,%edi
        roll    $30,%r12d
-       addl    %ebx,%ebp
-       leal    1518500249(%rax,%rsi,1),%edi
+       movl    %edx,48(%rsp)
+       addl    %ecx,%edi
+       movl    52(%rsp),%ebp
+       movl    %r12d,%eax
        movl    %r12d,%ebx
-       movl    40(%r9),%eax
-       movl    %ebp,%esi
-       xorl    %edx,%ebx
-       bswapl  %eax
-       roll    $5,%esi
+       xorl    60(%rsp),%ebp
+       andl    %r13d,%eax
+       movl    %edi,%ecx
+       xorl    20(%rsp),%ebp
+       xorl    %r13d,%ebx
+       leal    -1894007588(%rdx,%rsi,1),%esi
+       roll    $5,%ecx
+       xorl    40(%rsp),%ebp
+       addl    %eax,%esi
        andl    %r11d,%ebx
-       movl    %eax,40(%rsp)
-       addl    %esi,%edi
-       xorl    %edx,%ebx
+       roll    $1,%ebp
+       addl    %ebx,%esi
        roll    $30,%r11d
-       addl    %ebx,%edi
-       leal    1518500249(%rax,%rdx,1),%esi
+       movl    %ebp,52(%rsp)
+       addl    %ecx,%esi
+       movl    56(%rsp),%edx
+       movl    %r11d,%eax
        movl    %r11d,%ebx
-       movl    44(%r9),%eax
-       movl    %edi,%edx
-       xorl    %r12d,%ebx
-       bswapl  %eax
-       roll    $5,%edx
-       andl    %ebp,%ebx
-       movl    %eax,44(%rsp)
-       addl    %edx,%esi
+       xorl    0(%rsp),%edx
+       andl    %r12d,%eax
+       movl    %esi,%ecx
+       xorl    24(%rsp),%edx
        xorl    %r12d,%ebx
-       roll    $30,%ebp
-       addl    %ebx,%esi
-       leal    1518500249(%rax,%r12,1),%edx
-       movl    %ebp,%ebx
-       movl    48(%r9),%eax
-       movl    %esi,%r12d
-       xorl    %r11d,%ebx
-       bswapl  %eax
-       roll    $5,%r12d
+       leal    -1894007588(%rbp,%r13,1),%r13d
+       roll    $5,%ecx
+       xorl    44(%rsp),%edx
+       addl    %eax,%r13d
        andl    %edi,%ebx
-       movl    %eax,48(%rsp)
-       addl    %r12d,%edx
-       xorl    %r11d,%ebx
+       roll    $1,%edx
+       addl    %ebx,%r13d
        roll    $30,%edi
-       addl    %ebx,%edx
-       leal    1518500249(%rax,%r11,1),%r12d
+       movl    %edx,56(%rsp)
+       addl    %ecx,%r13d
+       movl    60(%rsp),%ebp
+       movl    %edi,%eax
        movl    %edi,%ebx
-       movl    52(%r9),%eax
-       movl    %edx,%r11d
-       xorl    %ebp,%ebx
-       bswapl  %eax
-       roll    $5,%r11d
+       xorl    4(%rsp),%ebp
+       andl    %r11d,%eax
+       movl    %r13d,%ecx
+       xorl    28(%rsp),%ebp
+       xorl    %r11d,%ebx
+       leal    -1894007588(%rdx,%r12,1),%r12d
+       roll    $5,%ecx
+       xorl    48(%rsp),%ebp
+       addl    %eax,%r12d
        andl    %esi,%ebx
-       movl    %eax,52(%rsp)
-       addl    %r11d,%r12d
-       xorl    %ebp,%ebx
-       roll    $30,%esi
+       roll    $1,%ebp
        addl    %ebx,%r12d
-       leal    1518500249(%rax,%rbp,1),%r11d
+       roll    $30,%esi
+       movl    %ebp,60(%rsp)
+       addl    %ecx,%r12d
+       movl    0(%rsp),%edx
+       movl    %esi,%eax
        movl    %esi,%ebx
-       movl    56(%r9),%eax
-       movl    %r12d,%ebp
-       xorl    %edi,%ebx
-       bswapl  %eax
-       roll    $5,%ebp
-       andl    %edx,%ebx
-       movl    %eax,56(%rsp)
-       addl    %ebp,%r11d
+       xorl    8(%rsp),%edx
+       andl    %edi,%eax
+       movl    %r12d,%ecx
+       xorl    32(%rsp),%edx
        xorl    %edi,%ebx
-       roll    $30,%edx
+       leal    -1894007588(%rbp,%r11,1),%r11d
+       roll    $5,%ecx
+       xorl    52(%rsp),%edx
+       addl    %eax,%r11d
+       andl    %r13d,%ebx
+       roll    $1,%edx
        addl    %ebx,%r11d
-       leal    1518500249(%rax,%rdi,1),%ebp
-       movl    %edx,%ebx
-       movl    60(%r9),%eax
-       movl    %r11d,%edi
+       roll    $30,%r13d
+       movl    %edx,0(%rsp)
+       addl    %ecx,%r11d
+       movl    4(%rsp),%ebp
+       movl    %r13d,%eax
+       movl    %r13d,%ebx
+       xorl    12(%rsp),%ebp
+       andl    %esi,%eax
+       movl    %r11d,%ecx
+       xorl    36(%rsp),%ebp
        xorl    %esi,%ebx
-       bswapl  %eax
-       roll    $5,%edi
+       leal    -1894007588(%rdx,%rdi,1),%edi
+       roll    $5,%ecx
+       xorl    56(%rsp),%ebp
+       addl    %eax,%edi
        andl    %r12d,%ebx
-       movl    %eax,60(%rsp)
-       addl    %edi,%ebp
-       xorl    %esi,%ebx
+       roll    $1,%ebp
+       addl    %ebx,%edi
        roll    $30,%r12d
-       addl    %ebx,%ebp
-       leal    1518500249(%rax,%rsi,1),%edi
-       movl    0(%rsp),%eax
+       movl    %ebp,4(%rsp)
+       addl    %ecx,%edi
+       movl    8(%rsp),%edx
+       movl    %r12d,%eax
        movl    %r12d,%ebx
-       movl    %ebp,%esi
-       xorl    8(%rsp),%eax
-       xorl    %edx,%ebx
-       roll    $5,%esi
-       xorl    32(%rsp),%eax
+       xorl    16(%rsp),%edx
+       andl    %r13d,%eax
+       movl    %edi,%ecx
+       xorl    40(%rsp),%edx
+       xorl    %r13d,%ebx
+       leal    -1894007588(%rbp,%rsi,1),%esi
+       roll    $5,%ecx
+       xorl    60(%rsp),%edx
+       addl    %eax,%esi
        andl    %r11d,%ebx
-       addl    %esi,%edi
-       xorl    52(%rsp),%eax
-       xorl    %edx,%ebx
+       roll    $1,%edx
+       addl    %ebx,%esi
        roll    $30,%r11d
-       addl    %ebx,%edi
-       roll    $1,%eax
-       movl    %eax,0(%rsp)
-       leal    1518500249(%rax,%rdx,1),%esi
-       movl    4(%rsp),%eax
+       movl    %edx,8(%rsp)
+       addl    %ecx,%esi
+       movl    12(%rsp),%ebp
+       movl    %r11d,%eax
        movl    %r11d,%ebx
-       movl    %edi,%edx
-       xorl    12(%rsp),%eax
-       xorl    %r12d,%ebx
-       roll    $5,%edx
-       xorl    36(%rsp),%eax
-       andl    %ebp,%ebx
-       addl    %edx,%esi
-       xorl    56(%rsp),%eax
+       xorl    20(%rsp),%ebp
+       andl    %r12d,%eax
+       movl    %esi,%ecx
+       xorl    44(%rsp),%ebp
        xorl    %r12d,%ebx
-       roll    $30,%ebp
-       addl    %ebx,%esi
-       roll    $1,%eax
-       movl    %eax,4(%rsp)
-       leal    1518500249(%rax,%r12,1),%edx
-       movl    8(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %esi,%r12d
-       xorl    16(%rsp),%eax
-       xorl    %r11d,%ebx
-       roll    $5,%r12d
-       xorl    40(%rsp),%eax
+       leal    -1894007588(%rdx,%r13,1),%r13d
+       roll    $5,%ecx
+       xorl    0(%rsp),%ebp
+       addl    %eax,%r13d
        andl    %edi,%ebx
-       addl    %r12d,%edx
-       xorl    60(%rsp),%eax
-       xorl    %r11d,%ebx
+       roll    $1,%ebp
+       addl    %ebx,%r13d
        roll    $30,%edi
-       addl    %ebx,%edx
-       roll    $1,%eax
-       movl    %eax,8(%rsp)
-       leal    1518500249(%rax,%r11,1),%r12d
-       movl    12(%rsp),%eax
+       movl    %ebp,12(%rsp)
+       addl    %ecx,%r13d
+       movl    16(%rsp),%edx
+       movl    %edi,%eax
        movl    %edi,%ebx
-       movl    %edx,%r11d
-       xorl    20(%rsp),%eax
-       xorl    %ebp,%ebx
-       roll    $5,%r11d
-       xorl    44(%rsp),%eax
+       xorl    24(%rsp),%edx
+       andl    %r11d,%eax
+       movl    %r13d,%ecx
+       xorl    48(%rsp),%edx
+       xorl    %r11d,%ebx
+       leal    -1894007588(%rbp,%r12,1),%r12d
+       roll    $5,%ecx
+       xorl    4(%rsp),%edx
+       addl    %eax,%r12d
        andl    %esi,%ebx
-       addl    %r11d,%r12d
-       xorl    0(%rsp),%eax
-       xorl    %ebp,%ebx
-       roll    $30,%esi
+       roll    $1,%edx
        addl    %ebx,%r12d
-       roll    $1,%eax
-       movl    %eax,12(%rsp)
-       leal    1518500249(%rax,%rbp,1),%r11d
-       movl    16(%rsp),%eax
+       roll    $30,%esi
+       movl    %edx,16(%rsp)
+       addl    %ecx,%r12d
+       movl    20(%rsp),%ebp
+       movl    %esi,%eax
        movl    %esi,%ebx
-       movl    %r12d,%ebp
-       xorl    24(%rsp),%eax
-       xorl    %edi,%ebx
-       roll    $5,%ebp
-       xorl    48(%rsp),%eax
-       andl    %edx,%ebx
-       addl    %ebp,%r11d
-       xorl    4(%rsp),%eax
+       xorl    28(%rsp),%ebp
+       andl    %edi,%eax
+       movl    %r12d,%ecx
+       xorl    52(%rsp),%ebp
        xorl    %edi,%ebx
-       roll    $30,%edx
+       leal    -1894007588(%rdx,%r11,1),%r11d
+       roll    $5,%ecx
+       xorl    8(%rsp),%ebp
+       addl    %eax,%r11d
+       andl    %r13d,%ebx
+       roll    $1,%ebp
        addl    %ebx,%r11d
-       roll    $1,%eax
-       movl    %eax,16(%rsp)
-       leal    1859775393(%rax,%rdi,1),%ebp
-       movl    20(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %r11d,%edi
-       xorl    28(%rsp),%eax
-       xorl    %r12d,%ebx
-       roll    $5,%edi
-       xorl    52(%rsp),%eax
+       roll    $30,%r13d
+       movl    %ebp,20(%rsp)
+       addl    %ecx,%r11d
+       movl    24(%rsp),%edx
+       movl    %r13d,%eax
+       movl    %r13d,%ebx
+       xorl    32(%rsp),%edx
+       andl    %esi,%eax
+       movl    %r11d,%ecx
+       xorl    56(%rsp),%edx
        xorl    %esi,%ebx
-       addl    %edi,%ebp
-       xorl    8(%rsp),%eax
+       leal    -1894007588(%rbp,%rdi,1),%edi
+       roll    $5,%ecx
+       xorl    12(%rsp),%edx
+       addl    %eax,%edi
+       andl    %r12d,%ebx
+       roll    $1,%edx
+       addl    %ebx,%edi
        roll    $30,%r12d
-       addl    %ebx,%ebp
-       roll    $1,%eax
-       movl    %eax,20(%rsp)
-       leal    1859775393(%rax,%rsi,1),%edi
-       movl    24(%rsp),%eax
+       movl    %edx,24(%rsp)
+       addl    %ecx,%edi
+       movl    28(%rsp),%ebp
+       movl    %r12d,%eax
        movl    %r12d,%ebx
-       movl    %ebp,%esi
-       xorl    32(%rsp),%eax
-       xorl    %r11d,%ebx
-       roll    $5,%esi
-       xorl    56(%rsp),%eax
-       xorl    %edx,%ebx
-       addl    %esi,%edi
-       xorl    12(%rsp),%eax
+       xorl    36(%rsp),%ebp
+       andl    %r13d,%eax
+       movl    %edi,%ecx
+       xorl    60(%rsp),%ebp
+       xorl    %r13d,%ebx
+       leal    -1894007588(%rdx,%rsi,1),%esi
+       roll    $5,%ecx
+       xorl    16(%rsp),%ebp
+       addl    %eax,%esi
+       andl    %r11d,%ebx
+       roll    $1,%ebp
+       addl    %ebx,%esi
        roll    $30,%r11d
-       addl    %ebx,%edi
-       roll    $1,%eax
-       movl    %eax,24(%rsp)
-       leal    1859775393(%rax,%rdx,1),%esi
-       movl    28(%rsp),%eax
+       movl    %ebp,28(%rsp)
+       addl    %ecx,%esi
+       movl    32(%rsp),%edx
+       movl    %r11d,%eax
        movl    %r11d,%ebx
-       movl    %edi,%edx
-       xorl    36(%rsp),%eax
-       xorl    %ebp,%ebx
-       roll    $5,%edx
-       xorl    60(%rsp),%eax
+       xorl    40(%rsp),%edx
+       andl    %r12d,%eax
+       movl    %esi,%ecx
+       xorl    0(%rsp),%edx
        xorl    %r12d,%ebx
-       addl    %edx,%esi
-       xorl    16(%rsp),%eax
-       roll    $30,%ebp
-       addl    %ebx,%esi
-       roll    $1,%eax
-       movl    %eax,28(%rsp)
-       leal    1859775393(%rax,%r12,1),%edx
-       movl    32(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %esi,%r12d
-       xorl    40(%rsp),%eax
-       xorl    %edi,%ebx
-       roll    $5,%r12d
-       xorl    0(%rsp),%eax
-       xorl    %r11d,%ebx
-       addl    %r12d,%edx
-       xorl    20(%rsp),%eax
+       leal    -1894007588(%rbp,%r13,1),%r13d
+       roll    $5,%ecx
+       xorl    20(%rsp),%edx
+       addl    %eax,%r13d
+       andl    %edi,%ebx
+       roll    $1,%edx
+       addl    %ebx,%r13d
        roll    $30,%edi
-       addl    %ebx,%edx
-       roll    $1,%eax
-       movl    %eax,32(%rsp)
-       leal    1859775393(%rax,%r11,1),%r12d
-       movl    36(%rsp),%eax
+       movl    %edx,32(%rsp)
+       addl    %ecx,%r13d
+       movl    36(%rsp),%ebp
+       movl    %edi,%eax
        movl    %edi,%ebx
-       movl    %edx,%r11d
-       xorl    44(%rsp),%eax
-       xorl    %esi,%ebx
-       roll    $5,%r11d
-       xorl    4(%rsp),%eax
-       xorl    %ebp,%ebx
-       addl    %r11d,%r12d
-       xorl    24(%rsp),%eax
-       roll    $30,%esi
+       xorl    44(%rsp),%ebp
+       andl    %r11d,%eax
+       movl    %r13d,%ecx
+       xorl    4(%rsp),%ebp
+       xorl    %r11d,%ebx
+       leal    -1894007588(%rdx,%r12,1),%r12d
+       roll    $5,%ecx
+       xorl    24(%rsp),%ebp
+       addl    %eax,%r12d
+       andl    %esi,%ebx
+       roll    $1,%ebp
        addl    %ebx,%r12d
-       roll    $1,%eax
-       movl    %eax,36(%rsp)
-       leal    1859775393(%rax,%rbp,1),%r11d
-       movl    40(%rsp),%eax
+       roll    $30,%esi
+       movl    %ebp,36(%rsp)
+       addl    %ecx,%r12d
+       movl    40(%rsp),%edx
+       movl    %esi,%eax
        movl    %esi,%ebx
-       movl    %r12d,%ebp
-       xorl    48(%rsp),%eax
-       xorl    %edx,%ebx
-       roll    $5,%ebp
-       xorl    8(%rsp),%eax
+       xorl    48(%rsp),%edx
+       andl    %edi,%eax
+       movl    %r12d,%ecx
+       xorl    8(%rsp),%edx
        xorl    %edi,%ebx
-       addl    %ebp,%r11d
-       xorl    28(%rsp),%eax
-       roll    $30,%edx
+       leal    -1894007588(%rbp,%r11,1),%r11d
+       roll    $5,%ecx
+       xorl    28(%rsp),%edx
+       addl    %eax,%r11d
+       andl    %r13d,%ebx
+       roll    $1,%edx
        addl    %ebx,%r11d
-       roll    $1,%eax
-       movl    %eax,40(%rsp)
-       leal    1859775393(%rax,%rdi,1),%ebp
-       movl    44(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %r11d,%edi
-       xorl    52(%rsp),%eax
-       xorl    %r12d,%ebx
-       roll    $5,%edi
-       xorl    12(%rsp),%eax
+       roll    $30,%r13d
+       movl    %edx,40(%rsp)
+       addl    %ecx,%r11d
+       movl    44(%rsp),%ebp
+       movl    %r13d,%eax
+       movl    %r13d,%ebx
+       xorl    52(%rsp),%ebp
+       andl    %esi,%eax
+       movl    %r11d,%ecx
+       xorl    12(%rsp),%ebp
        xorl    %esi,%ebx
-       addl    %edi,%ebp
-       xorl    32(%rsp),%eax
+       leal    -1894007588(%rdx,%rdi,1),%edi
+       roll    $5,%ecx
+       xorl    32(%rsp),%ebp
+       addl    %eax,%edi
+       andl    %r12d,%ebx
+       roll    $1,%ebp
+       addl    %ebx,%edi
        roll    $30,%r12d
-       addl    %ebx,%ebp
-       roll    $1,%eax
-       movl    %eax,44(%rsp)
-       leal    1859775393(%rax,%rsi,1),%edi
-       movl    48(%rsp),%eax
+       movl    %ebp,44(%rsp)
+       addl    %ecx,%edi
+       movl    48(%rsp),%edx
+       movl    %r12d,%eax
        movl    %r12d,%ebx
-       movl    %ebp,%esi
-       xorl    56(%rsp),%eax
-       xorl    %r11d,%ebx
-       roll    $5,%esi
-       xorl    16(%rsp),%eax
-       xorl    %edx,%ebx
-       addl    %esi,%edi
-       xorl    36(%rsp),%eax
-       roll    $30,%r11d
-       addl    %ebx,%edi
-       roll    $1,%eax
-       movl    %eax,48(%rsp)
-       leal    1859775393(%rax,%rdx,1),%esi
-       movl    52(%rsp),%eax
-       movl    %r11d,%ebx
-       movl    %edi,%edx
-       xorl    60(%rsp),%eax
-       xorl    %ebp,%ebx
-       roll    $5,%edx
-       xorl    20(%rsp),%eax
-       xorl    %r12d,%ebx
-       addl    %edx,%esi
-       xorl    40(%rsp),%eax
-       roll    $30,%ebp
+       xorl    56(%rsp),%edx
+       andl    %r13d,%eax
+       movl    %edi,%ecx
+       xorl    16(%rsp),%edx
+       xorl    %r13d,%ebx
+       leal    -1894007588(%rbp,%rsi,1),%esi
+       roll    $5,%ecx
+       xorl    36(%rsp),%edx
+       addl    %eax,%esi
+       andl    %r11d,%ebx
+       roll    $1,%edx
        addl    %ebx,%esi
-       roll    $1,%eax
-       movl    %eax,52(%rsp)
-       leal    1859775393(%rax,%r12,1),%edx
-       movl    56(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %esi,%r12d
-       xorl    0(%rsp),%eax
-       xorl    %edi,%ebx
-       roll    $5,%r12d
-       xorl    24(%rsp),%eax
-       xorl    %r11d,%ebx
-       addl    %r12d,%edx
-       xorl    44(%rsp),%eax
+       roll    $30,%r11d
+       movl    %edx,48(%rsp)
+       addl    %ecx,%esi
+       movl    52(%rsp),%ebp
+       movl    %r11d,%eax
+       movl    %esi,%ecx
+       xorl    60(%rsp),%ebp
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%r13,1),%r13d
+       xorl    20(%rsp),%ebp
+       xorl    %r12d,%eax
+       addl    %ecx,%r13d
+       xorl    40(%rsp),%ebp
        roll    $30,%edi
-       addl    %ebx,%edx
-       roll    $1,%eax
-       movl    %eax,56(%rsp)
-       leal    1859775393(%rax,%r11,1),%r12d
-       movl    60(%rsp),%eax
-       movl    %edi,%ebx
-       movl    %edx,%r11d
-       xorl    4(%rsp),%eax
-       xorl    %esi,%ebx
-       roll    $5,%r11d
-       xorl    28(%rsp),%eax
-       xorl    %ebp,%ebx
-       addl    %r11d,%r12d
-       xorl    48(%rsp),%eax
+       addl    %eax,%r13d
+       roll    $1,%ebp
+       movl    %ebp,52(%rsp)
+       movl    56(%rsp),%edx
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    0(%rsp),%edx
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%r12,1),%r12d
+       xorl    24(%rsp),%edx
+       xorl    %r11d,%eax
+       addl    %ecx,%r12d
+       xorl    44(%rsp),%edx
        roll    $30,%esi
-       addl    %ebx,%r12d
-       roll    $1,%eax
-       movl    %eax,60(%rsp)
-       leal    1859775393(%rax,%rbp,1),%r11d
-       movl    0(%rsp),%eax
-       movl    %esi,%ebx
-       movl    %r12d,%ebp
-       xorl    8(%rsp),%eax
-       xorl    %edx,%ebx
-       roll    $5,%ebp
-       xorl    32(%rsp),%eax
-       xorl    %edi,%ebx
-       addl    %ebp,%r11d
-       xorl    52(%rsp),%eax
-       roll    $30,%edx
-       addl    %ebx,%r11d
-       roll    $1,%eax
-       movl    %eax,0(%rsp)
-       leal    1859775393(%rax,%rdi,1),%ebp
-       movl    4(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %r11d,%edi
-       xorl    12(%rsp),%eax
-       xorl    %r12d,%ebx
-       roll    $5,%edi
-       xorl    36(%rsp),%eax
-       xorl    %esi,%ebx
-       addl    %edi,%ebp
-       xorl    56(%rsp),%eax
+       addl    %eax,%r12d
+       roll    $1,%edx
+       movl    %edx,56(%rsp)
+       movl    60(%rsp),%ebp
+       movl    %esi,%eax
+       movl    %r12d,%ecx
+       xorl    4(%rsp),%ebp
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%r11,1),%r11d
+       xorl    28(%rsp),%ebp
+       xorl    %edi,%eax
+       addl    %ecx,%r11d
+       xorl    48(%rsp),%ebp
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       roll    $1,%ebp
+       movl    %ebp,60(%rsp)
+       movl    0(%rsp),%edx
+       movl    %r13d,%eax
+       movl    %r11d,%ecx
+       xorl    8(%rsp),%edx
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%rdi,1),%edi
+       xorl    32(%rsp),%edx
+       xorl    %esi,%eax
+       addl    %ecx,%edi
+       xorl    52(%rsp),%edx
        roll    $30,%r12d
-       addl    %ebx,%ebp
-       roll    $1,%eax
-       movl    %eax,4(%rsp)
-       leal    1859775393(%rax,%rsi,1),%edi
-       movl    8(%rsp),%eax
-       movl    %r12d,%ebx
-       movl    %ebp,%esi
-       xorl    16(%rsp),%eax
-       xorl    %r11d,%ebx
-       roll    $5,%esi
-       xorl    40(%rsp),%eax
-       xorl    %edx,%ebx
-       addl    %esi,%edi
-       xorl    60(%rsp),%eax
+       addl    %eax,%edi
+       roll    $1,%edx
+       movl    %edx,0(%rsp)
+       movl    4(%rsp),%ebp
+       movl    %r12d,%eax
+       movl    %edi,%ecx
+       xorl    12(%rsp),%ebp
+       xorl    %r11d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%rsi,1),%esi
+       xorl    36(%rsp),%ebp
+       xorl    %r13d,%eax
+       addl    %ecx,%esi
+       xorl    56(%rsp),%ebp
        roll    $30,%r11d
-       addl    %ebx,%edi
-       roll    $1,%eax
-       movl    %eax,8(%rsp)
-       leal    1859775393(%rax,%rdx,1),%esi
-       movl    12(%rsp),%eax
-       movl    %r11d,%ebx
-       movl    %edi,%edx
-       xorl    20(%rsp),%eax
-       xorl    %ebp,%ebx
-       roll    $5,%edx
-       xorl    44(%rsp),%eax
-       xorl    %r12d,%ebx
-       addl    %edx,%esi
-       xorl    0(%rsp),%eax
-       roll    $30,%ebp
-       addl    %ebx,%esi
-       roll    $1,%eax
-       movl    %eax,12(%rsp)
-       leal    1859775393(%rax,%r12,1),%edx
-       movl    16(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %esi,%r12d
-       xorl    24(%rsp),%eax
-       xorl    %edi,%ebx
-       roll    $5,%r12d
-       xorl    48(%rsp),%eax
-       xorl    %r11d,%ebx
-       addl    %r12d,%edx
-       xorl    4(%rsp),%eax
+       addl    %eax,%esi
+       roll    $1,%ebp
+       movl    %ebp,4(%rsp)
+       movl    8(%rsp),%edx
+       movl    %r11d,%eax
+       movl    %esi,%ecx
+       xorl    16(%rsp),%edx
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%r13,1),%r13d
+       xorl    40(%rsp),%edx
+       xorl    %r12d,%eax
+       addl    %ecx,%r13d
+       xorl    60(%rsp),%edx
        roll    $30,%edi
-       addl    %ebx,%edx
-       roll    $1,%eax
-       movl    %eax,16(%rsp)
-       leal    1859775393(%rax,%r11,1),%r12d
-       movl    20(%rsp),%eax
-       movl    %edi,%ebx
-       movl    %edx,%r11d
-       xorl    28(%rsp),%eax
-       xorl    %esi,%ebx
-       roll    $5,%r11d
-       xorl    52(%rsp),%eax
-       xorl    %ebp,%ebx
-       addl    %r11d,%r12d
-       xorl    8(%rsp),%eax
+       addl    %eax,%r13d
+       roll    $1,%edx
+       movl    %edx,8(%rsp)
+       movl    12(%rsp),%ebp
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    20(%rsp),%ebp
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%r12,1),%r12d
+       xorl    44(%rsp),%ebp
+       xorl    %r11d,%eax
+       addl    %ecx,%r12d
+       xorl    0(%rsp),%ebp
        roll    $30,%esi
-       addl    %ebx,%r12d
-       roll    $1,%eax
-       movl    %eax,20(%rsp)
-       leal    1859775393(%rax,%rbp,1),%r11d
-       movl    24(%rsp),%eax
-       movl    %esi,%ebx
-       movl    %r12d,%ebp
-       xorl    32(%rsp),%eax
-       xorl    %edx,%ebx
-       roll    $5,%ebp
-       xorl    56(%rsp),%eax
-       xorl    %edi,%ebx
-       addl    %ebp,%r11d
-       xorl    12(%rsp),%eax
-       roll    $30,%edx
-       addl    %ebx,%r11d
-       roll    $1,%eax
-       movl    %eax,24(%rsp)
-       leal    1859775393(%rax,%rdi,1),%ebp
-       movl    28(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %r11d,%edi
-       xorl    36(%rsp),%eax
-       xorl    %r12d,%ebx
-       roll    $5,%edi
-       xorl    60(%rsp),%eax
-       xorl    %esi,%ebx
-       addl    %edi,%ebp
-       xorl    16(%rsp),%eax
+       addl    %eax,%r12d
+       roll    $1,%ebp
+       movl    %ebp,12(%rsp)
+       movl    16(%rsp),%edx
+       movl    %esi,%eax
+       movl    %r12d,%ecx
+       xorl    24(%rsp),%edx
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%r11,1),%r11d
+       xorl    48(%rsp),%edx
+       xorl    %edi,%eax
+       addl    %ecx,%r11d
+       xorl    4(%rsp),%edx
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       roll    $1,%edx
+       movl    %edx,16(%rsp)
+       movl    20(%rsp),%ebp
+       movl    %r13d,%eax
+       movl    %r11d,%ecx
+       xorl    28(%rsp),%ebp
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%rdi,1),%edi
+       xorl    52(%rsp),%ebp
+       xorl    %esi,%eax
+       addl    %ecx,%edi
+       xorl    8(%rsp),%ebp
        roll    $30,%r12d
-       addl    %ebx,%ebp
-       roll    $1,%eax
-       movl    %eax,28(%rsp)
-       leal    1859775393(%rax,%rsi,1),%edi
-       movl    32(%rsp),%eax
-       movl    %r12d,%ebx
-       movl    %ebp,%esi
-       xorl    40(%rsp),%eax
-       xorl    %r11d,%ebx
-       roll    $5,%esi
-       xorl    0(%rsp),%eax
-       xorl    %edx,%ebx
-       addl    %esi,%edi
-       xorl    20(%rsp),%eax
-       roll    $30,%r11d
-       addl    %ebx,%edi
-       roll    $1,%eax
-       movl    %eax,32(%rsp)
-       leal    -1894007588(%rax,%rdx,1),%esi
-       movl    36(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %ebp,%ecx
-       xorl    44(%rsp),%eax
-       movl    %edi,%edx
-       andl    %r11d,%ebx
-       xorl    4(%rsp),%eax
-       orl     %r11d,%ecx
-       roll    $5,%edx
-       xorl    24(%rsp),%eax
-       andl    %r12d,%ecx
-       addl    %edx,%esi
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%ebp
-       movl    %eax,36(%rsp)
-       addl    %ebx,%esi
-       leal    -1894007588(%rax,%r12,1),%edx
-       movl    40(%rsp),%eax
-       movl    %edi,%ebx
+       addl    %eax,%edi
+       roll    $1,%ebp
+       movl    %ebp,20(%rsp)
+       movl    24(%rsp),%edx
+       movl    %r12d,%eax
        movl    %edi,%ecx
-       xorl    48(%rsp),%eax
-       movl    %esi,%r12d
-       andl    %ebp,%ebx
-       xorl    8(%rsp),%eax
-       orl     %ebp,%ecx
-       roll    $5,%r12d
-       xorl    28(%rsp),%eax
-       andl    %r11d,%ecx
-       addl    %r12d,%edx
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%edi
-       movl    %eax,40(%rsp)
-       addl    %ebx,%edx
-       leal    -1894007588(%rax,%r11,1),%r12d
-       movl    44(%rsp),%eax
-       movl    %esi,%ebx
+       xorl    32(%rsp),%edx
+       xorl    %r11d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%rsi,1),%esi
+       xorl    56(%rsp),%edx
+       xorl    %r13d,%eax
+       addl    %ecx,%esi
+       xorl    12(%rsp),%edx
+       roll    $30,%r11d
+       addl    %eax,%esi
+       roll    $1,%edx
+       movl    %edx,24(%rsp)
+       movl    28(%rsp),%ebp
+       movl    %r11d,%eax
        movl    %esi,%ecx
-       xorl    52(%rsp),%eax
-       movl    %edx,%r11d
-       andl    %edi,%ebx
-       xorl    12(%rsp),%eax
-       orl     %edi,%ecx
-       roll    $5,%r11d
-       xorl    32(%rsp),%eax
-       andl    %ebp,%ecx
-       addl    %r11d,%r12d
-       roll    $1,%eax
-       orl     %ecx,%ebx
+       xorl    36(%rsp),%ebp
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%r13,1),%r13d
+       xorl    60(%rsp),%ebp
+       xorl    %r12d,%eax
+       addl    %ecx,%r13d
+       xorl    16(%rsp),%ebp
+       roll    $30,%edi
+       addl    %eax,%r13d
+       roll    $1,%ebp
+       movl    %ebp,28(%rsp)
+       movl    32(%rsp),%edx
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    40(%rsp),%edx
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%r12,1),%r12d
+       xorl    0(%rsp),%edx
+       xorl    %r11d,%eax
+       addl    %ecx,%r12d
+       xorl    20(%rsp),%edx
        roll    $30,%esi
-       movl    %eax,44(%rsp)
-       addl    %ebx,%r12d
-       leal    -1894007588(%rax,%rbp,1),%r11d
-       movl    48(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %edx,%ecx
-       xorl    56(%rsp),%eax
-       movl    %r12d,%ebp
-       andl    %esi,%ebx
-       xorl    16(%rsp),%eax
-       orl     %esi,%ecx
-       roll    $5,%ebp
-       xorl    36(%rsp),%eax
-       andl    %edi,%ecx
-       addl    %ebp,%r11d
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%edx
-       movl    %eax,48(%rsp)
-       addl    %ebx,%r11d
-       leal    -1894007588(%rax,%rdi,1),%ebp
-       movl    52(%rsp),%eax
-       movl    %r12d,%ebx
+       addl    %eax,%r12d
+       roll    $1,%edx
+       movl    %edx,32(%rsp)
+       movl    36(%rsp),%ebp
+       movl    %esi,%eax
        movl    %r12d,%ecx
-       xorl    60(%rsp),%eax
-       movl    %r11d,%edi
-       andl    %edx,%ebx
-       xorl    20(%rsp),%eax
-       orl     %edx,%ecx
-       roll    $5,%edi
-       xorl    40(%rsp),%eax
-       andl    %esi,%ecx
-       addl    %edi,%ebp
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%r12d
-       movl    %eax,52(%rsp)
-       addl    %ebx,%ebp
-       leal    -1894007588(%rax,%rsi,1),%edi
-       movl    56(%rsp),%eax
-       movl    %r11d,%ebx
+       xorl    44(%rsp),%ebp
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%r11,1),%r11d
+       xorl    4(%rsp),%ebp
+       xorl    %edi,%eax
+       addl    %ecx,%r11d
+       xorl    24(%rsp),%ebp
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       roll    $1,%ebp
+       movl    %ebp,36(%rsp)
+       movl    40(%rsp),%edx
+       movl    %r13d,%eax
        movl    %r11d,%ecx
-       xorl    0(%rsp),%eax
-       movl    %ebp,%esi
-       andl    %r12d,%ebx
-       xorl    24(%rsp),%eax
-       orl     %r12d,%ecx
-       roll    $5,%esi
-       xorl    44(%rsp),%eax
-       andl    %edx,%ecx
-       addl    %esi,%edi
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%r11d
-       movl    %eax,56(%rsp)
-       addl    %ebx,%edi
-       leal    -1894007588(%rax,%rdx,1),%esi
-       movl    60(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %ebp,%ecx
-       xorl    4(%rsp),%eax
-       movl    %edi,%edx
-       andl    %r11d,%ebx
-       xorl    28(%rsp),%eax
-       orl     %r11d,%ecx
-       roll    $5,%edx
-       xorl    48(%rsp),%eax
-       andl    %r12d,%ecx
-       addl    %edx,%esi
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%ebp
-       movl    %eax,60(%rsp)
-       addl    %ebx,%esi
-       leal    -1894007588(%rax,%r12,1),%edx
-       movl    0(%rsp),%eax
-       movl    %edi,%ebx
+       xorl    48(%rsp),%edx
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%rdi,1),%edi
+       xorl    8(%rsp),%edx
+       xorl    %esi,%eax
+       addl    %ecx,%edi
+       xorl    28(%rsp),%edx
+       roll    $30,%r12d
+       addl    %eax,%edi
+       roll    $1,%edx
+       movl    %edx,40(%rsp)
+       movl    44(%rsp),%ebp
+       movl    %r12d,%eax
        movl    %edi,%ecx
-       xorl    8(%rsp),%eax
-       movl    %esi,%r12d
-       andl    %ebp,%ebx
-       xorl    32(%rsp),%eax
-       orl     %ebp,%ecx
-       roll    $5,%r12d
-       xorl    52(%rsp),%eax
-       andl    %r11d,%ecx
-       addl    %r12d,%edx
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%edi
-       movl    %eax,0(%rsp)
-       addl    %ebx,%edx
-       leal    -1894007588(%rax,%r11,1),%r12d
-       movl    4(%rsp),%eax
-       movl    %esi,%ebx
+       xorl    52(%rsp),%ebp
+       xorl    %r11d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%rsi,1),%esi
+       xorl    12(%rsp),%ebp
+       xorl    %r13d,%eax
+       addl    %ecx,%esi
+       xorl    32(%rsp),%ebp
+       roll    $30,%r11d
+       addl    %eax,%esi
+       roll    $1,%ebp
+       movl    %ebp,44(%rsp)
+       movl    48(%rsp),%edx
+       movl    %r11d,%eax
        movl    %esi,%ecx
-       xorl    12(%rsp),%eax
-       movl    %edx,%r11d
-       andl    %edi,%ebx
-       xorl    36(%rsp),%eax
-       orl     %edi,%ecx
-       roll    $5,%r11d
-       xorl    56(%rsp),%eax
-       andl    %ebp,%ecx
-       addl    %r11d,%r12d
-       roll    $1,%eax
-       orl     %ecx,%ebx
+       xorl    56(%rsp),%edx
+       xorl    %edi,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%r13,1),%r13d
+       xorl    16(%rsp),%edx
+       xorl    %r12d,%eax
+       addl    %ecx,%r13d
+       xorl    36(%rsp),%edx
+       roll    $30,%edi
+       addl    %eax,%r13d
+       roll    $1,%edx
+       movl    %edx,48(%rsp)
+       movl    52(%rsp),%ebp
+       movl    %edi,%eax
+       movl    %r13d,%ecx
+       xorl    60(%rsp),%ebp
+       xorl    %esi,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%r12,1),%r12d
+       xorl    20(%rsp),%ebp
+       xorl    %r11d,%eax
+       addl    %ecx,%r12d
+       xorl    40(%rsp),%ebp
        roll    $30,%esi
-       movl    %eax,4(%rsp)
-       addl    %ebx,%r12d
-       leal    -1894007588(%rax,%rbp,1),%r11d
-       movl    8(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %edx,%ecx
-       xorl    16(%rsp),%eax
-       movl    %r12d,%ebp
-       andl    %esi,%ebx
-       xorl    40(%rsp),%eax
-       orl     %esi,%ecx
-       roll    $5,%ebp
-       xorl    60(%rsp),%eax
-       andl    %edi,%ecx
-       addl    %ebp,%r11d
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%edx
-       movl    %eax,8(%rsp)
-       addl    %ebx,%r11d
-       leal    -1894007588(%rax,%rdi,1),%ebp
-       movl    12(%rsp),%eax
-       movl    %r12d,%ebx
+       addl    %eax,%r12d
+       roll    $1,%ebp
+       movl    56(%rsp),%edx
+       movl    %esi,%eax
        movl    %r12d,%ecx
-       xorl    20(%rsp),%eax
-       movl    %r11d,%edi
-       andl    %edx,%ebx
-       xorl    44(%rsp),%eax
-       orl     %edx,%ecx
-       roll    $5,%edi
-       xorl    0(%rsp),%eax
-       andl    %esi,%ecx
-       addl    %edi,%ebp
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%r12d
-       movl    %eax,12(%rsp)
-       addl    %ebx,%ebp
-       leal    -1894007588(%rax,%rsi,1),%edi
-       movl    16(%rsp),%eax
-       movl    %r11d,%ebx
+       xorl    0(%rsp),%edx
+       xorl    %r13d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rbp,%r11,1),%r11d
+       xorl    24(%rsp),%edx
+       xorl    %edi,%eax
+       addl    %ecx,%r11d
+       xorl    44(%rsp),%edx
+       roll    $30,%r13d
+       addl    %eax,%r11d
+       roll    $1,%edx
+       movl    60(%rsp),%ebp
+       movl    %r13d,%eax
        movl    %r11d,%ecx
-       xorl    24(%rsp),%eax
-       movl    %ebp,%esi
-       andl    %r12d,%ebx
-       xorl    48(%rsp),%eax
-       orl     %r12d,%ecx
-       roll    $5,%esi
-       xorl    4(%rsp),%eax
-       andl    %edx,%ecx
-       addl    %esi,%edi
-       roll    $1,%eax
-       orl     %ecx,%ebx
+       xorl    4(%rsp),%ebp
+       xorl    %r12d,%eax
+       roll    $5,%ecx
+       leal    -899497514(%rdx,%rdi,1),%edi
+       xorl    28(%rsp),%ebp
+       xorl    %esi,%eax
+       addl    %ecx,%edi
+       xorl    48(%rsp),%ebp
+       roll    $30,%r12d
+       addl    %eax,%edi
+       roll    $1,%ebp
+       movl    %r12d,%eax
+       movl    %edi,%ecx
+       xorl    %r11d,%eax
+       leal    -899497514(%rbp,%rsi,1),%esi
+       roll    $5,%ecx
+       xorl    %r13d,%eax
+       addl    %ecx,%esi
        roll    $30,%r11d
-       movl    %eax,16(%rsp)
-       addl    %ebx,%edi
-       leal    -1894007588(%rax,%rdx,1),%esi
-       movl    20(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %ebp,%ecx
-       xorl    28(%rsp),%eax
-       movl    %edi,%edx
-       andl    %r11d,%ebx
-       xorl    52(%rsp),%eax
-       orl     %r11d,%ecx
+       addl    %eax,%esi
+       addl    0(%r8),%esi
+       addl    4(%r8),%edi
+       addl    8(%r8),%r11d
+       addl    12(%r8),%r12d
+       addl    16(%r8),%r13d
+       movl    %esi,0(%r8)
+       movl    %edi,4(%r8)
+       movl    %r11d,8(%r8)
+       movl    %r12d,12(%r8)
+       movl    %r13d,16(%r8)
+
+       subq    $1,%r10
+       leaq    64(%r9),%r9
+       jnz     L$loop
+
+       movq    64(%rsp),%rsi
+       movq    (%rsi),%r13
+       movq    8(%rsi),%r12
+       movq    16(%rsi),%rbp
+       movq    24(%rsi),%rbx
+       leaq    32(%rsi),%rsp
+L$epilogue:
+       .byte   0xf3,0xc3
+
+
+.p2align       4
+sha1_block_data_order_ssse3:
+_ssse3_shortcut:
+       pushq   %rbx
+       pushq   %rbp
+       pushq   %r12
+       leaq    -64(%rsp),%rsp
+       movq    %rdi,%r8
+       movq    %rsi,%r9
+       movq    %rdx,%r10
+
+       shlq    $6,%r10
+       addq    %r9,%r10
+       leaq    K_XX_XX(%rip),%r11
+
+       movl    0(%r8),%eax
+       movl    4(%r8),%ebx
+       movl    8(%r8),%ecx
+       movl    12(%r8),%edx
+       movl    %ebx,%esi
+       movl    16(%r8),%ebp
+
+       movdqa  64(%r11),%xmm6
+       movdqa  0(%r11),%xmm9
+       movdqu  0(%r9),%xmm0
+       movdqu  16(%r9),%xmm1
+       movdqu  32(%r9),%xmm2
+       movdqu  48(%r9),%xmm3
+.byte  102,15,56,0,198
+       addq    $64,%r9
+.byte  102,15,56,0,206
+.byte  102,15,56,0,214
+.byte  102,15,56,0,222
+       paddd   %xmm9,%xmm0
+       paddd   %xmm9,%xmm1
+       paddd   %xmm9,%xmm2
+       movdqa  %xmm0,0(%rsp)
+       psubd   %xmm9,%xmm0
+       movdqa  %xmm1,16(%rsp)
+       psubd   %xmm9,%xmm1
+       movdqa  %xmm2,32(%rsp)
+       psubd   %xmm9,%xmm2
+       jmp     L$oop_ssse3
+.p2align       4
+L$oop_ssse3:
+       movdqa  %xmm1,%xmm4
+       addl    0(%rsp),%ebp
+       xorl    %edx,%ecx
+       movdqa  %xmm3,%xmm8
+.byte  102,15,58,15,224,8
+       movl    %eax,%edi
+       roll    $5,%eax
+       paddd   %xmm3,%xmm9
+       andl    %ecx,%esi
+       xorl    %edx,%ecx
+       psrldq  $4,%xmm8
+       xorl    %edx,%esi
+       addl    %eax,%ebp
+       pxor    %xmm0,%xmm4
+       rorl    $2,%ebx
+       addl    %esi,%ebp
+       pxor    %xmm2,%xmm8
+       addl    4(%rsp),%edx
+       xorl    %ecx,%ebx
+       movl    %ebp,%esi
+       roll    $5,%ebp
+       pxor    %xmm8,%xmm4
+       andl    %ebx,%edi
+       xorl    %ecx,%ebx
+       movdqa  %xmm9,48(%rsp)
+       xorl    %ecx,%edi
+       addl    %ebp,%edx
+       movdqa  %xmm4,%xmm10
+       movdqa  %xmm4,%xmm8
+       rorl    $7,%eax
+       addl    %edi,%edx
+       addl    8(%rsp),%ecx
+       xorl    %ebx,%eax
+       pslldq  $12,%xmm10
+       paddd   %xmm4,%xmm4
+       movl    %edx,%edi
        roll    $5,%edx
-       xorl    8(%rsp),%eax
-       andl    %r12d,%ecx
-       addl    %edx,%esi
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%ebp
-       movl    %eax,20(%rsp)
-       addl    %ebx,%esi
-       leal    -1894007588(%rax,%r12,1),%edx
-       movl    24(%rsp),%eax
-       movl    %edi,%ebx
-       movl    %edi,%ecx
-       xorl    32(%rsp),%eax
-       movl    %esi,%r12d
-       andl    %ebp,%ebx
-       xorl    56(%rsp),%eax
-       orl     %ebp,%ecx
-       roll    $5,%r12d
-       xorl    12(%rsp),%eax
-       andl    %r11d,%ecx
-       addl    %r12d,%edx
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%edi
-       movl    %eax,24(%rsp)
-       addl    %ebx,%edx
-       leal    -1894007588(%rax,%r11,1),%r12d
-       movl    28(%rsp),%eax
-       movl    %esi,%ebx
-       movl    %esi,%ecx
-       xorl    36(%rsp),%eax
-       movl    %edx,%r11d
-       andl    %edi,%ebx
-       xorl    60(%rsp),%eax
-       orl     %edi,%ecx
-       roll    $5,%r11d
-       xorl    16(%rsp),%eax
-       andl    %ebp,%ecx
-       addl    %r11d,%r12d
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%esi
-       movl    %eax,28(%rsp)
-       addl    %ebx,%r12d
-       leal    -1894007588(%rax,%rbp,1),%r11d
-       movl    32(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %edx,%ecx
-       xorl    40(%rsp),%eax
-       movl    %r12d,%ebp
-       andl    %esi,%ebx
-       xorl    0(%rsp),%eax
-       orl     %esi,%ecx
+       andl    %eax,%esi
+       xorl    %ebx,%eax
+       psrld   $31,%xmm8
+       xorl    %ebx,%esi
+       addl    %edx,%ecx
+       movdqa  %xmm10,%xmm9
+       rorl    $7,%ebp
+       addl    %esi,%ecx
+       psrld   $30,%xmm10
+       por     %xmm8,%xmm4
+       addl    12(%rsp),%ebx
+       xorl    %eax,%ebp
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       pslld   $2,%xmm9
+       pxor    %xmm10,%xmm4
+       andl    %ebp,%edi
+       xorl    %eax,%ebp
+       movdqa  0(%r11),%xmm10
+       xorl    %eax,%edi
+       addl    %ecx,%ebx
+       pxor    %xmm9,%xmm4
+       rorl    $7,%edx
+       addl    %edi,%ebx
+       movdqa  %xmm2,%xmm5
+       addl    16(%rsp),%eax
+       xorl    %ebp,%edx
+       movdqa  %xmm4,%xmm9
+.byte  102,15,58,15,233,8
+       movl    %ebx,%edi
+       roll    $5,%ebx
+       paddd   %xmm4,%xmm10
+       andl    %edx,%esi
+       xorl    %ebp,%edx
+       psrldq  $4,%xmm9
+       xorl    %ebp,%esi
+       addl    %ebx,%eax
+       pxor    %xmm1,%xmm5
+       rorl    $7,%ecx
+       addl    %esi,%eax
+       pxor    %xmm3,%xmm9
+       addl    20(%rsp),%ebp
+       xorl    %edx,%ecx
+       movl    %eax,%esi
+       roll    $5,%eax
+       pxor    %xmm9,%xmm5
+       andl    %ecx,%edi
+       xorl    %edx,%ecx
+       movdqa  %xmm10,0(%rsp)
+       xorl    %edx,%edi
+       addl    %eax,%ebp
+       movdqa  %xmm5,%xmm8
+       movdqa  %xmm5,%xmm9
+       rorl    $7,%ebx
+       addl    %edi,%ebp
+       addl    24(%rsp),%edx
+       xorl    %ecx,%ebx
+       pslldq  $12,%xmm8
+       paddd   %xmm5,%xmm5
+       movl    %ebp,%edi
        roll    $5,%ebp
-       xorl    20(%rsp),%eax
-       andl    %edi,%ecx
-       addl    %ebp,%r11d
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%edx
-       movl    %eax,32(%rsp)
-       addl    %ebx,%r11d
-       leal    -1894007588(%rax,%rdi,1),%ebp
-       movl    36(%rsp),%eax
-       movl    %r12d,%ebx
-       movl    %r12d,%ecx
-       xorl    44(%rsp),%eax
-       movl    %r11d,%edi
-       andl    %edx,%ebx
-       xorl    4(%rsp),%eax
-       orl     %edx,%ecx
-       roll    $5,%edi
-       xorl    24(%rsp),%eax
-       andl    %esi,%ecx
+       andl    %ebx,%esi
+       xorl    %ecx,%ebx
+       psrld   $31,%xmm9
+       xorl    %ecx,%esi
+       addl    %ebp,%edx
+       movdqa  %xmm8,%xmm10
+       rorl    $7,%eax
+       addl    %esi,%edx
+       psrld   $30,%xmm8
+       por     %xmm9,%xmm5
+       addl    28(%rsp),%ecx
+       xorl    %ebx,%eax
+       movl    %edx,%esi
+       roll    $5,%edx
+       pslld   $2,%xmm10
+       pxor    %xmm8,%xmm5
+       andl    %eax,%edi
+       xorl    %ebx,%eax
+       movdqa  16(%r11),%xmm8
+       xorl    %ebx,%edi
+       addl    %edx,%ecx
+       pxor    %xmm10,%xmm5
+       rorl    $7,%ebp
+       addl    %edi,%ecx
+       movdqa  %xmm3,%xmm6
+       addl    32(%rsp),%ebx
+       xorl    %eax,%ebp
+       movdqa  %xmm5,%xmm10
+.byte  102,15,58,15,242,8
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       paddd   %xmm5,%xmm8
+       andl    %ebp,%esi
+       xorl    %eax,%ebp
+       psrldq  $4,%xmm10
+       xorl    %eax,%esi
+       addl    %ecx,%ebx
+       pxor    %xmm2,%xmm6
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       pxor    %xmm4,%xmm10
+       addl    36(%rsp),%eax
+       xorl    %ebp,%edx
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       pxor    %xmm10,%xmm6
+       andl    %edx,%edi
+       xorl    %ebp,%edx
+       movdqa  %xmm8,16(%rsp)
+       xorl    %ebp,%edi
+       addl    %ebx,%eax
+       movdqa  %xmm6,%xmm9
+       movdqa  %xmm6,%xmm10
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       addl    40(%rsp),%ebp
+       xorl    %edx,%ecx
+       pslldq  $12,%xmm9
+       paddd   %xmm6,%xmm6
+       movl    %eax,%edi
+       roll    $5,%eax
+       andl    %ecx,%esi
+       xorl    %edx,%ecx
+       psrld   $31,%xmm10
+       xorl    %edx,%esi
+       addl    %eax,%ebp
+       movdqa  %xmm9,%xmm8
+       rorl    $7,%ebx
+       addl    %esi,%ebp
+       psrld   $30,%xmm9
+       por     %xmm10,%xmm6
+       addl    44(%rsp),%edx
+       xorl    %ecx,%ebx
+       movl    %ebp,%esi
+       roll    $5,%ebp
+       pslld   $2,%xmm8
+       pxor    %xmm9,%xmm6
+       andl    %ebx,%edi
+       xorl    %ecx,%ebx
+       movdqa  16(%r11),%xmm9
+       xorl    %ecx,%edi
+       addl    %ebp,%edx
+       pxor    %xmm8,%xmm6
+       rorl    $7,%eax
+       addl    %edi,%edx
+       movdqa  %xmm4,%xmm7
+       addl    48(%rsp),%ecx
+       xorl    %ebx,%eax
+       movdqa  %xmm6,%xmm8
+.byte  102,15,58,15,251,8
+       movl    %edx,%edi
+       roll    $5,%edx
+       paddd   %xmm6,%xmm9
+       andl    %eax,%esi
+       xorl    %ebx,%eax
+       psrldq  $4,%xmm8
+       xorl    %ebx,%esi
+       addl    %edx,%ecx
+       pxor    %xmm3,%xmm7
+       rorl    $7,%ebp
+       addl    %esi,%ecx
+       pxor    %xmm5,%xmm8
+       addl    52(%rsp),%ebx
+       xorl    %eax,%ebp
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       pxor    %xmm8,%xmm7
+       andl    %ebp,%edi
+       xorl    %eax,%ebp
+       movdqa  %xmm9,32(%rsp)
+       xorl    %eax,%edi
+       addl    %ecx,%ebx
+       movdqa  %xmm7,%xmm10
+       movdqa  %xmm7,%xmm8
+       rorl    $7,%edx
+       addl    %edi,%ebx
+       addl    56(%rsp),%eax
+       xorl    %ebp,%edx
+       pslldq  $12,%xmm10
+       paddd   %xmm7,%xmm7
+       movl    %ebx,%edi
+       roll    $5,%ebx
+       andl    %edx,%esi
+       xorl    %ebp,%edx
+       psrld   $31,%xmm8
+       xorl    %ebp,%esi
+       addl    %ebx,%eax
+       movdqa  %xmm10,%xmm9
+       rorl    $7,%ecx
+       addl    %esi,%eax
+       psrld   $30,%xmm10
+       por     %xmm8,%xmm7
+       addl    60(%rsp),%ebp
+       xorl    %edx,%ecx
+       movl    %eax,%esi
+       roll    $5,%eax
+       pslld   $2,%xmm9
+       pxor    %xmm10,%xmm7
+       andl    %ecx,%edi
+       xorl    %edx,%ecx
+       movdqa  16(%r11),%xmm10
+       xorl    %edx,%edi
+       addl    %eax,%ebp
+       pxor    %xmm9,%xmm7
+       rorl    $7,%ebx
        addl    %edi,%ebp
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%r12d
-       movl    %eax,36(%rsp)
-       addl    %ebx,%ebp
-       leal    -1894007588(%rax,%rsi,1),%edi
-       movl    40(%rsp),%eax
-       movl    %r11d,%ebx
-       movl    %r11d,%ecx
-       xorl    48(%rsp),%eax
+       movdqa  %xmm7,%xmm9
+       addl    0(%rsp),%edx
+       pxor    %xmm4,%xmm0
+.byte  102,68,15,58,15,206,8
+       xorl    %ecx,%ebx
+       movl    %ebp,%edi
+       roll    $5,%ebp
+       pxor    %xmm1,%xmm0
+       andl    %ebx,%esi
+       xorl    %ecx,%ebx
+       movdqa  %xmm10,%xmm8
+       paddd   %xmm7,%xmm10
+       xorl    %ecx,%esi
+       addl    %ebp,%edx
+       pxor    %xmm9,%xmm0
+       rorl    $7,%eax
+       addl    %esi,%edx
+       addl    4(%rsp),%ecx
+       xorl    %ebx,%eax
+       movdqa  %xmm0,%xmm9
+       movdqa  %xmm10,48(%rsp)
+       movl    %edx,%esi
+       roll    $5,%edx
+       andl    %eax,%edi
+       xorl    %ebx,%eax
+       pslld   $2,%xmm0
+       xorl    %ebx,%edi
+       addl    %edx,%ecx
+       psrld   $30,%xmm9
+       rorl    $7,%ebp
+       addl    %edi,%ecx
+       addl    8(%rsp),%ebx
+       xorl    %eax,%ebp
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       por     %xmm9,%xmm0
+       andl    %ebp,%esi
+       xorl    %eax,%ebp
+       movdqa  %xmm0,%xmm10
+       xorl    %eax,%esi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       addl    12(%rsp),%eax
+       xorl    %ebp,%edx
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       andl    %edx,%edi
+       xorl    %ebp,%edx
+       xorl    %ebp,%edi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       addl    16(%rsp),%ebp
+       pxor    %xmm5,%xmm1
+.byte  102,68,15,58,15,215,8
+       xorl    %edx,%esi
+       movl    %eax,%edi
+       roll    $5,%eax
+       pxor    %xmm2,%xmm1
+       xorl    %ecx,%esi
+       addl    %eax,%ebp
+       movdqa  %xmm8,%xmm9
+       paddd   %xmm0,%xmm8
+       rorl    $7,%ebx
+       addl    %esi,%ebp
+       pxor    %xmm10,%xmm1
+       addl    20(%rsp),%edx
+       xorl    %ecx,%edi
        movl    %ebp,%esi
-       andl    %r12d,%ebx
-       xorl    8(%rsp),%eax
-       orl     %r12d,%ecx
-       roll    $5,%esi
-       xorl    28(%rsp),%eax
-       andl    %edx,%ecx
-       addl    %esi,%edi
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%r11d
-       movl    %eax,40(%rsp)
-       addl    %ebx,%edi
-       leal    -1894007588(%rax,%rdx,1),%esi
-       movl    44(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %ebp,%ecx
-       xorl    52(%rsp),%eax
-       movl    %edi,%edx
-       andl    %r11d,%ebx
-       xorl    12(%rsp),%eax
-       orl     %r11d,%ecx
+       roll    $5,%ebp
+       movdqa  %xmm1,%xmm10
+       movdqa  %xmm8,0(%rsp)
+       xorl    %ebx,%edi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %edi,%edx
+       pslld   $2,%xmm1
+       addl    24(%rsp),%ecx
+       xorl    %ebx,%esi
+       psrld   $30,%xmm10
+       movl    %edx,%edi
        roll    $5,%edx
-       xorl    32(%rsp),%eax
-       andl    %r12d,%ecx
-       addl    %edx,%esi
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%ebp
-       movl    %eax,44(%rsp)
-       addl    %ebx,%esi
-       leal    -1894007588(%rax,%r12,1),%edx
-       movl    48(%rsp),%eax
-       movl    %edi,%ebx
-       movl    %edi,%ecx
-       xorl    56(%rsp),%eax
-       movl    %esi,%r12d
-       andl    %ebp,%ebx
-       xorl    16(%rsp),%eax
-       orl     %ebp,%ecx
-       roll    $5,%r12d
-       xorl    36(%rsp),%eax
-       andl    %r11d,%ecx
-       addl    %r12d,%edx
-       roll    $1,%eax
-       orl     %ecx,%ebx
-       roll    $30,%edi
-       movl    %eax,48(%rsp)
-       addl    %ebx,%edx
-       leal    -899497514(%rax,%r11,1),%r12d
-       movl    52(%rsp),%eax
-       movl    %edi,%ebx
-       movl    %edx,%r11d
-       xorl    60(%rsp),%eax
-       xorl    %esi,%ebx
-       roll    $5,%r11d
-       xorl    20(%rsp),%eax
-       xorl    %ebp,%ebx
-       addl    %r11d,%r12d
-       xorl    40(%rsp),%eax
-       roll    $30,%esi
-       addl    %ebx,%r12d
-       roll    $1,%eax
-       movl    %eax,52(%rsp)
-       leal    -899497514(%rax,%rbp,1),%r11d
-       movl    56(%rsp),%eax
-       movl    %esi,%ebx
-       movl    %r12d,%ebp
-       xorl    0(%rsp),%eax
-       xorl    %edx,%ebx
+       xorl    %eax,%esi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %esi,%ecx
+       por     %xmm10,%xmm1
+       addl    28(%rsp),%ebx
+       xorl    %eax,%edi
+       movdqa  %xmm1,%xmm8
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       xorl    %ebp,%edi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %edi,%ebx
+       addl    32(%rsp),%eax
+       pxor    %xmm6,%xmm2
+.byte  102,68,15,58,15,192,8
+       xorl    %ebp,%esi
+       movl    %ebx,%edi
+       roll    $5,%ebx
+       pxor    %xmm3,%xmm2
+       xorl    %edx,%esi
+       addl    %ebx,%eax
+       movdqa  32(%r11),%xmm10
+       paddd   %xmm1,%xmm9
+       rorl    $7,%ecx
+       addl    %esi,%eax
+       pxor    %xmm8,%xmm2
+       addl    36(%rsp),%ebp
+       xorl    %edx,%edi
+       movl    %eax,%esi
+       roll    $5,%eax
+       movdqa  %xmm2,%xmm8
+       movdqa  %xmm9,16(%rsp)
+       xorl    %ecx,%edi
+       addl    %eax,%ebp
+       rorl    $7,%ebx
+       addl    %edi,%ebp
+       pslld   $2,%xmm2
+       addl    40(%rsp),%edx
+       xorl    %ecx,%esi
+       psrld   $30,%xmm8
+       movl    %ebp,%edi
        roll    $5,%ebp
-       xorl    24(%rsp),%eax
-       xorl    %edi,%ebx
-       addl    %ebp,%r11d
-       xorl    44(%rsp),%eax
-       roll    $30,%edx
-       addl    %ebx,%r11d
-       roll    $1,%eax
-       movl    %eax,56(%rsp)
-       leal    -899497514(%rax,%rdi,1),%ebp
-       movl    60(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %r11d,%edi
-       xorl    4(%rsp),%eax
-       xorl    %r12d,%ebx
-       roll    $5,%edi
-       xorl    28(%rsp),%eax
-       xorl    %esi,%ebx
+       xorl    %ebx,%esi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %esi,%edx
+       por     %xmm8,%xmm2
+       addl    44(%rsp),%ecx
+       xorl    %ebx,%edi
+       movdqa  %xmm2,%xmm9
+       movl    %edx,%esi
+       roll    $5,%edx
+       xorl    %eax,%edi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %edi,%ecx
+       addl    48(%rsp),%ebx
+       pxor    %xmm7,%xmm3
+.byte  102,68,15,58,15,201,8
+       xorl    %eax,%esi
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       pxor    %xmm4,%xmm3
+       xorl    %ebp,%esi
+       addl    %ecx,%ebx
+       movdqa  %xmm10,%xmm8
+       paddd   %xmm2,%xmm10
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       pxor    %xmm9,%xmm3
+       addl    52(%rsp),%eax
+       xorl    %ebp,%edi
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       movdqa  %xmm3,%xmm9
+       movdqa  %xmm10,32(%rsp)
+       xorl    %edx,%edi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       pslld   $2,%xmm3
+       addl    56(%rsp),%ebp
+       xorl    %edx,%esi
+       psrld   $30,%xmm9
+       movl    %eax,%edi
+       roll    $5,%eax
+       xorl    %ecx,%esi
+       addl    %eax,%ebp
+       rorl    $7,%ebx
+       addl    %esi,%ebp
+       por     %xmm9,%xmm3
+       addl    60(%rsp),%edx
+       xorl    %ecx,%edi
+       movdqa  %xmm3,%xmm10
+       movl    %ebp,%esi
+       roll    $5,%ebp
+       xorl    %ebx,%edi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %edi,%edx
+       addl    0(%rsp),%ecx
+       pxor    %xmm0,%xmm4
+.byte  102,68,15,58,15,210,8
+       xorl    %ebx,%esi
+       movl    %edx,%edi
+       roll    $5,%edx
+       pxor    %xmm5,%xmm4
+       xorl    %eax,%esi
+       addl    %edx,%ecx
+       movdqa  %xmm8,%xmm9
+       paddd   %xmm3,%xmm8
+       rorl    $7,%ebp
+       addl    %esi,%ecx
+       pxor    %xmm10,%xmm4
+       addl    4(%rsp),%ebx
+       xorl    %eax,%edi
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       movdqa  %xmm4,%xmm10
+       movdqa  %xmm8,48(%rsp)
+       xorl    %ebp,%edi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %edi,%ebx
+       pslld   $2,%xmm4
+       addl    8(%rsp),%eax
+       xorl    %ebp,%esi
+       psrld   $30,%xmm10
+       movl    %ebx,%edi
+       roll    $5,%ebx
+       xorl    %edx,%esi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %esi,%eax
+       por     %xmm10,%xmm4
+       addl    12(%rsp),%ebp
+       xorl    %edx,%edi
+       movdqa  %xmm4,%xmm8
+       movl    %eax,%esi
+       roll    $5,%eax
+       xorl    %ecx,%edi
+       addl    %eax,%ebp
+       rorl    $7,%ebx
        addl    %edi,%ebp
-       xorl    48(%rsp),%eax
-       roll    $30,%r12d
-       addl    %ebx,%ebp
-       roll    $1,%eax
-       movl    %eax,60(%rsp)
-       leal    -899497514(%rax,%rsi,1),%edi
-       movl    0(%rsp),%eax
-       movl    %r12d,%ebx
+       addl    16(%rsp),%edx
+       pxor    %xmm1,%xmm5
+.byte  102,68,15,58,15,195,8
+       xorl    %ecx,%esi
+       movl    %ebp,%edi
+       roll    $5,%ebp
+       pxor    %xmm6,%xmm5
+       xorl    %ebx,%esi
+       addl    %ebp,%edx
+       movdqa  %xmm9,%xmm10
+       paddd   %xmm4,%xmm9
+       rorl    $7,%eax
+       addl    %esi,%edx
+       pxor    %xmm8,%xmm5
+       addl    20(%rsp),%ecx
+       xorl    %ebx,%edi
+       movl    %edx,%esi
+       roll    $5,%edx
+       movdqa  %xmm5,%xmm8
+       movdqa  %xmm9,0(%rsp)
+       xorl    %eax,%edi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %edi,%ecx
+       pslld   $2,%xmm5
+       addl    24(%rsp),%ebx
+       xorl    %eax,%esi
+       psrld   $30,%xmm8
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       xorl    %ebp,%esi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       por     %xmm8,%xmm5
+       addl    28(%rsp),%eax
+       xorl    %ebp,%edi
+       movdqa  %xmm5,%xmm9
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       xorl    %edx,%edi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       movl    %ecx,%edi
+       pxor    %xmm2,%xmm6
+.byte  102,68,15,58,15,204,8
+       xorl    %edx,%ecx
+       addl    32(%rsp),%ebp
+       andl    %edx,%edi
+       pxor    %xmm7,%xmm6
+       andl    %ecx,%esi
+       rorl    $7,%ebx
+       movdqa  %xmm10,%xmm8
+       paddd   %xmm5,%xmm10
+       addl    %edi,%ebp
+       movl    %eax,%edi
+       pxor    %xmm9,%xmm6
+       roll    $5,%eax
+       addl    %esi,%ebp
+       xorl    %edx,%ecx
+       addl    %eax,%ebp
+       movdqa  %xmm6,%xmm9
+       movdqa  %xmm10,16(%rsp)
+       movl    %ebx,%esi
+       xorl    %ecx,%ebx
+       addl    36(%rsp),%edx
+       andl    %ecx,%esi
+       pslld   $2,%xmm6
+       andl    %ebx,%edi
+       rorl    $7,%eax
+       psrld   $30,%xmm9
+       addl    %esi,%edx
        movl    %ebp,%esi
-       xorl    8(%rsp),%eax
-       xorl    %r11d,%ebx
-       roll    $5,%esi
-       xorl    32(%rsp),%eax
-       xorl    %edx,%ebx
-       addl    %esi,%edi
-       xorl    52(%rsp),%eax
-       roll    $30,%r11d
-       addl    %ebx,%edi
-       roll    $1,%eax
-       movl    %eax,0(%rsp)
-       leal    -899497514(%rax,%rdx,1),%esi
-       movl    4(%rsp),%eax
-       movl    %r11d,%ebx
-       movl    %edi,%edx
-       xorl    12(%rsp),%eax
-       xorl    %ebp,%ebx
+       roll    $5,%ebp
+       addl    %edi,%edx
+       xorl    %ecx,%ebx
+       addl    %ebp,%edx
+       por     %xmm9,%xmm6
+       movl    %eax,%edi
+       xorl    %ebx,%eax
+       movdqa  %xmm6,%xmm10
+       addl    40(%rsp),%ecx
+       andl    %ebx,%edi
+       andl    %eax,%esi
+       rorl    $7,%ebp
+       addl    %edi,%ecx
+       movl    %edx,%edi
        roll    $5,%edx
-       xorl    36(%rsp),%eax
-       xorl    %r12d,%ebx
-       addl    %edx,%esi
-       xorl    56(%rsp),%eax
-       roll    $30,%ebp
-       addl    %ebx,%esi
-       roll    $1,%eax
-       movl    %eax,4(%rsp)
-       leal    -899497514(%rax,%r12,1),%edx
-       movl    8(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %esi,%r12d
-       xorl    16(%rsp),%eax
-       xorl    %edi,%ebx
-       roll    $5,%r12d
-       xorl    40(%rsp),%eax
-       xorl    %r11d,%ebx
-       addl    %r12d,%edx
-       xorl    60(%rsp),%eax
-       roll    $30,%edi
-       addl    %ebx,%edx
-       roll    $1,%eax
-       movl    %eax,8(%rsp)
-       leal    -899497514(%rax,%r11,1),%r12d
-       movl    12(%rsp),%eax
-       movl    %edi,%ebx
-       movl    %edx,%r11d
-       xorl    20(%rsp),%eax
-       xorl    %esi,%ebx
-       roll    $5,%r11d
-       xorl    44(%rsp),%eax
-       xorl    %ebp,%ebx
-       addl    %r11d,%r12d
-       xorl    0(%rsp),%eax
-       roll    $30,%esi
-       addl    %ebx,%r12d
-       roll    $1,%eax
-       movl    %eax,12(%rsp)
-       leal    -899497514(%rax,%rbp,1),%r11d
-       movl    16(%rsp),%eax
-       movl    %esi,%ebx
-       movl    %r12d,%ebp
-       xorl    24(%rsp),%eax
-       xorl    %edx,%ebx
+       addl    %esi,%ecx
+       xorl    %ebx,%eax
+       addl    %edx,%ecx
+       movl    %ebp,%esi
+       xorl    %eax,%ebp
+       addl    44(%rsp),%ebx
+       andl    %eax,%esi
+       andl    %ebp,%edi
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       addl    %edi,%ebx
+       xorl    %eax,%ebp
+       addl    %ecx,%ebx
+       movl    %edx,%edi
+       pxor    %xmm3,%xmm7
+.byte  102,68,15,58,15,213,8
+       xorl    %ebp,%edx
+       addl    48(%rsp),%eax
+       andl    %ebp,%edi
+       pxor    %xmm0,%xmm7
+       andl    %edx,%esi
+       rorl    $7,%ecx
+       movdqa  48(%r11),%xmm9
+       paddd   %xmm6,%xmm8
+       addl    %edi,%eax
+       movl    %ebx,%edi
+       pxor    %xmm10,%xmm7
+       roll    $5,%ebx
+       addl    %esi,%eax
+       xorl    %ebp,%edx
+       addl    %ebx,%eax
+       movdqa  %xmm7,%xmm10
+       movdqa  %xmm8,32(%rsp)
+       movl    %ecx,%esi
+       xorl    %edx,%ecx
+       addl    52(%rsp),%ebp
+       andl    %edx,%esi
+       pslld   $2,%xmm7
+       andl    %ecx,%edi
+       rorl    $7,%ebx
+       psrld   $30,%xmm10
+       addl    %esi,%ebp
+       movl    %eax,%esi
+       roll    $5,%eax
+       addl    %edi,%ebp
+       xorl    %edx,%ecx
+       addl    %eax,%ebp
+       por     %xmm10,%xmm7
+       movl    %ebx,%edi
+       xorl    %ecx,%ebx
+       movdqa  %xmm7,%xmm8
+       addl    56(%rsp),%edx
+       andl    %ecx,%edi
+       andl    %ebx,%esi
+       rorl    $7,%eax
+       addl    %edi,%edx
+       movl    %ebp,%edi
        roll    $5,%ebp
-       xorl    48(%rsp),%eax
-       xorl    %edi,%ebx
-       addl    %ebp,%r11d
-       xorl    4(%rsp),%eax
-       roll    $30,%edx
-       addl    %ebx,%r11d
-       roll    $1,%eax
-       movl    %eax,16(%rsp)
-       leal    -899497514(%rax,%rdi,1),%ebp
-       movl    20(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %r11d,%edi
-       xorl    28(%rsp),%eax
-       xorl    %r12d,%ebx
-       roll    $5,%edi
-       xorl    52(%rsp),%eax
-       xorl    %esi,%ebx
+       addl    %esi,%edx
+       xorl    %ecx,%ebx
+       addl    %ebp,%edx
+       movl    %eax,%esi
+       xorl    %ebx,%eax
+       addl    60(%rsp),%ecx
+       andl    %ebx,%esi
+       andl    %eax,%edi
+       rorl    $7,%ebp
+       addl    %esi,%ecx
+       movl    %edx,%esi
+       roll    $5,%edx
+       addl    %edi,%ecx
+       xorl    %ebx,%eax
+       addl    %edx,%ecx
+       movl    %ebp,%edi
+       pxor    %xmm4,%xmm0
+.byte  102,68,15,58,15,198,8
+       xorl    %eax,%ebp
+       addl    0(%rsp),%ebx
+       andl    %eax,%edi
+       pxor    %xmm1,%xmm0
+       andl    %ebp,%esi
+       rorl    $7,%edx
+       movdqa  %xmm9,%xmm10
+       paddd   %xmm7,%xmm9
+       addl    %edi,%ebx
+       movl    %ecx,%edi
+       pxor    %xmm8,%xmm0
+       roll    $5,%ecx
+       addl    %esi,%ebx
+       xorl    %eax,%ebp
+       addl    %ecx,%ebx
+       movdqa  %xmm0,%xmm8
+       movdqa  %xmm9,48(%rsp)
+       movl    %edx,%esi
+       xorl    %ebp,%edx
+       addl    4(%rsp),%eax
+       andl    %ebp,%esi
+       pslld   $2,%xmm0
+       andl    %edx,%edi
+       rorl    $7,%ecx
+       psrld   $30,%xmm8
+       addl    %esi,%eax
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       addl    %edi,%eax
+       xorl    %ebp,%edx
+       addl    %ebx,%eax
+       por     %xmm8,%xmm0
+       movl    %ecx,%edi
+       xorl    %edx,%ecx
+       movdqa  %xmm0,%xmm9
+       addl    8(%rsp),%ebp
+       andl    %edx,%edi
+       andl    %ecx,%esi
+       rorl    $7,%ebx
        addl    %edi,%ebp
-       xorl    8(%rsp),%eax
-       roll    $30,%r12d
-       addl    %ebx,%ebp
-       roll    $1,%eax
-       movl    %eax,20(%rsp)
-       leal    -899497514(%rax,%rsi,1),%edi
-       movl    24(%rsp),%eax
-       movl    %r12d,%ebx
+       movl    %eax,%edi
+       roll    $5,%eax
+       addl    %esi,%ebp
+       xorl    %edx,%ecx
+       addl    %eax,%ebp
+       movl    %ebx,%esi
+       xorl    %ecx,%ebx
+       addl    12(%rsp),%edx
+       andl    %ecx,%esi
+       andl    %ebx,%edi
+       rorl    $7,%eax
+       addl    %esi,%edx
        movl    %ebp,%esi
-       xorl    32(%rsp),%eax
-       xorl    %r11d,%ebx
-       roll    $5,%esi
-       xorl    56(%rsp),%eax
-       xorl    %edx,%ebx
-       addl    %esi,%edi
-       xorl    12(%rsp),%eax
-       roll    $30,%r11d
-       addl    %ebx,%edi
-       roll    $1,%eax
-       movl    %eax,24(%rsp)
-       leal    -899497514(%rax,%rdx,1),%esi
-       movl    28(%rsp),%eax
-       movl    %r11d,%ebx
-       movl    %edi,%edx
-       xorl    36(%rsp),%eax
-       xorl    %ebp,%ebx
+       roll    $5,%ebp
+       addl    %edi,%edx
+       xorl    %ecx,%ebx
+       addl    %ebp,%edx
+       movl    %eax,%edi
+       pxor    %xmm5,%xmm1
+.byte  102,68,15,58,15,207,8
+       xorl    %ebx,%eax
+       addl    16(%rsp),%ecx
+       andl    %ebx,%edi
+       pxor    %xmm2,%xmm1
+       andl    %eax,%esi
+       rorl    $7,%ebp
+       movdqa  %xmm10,%xmm8
+       paddd   %xmm0,%xmm10
+       addl    %edi,%ecx
+       movl    %edx,%edi
+       pxor    %xmm9,%xmm1
        roll    $5,%edx
-       xorl    60(%rsp),%eax
-       xorl    %r12d,%ebx
-       addl    %edx,%esi
-       xorl    16(%rsp),%eax
-       roll    $30,%ebp
-       addl    %ebx,%esi
-       roll    $1,%eax
-       movl    %eax,28(%rsp)
-       leal    -899497514(%rax,%r12,1),%edx
-       movl    32(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %esi,%r12d
-       xorl    40(%rsp),%eax
-       xorl    %edi,%ebx
-       roll    $5,%r12d
-       xorl    0(%rsp),%eax
-       xorl    %r11d,%ebx
-       addl    %r12d,%edx
-       xorl    20(%rsp),%eax
-       roll    $30,%edi
-       addl    %ebx,%edx
-       roll    $1,%eax
-       movl    %eax,32(%rsp)
-       leal    -899497514(%rax,%r11,1),%r12d
-       movl    36(%rsp),%eax
-       movl    %edi,%ebx
-       movl    %edx,%r11d
-       xorl    44(%rsp),%eax
-       xorl    %esi,%ebx
-       roll    $5,%r11d
-       xorl    4(%rsp),%eax
-       xorl    %ebp,%ebx
-       addl    %r11d,%r12d
-       xorl    24(%rsp),%eax
-       roll    $30,%esi
-       addl    %ebx,%r12d
-       roll    $1,%eax
-       movl    %eax,36(%rsp)
-       leal    -899497514(%rax,%rbp,1),%r11d
-       movl    40(%rsp),%eax
-       movl    %esi,%ebx
-       movl    %r12d,%ebp
-       xorl    48(%rsp),%eax
-       xorl    %edx,%ebx
+       addl    %esi,%ecx
+       xorl    %ebx,%eax
+       addl    %edx,%ecx
+       movdqa  %xmm1,%xmm9
+       movdqa  %xmm10,0(%rsp)
+       movl    %ebp,%esi
+       xorl    %eax,%ebp
+       addl    20(%rsp),%ebx
+       andl    %eax,%esi
+       pslld   $2,%xmm1
+       andl    %ebp,%edi
+       rorl    $7,%edx
+       psrld   $30,%xmm9
+       addl    %esi,%ebx
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       addl    %edi,%ebx
+       xorl    %eax,%ebp
+       addl    %ecx,%ebx
+       por     %xmm9,%xmm1
+       movl    %edx,%edi
+       xorl    %ebp,%edx
+       movdqa  %xmm1,%xmm10
+       addl    24(%rsp),%eax
+       andl    %ebp,%edi
+       andl    %edx,%esi
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       movl    %ebx,%edi
+       roll    $5,%ebx
+       addl    %esi,%eax
+       xorl    %ebp,%edx
+       addl    %ebx,%eax
+       movl    %ecx,%esi
+       xorl    %edx,%ecx
+       addl    28(%rsp),%ebp
+       andl    %edx,%esi
+       andl    %ecx,%edi
+       rorl    $7,%ebx
+       addl    %esi,%ebp
+       movl    %eax,%esi
+       roll    $5,%eax
+       addl    %edi,%ebp
+       xorl    %edx,%ecx
+       addl    %eax,%ebp
+       movl    %ebx,%edi
+       pxor    %xmm6,%xmm2
+.byte  102,68,15,58,15,208,8
+       xorl    %ecx,%ebx
+       addl    32(%rsp),%edx
+       andl    %ecx,%edi
+       pxor    %xmm3,%xmm2
+       andl    %ebx,%esi
+       rorl    $7,%eax
+       movdqa  %xmm8,%xmm9
+       paddd   %xmm1,%xmm8
+       addl    %edi,%edx
+       movl    %ebp,%edi
+       pxor    %xmm10,%xmm2
        roll    $5,%ebp
-       xorl    8(%rsp),%eax
-       xorl    %edi,%ebx
-       addl    %ebp,%r11d
-       xorl    28(%rsp),%eax
-       roll    $30,%edx
-       addl    %ebx,%r11d
-       roll    $1,%eax
-       movl    %eax,40(%rsp)
-       leal    -899497514(%rax,%rdi,1),%ebp
-       movl    44(%rsp),%eax
-       movl    %edx,%ebx
-       movl    %r11d,%edi
-       xorl    52(%rsp),%eax
-       xorl    %r12d,%ebx
-       roll    $5,%edi
-       xorl    12(%rsp),%eax
-       xorl    %esi,%ebx
+       addl    %esi,%edx
+       xorl    %ecx,%ebx
+       addl    %ebp,%edx
+       movdqa  %xmm2,%xmm10
+       movdqa  %xmm8,16(%rsp)
+       movl    %eax,%esi
+       xorl    %ebx,%eax
+       addl    36(%rsp),%ecx
+       andl    %ebx,%esi
+       pslld   $2,%xmm2
+       andl    %eax,%edi
+       rorl    $7,%ebp
+       psrld   $30,%xmm10
+       addl    %esi,%ecx
+       movl    %edx,%esi
+       roll    $5,%edx
+       addl    %edi,%ecx
+       xorl    %ebx,%eax
+       addl    %edx,%ecx
+       por     %xmm10,%xmm2
+       movl    %ebp,%edi
+       xorl    %eax,%ebp
+       movdqa  %xmm2,%xmm8
+       addl    40(%rsp),%ebx
+       andl    %eax,%edi
+       andl    %ebp,%esi
+       rorl    $7,%edx
+       addl    %edi,%ebx
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       addl    %esi,%ebx
+       xorl    %eax,%ebp
+       addl    %ecx,%ebx
+       movl    %edx,%esi
+       xorl    %ebp,%edx
+       addl    44(%rsp),%eax
+       andl    %ebp,%esi
+       andl    %edx,%edi
+       rorl    $7,%ecx
+       addl    %esi,%eax
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       addl    %edi,%eax
+       xorl    %ebp,%edx
+       addl    %ebx,%eax
+       addl    48(%rsp),%ebp
+       pxor    %xmm7,%xmm3
+.byte  102,68,15,58,15,193,8
+       xorl    %edx,%esi
+       movl    %eax,%edi
+       roll    $5,%eax
+       pxor    %xmm4,%xmm3
+       xorl    %ecx,%esi
+       addl    %eax,%ebp
+       movdqa  %xmm9,%xmm10
+       paddd   %xmm2,%xmm9
+       rorl    $7,%ebx
+       addl    %esi,%ebp
+       pxor    %xmm8,%xmm3
+       addl    52(%rsp),%edx
+       xorl    %ecx,%edi
+       movl    %ebp,%esi
+       roll    $5,%ebp
+       movdqa  %xmm3,%xmm8
+       movdqa  %xmm9,32(%rsp)
+       xorl    %ebx,%edi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %edi,%edx
+       pslld   $2,%xmm3
+       addl    56(%rsp),%ecx
+       xorl    %ebx,%esi
+       psrld   $30,%xmm8
+       movl    %edx,%edi
+       roll    $5,%edx
+       xorl    %eax,%esi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %esi,%ecx
+       por     %xmm8,%xmm3
+       addl    60(%rsp),%ebx
+       xorl    %eax,%edi
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       xorl    %ebp,%edi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %edi,%ebx
+       addl    0(%rsp),%eax
+       paddd   %xmm3,%xmm10
+       xorl    %ebp,%esi
+       movl    %ebx,%edi
+       roll    $5,%ebx
+       xorl    %edx,%esi
+       movdqa  %xmm10,48(%rsp)
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %esi,%eax
+       addl    4(%rsp),%ebp
+       xorl    %edx,%edi
+       movl    %eax,%esi
+       roll    $5,%eax
+       xorl    %ecx,%edi
+       addl    %eax,%ebp
+       rorl    $7,%ebx
        addl    %edi,%ebp
-       xorl    32(%rsp),%eax
-       roll    $30,%r12d
-       addl    %ebx,%ebp
-       roll    $1,%eax
-       movl    %eax,44(%rsp)
-       leal    -899497514(%rax,%rsi,1),%edi
-       movl    48(%rsp),%eax
-       movl    %r12d,%ebx
+       addl    8(%rsp),%edx
+       xorl    %ecx,%esi
+       movl    %ebp,%edi
+       roll    $5,%ebp
+       xorl    %ebx,%esi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %esi,%edx
+       addl    12(%rsp),%ecx
+       xorl    %ebx,%edi
+       movl    %edx,%esi
+       roll    $5,%edx
+       xorl    %eax,%edi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %edi,%ecx
+       cmpq    %r10,%r9
+       je      L$done_ssse3
+       movdqa  64(%r11),%xmm6
+       movdqa  0(%r11),%xmm9
+       movdqu  0(%r9),%xmm0
+       movdqu  16(%r9),%xmm1
+       movdqu  32(%r9),%xmm2
+       movdqu  48(%r9),%xmm3
+.byte  102,15,56,0,198
+       addq    $64,%r9
+       addl    16(%rsp),%ebx
+       xorl    %eax,%esi
+.byte  102,15,56,0,206
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       paddd   %xmm9,%xmm0
+       xorl    %ebp,%esi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       movdqa  %xmm0,0(%rsp)
+       addl    20(%rsp),%eax
+       xorl    %ebp,%edi
+       psubd   %xmm9,%xmm0
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       xorl    %edx,%edi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       addl    24(%rsp),%ebp
+       xorl    %edx,%esi
+       movl    %eax,%edi
+       roll    $5,%eax
+       xorl    %ecx,%esi
+       addl    %eax,%ebp
+       rorl    $7,%ebx
+       addl    %esi,%ebp
+       addl    28(%rsp),%edx
+       xorl    %ecx,%edi
        movl    %ebp,%esi
-       xorl    56(%rsp),%eax
-       xorl    %r11d,%ebx
-       roll    $5,%esi
-       xorl    16(%rsp),%eax
-       xorl    %edx,%ebx
-       addl    %esi,%edi
-       xorl    36(%rsp),%eax
-       roll    $30,%r11d
-       addl    %ebx,%edi
-       roll    $1,%eax
-       movl    %eax,48(%rsp)
-       leal    -899497514(%rax,%rdx,1),%esi
-       movl    52(%rsp),%eax
-       movl    %r11d,%ebx
-       movl    %edi,%edx
-       xorl    60(%rsp),%eax
-       xorl    %ebp,%ebx
+       roll    $5,%ebp
+       xorl    %ebx,%edi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %edi,%edx
+       addl    32(%rsp),%ecx
+       xorl    %ebx,%esi
+.byte  102,15,56,0,214
+       movl    %edx,%edi
        roll    $5,%edx
-       xorl    20(%rsp),%eax
-       xorl    %r12d,%ebx
-       addl    %edx,%esi
-       xorl    40(%rsp),%eax
-       roll    $30,%ebp
-       addl    %ebx,%esi
-       roll    $1,%eax
-       leal    -899497514(%rax,%r12,1),%edx
-       movl    56(%rsp),%eax
-       movl    %ebp,%ebx
-       movl    %esi,%r12d
-       xorl    0(%rsp),%eax
-       xorl    %edi,%ebx
-       roll    $5,%r12d
-       xorl    24(%rsp),%eax
-       xorl    %r11d,%ebx
-       addl    %r12d,%edx
-       xorl    44(%rsp),%eax
-       roll    $30,%edi
-       addl    %ebx,%edx
-       roll    $1,%eax
-       leal    -899497514(%rax,%r11,1),%r12d
-       movl    60(%rsp),%eax
-       movl    %edi,%ebx
-       movl    %edx,%r11d
-       xorl    4(%rsp),%eax
-       xorl    %esi,%ebx
-       roll    $5,%r11d
-       xorl    28(%rsp),%eax
-       xorl    %ebp,%ebx
-       addl    %r11d,%r12d
-       xorl    48(%rsp),%eax
-       roll    $30,%esi
-       addl    %ebx,%r12d
-       roll    $1,%eax
-       leal    -899497514(%rax,%rbp,1),%r11d
-       movl    %esi,%ebx
-       movl    %r12d,%ebp
-       xorl    %edx,%ebx
+       paddd   %xmm9,%xmm1
+       xorl    %eax,%esi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %esi,%ecx
+       movdqa  %xmm1,16(%rsp)
+       addl    36(%rsp),%ebx
+       xorl    %eax,%edi
+       psubd   %xmm9,%xmm1
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       xorl    %ebp,%edi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %edi,%ebx
+       addl    40(%rsp),%eax
+       xorl    %ebp,%esi
+       movl    %ebx,%edi
+       roll    $5,%ebx
+       xorl    %edx,%esi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %esi,%eax
+       addl    44(%rsp),%ebp
+       xorl    %edx,%edi
+       movl    %eax,%esi
+       roll    $5,%eax
+       xorl    %ecx,%edi
+       addl    %eax,%ebp
+       rorl    $7,%ebx
+       addl    %edi,%ebp
+       addl    48(%rsp),%edx
+       xorl    %ecx,%esi
+.byte  102,15,56,0,222
+       movl    %ebp,%edi
        roll    $5,%ebp
-       xorl    %edi,%ebx
-       addl    %ebp,%r11d
-       roll    $30,%edx
-       addl    %ebx,%r11d
-       addl    0(%r8),%r11d
-       addl    4(%r8),%r12d
-       addl    8(%r8),%edx
-       addl    12(%r8),%esi
-       addl    16(%r8),%edi
-       movl    %r11d,0(%r8)
-       movl    %r12d,4(%r8)
-       movl    %edx,8(%r8)
-       movl    %esi,12(%r8)
-       movl    %edi,16(%r8)
-
-       xchgl   %r11d,%edx
-       xchgl   %r12d,%esi
-       xchgl   %r11d,%edi
-       xchgl   %r12d,%ebp
+       paddd   %xmm9,%xmm2
+       xorl    %ebx,%esi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %esi,%edx
+       movdqa  %xmm2,32(%rsp)
+       addl    52(%rsp),%ecx
+       xorl    %ebx,%edi
+       psubd   %xmm9,%xmm2
+       movl    %edx,%esi
+       roll    $5,%edx
+       xorl    %eax,%edi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %edi,%ecx
+       addl    56(%rsp),%ebx
+       xorl    %eax,%esi
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       xorl    %ebp,%esi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       addl    60(%rsp),%eax
+       xorl    %ebp,%edi
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       xorl    %edx,%edi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       addl    0(%r8),%eax
+       addl    4(%r8),%esi
+       addl    8(%r8),%ecx
+       addl    12(%r8),%edx
+       movl    %eax,0(%r8)
+       addl    16(%r8),%ebp
+       movl    %esi,4(%r8)
+       movl    %esi,%ebx
+       movl    %ecx,8(%r8)
+       movl    %edx,12(%r8)
+       movl    %ebp,16(%r8)
+       jmp     L$oop_ssse3
 
-       leaq    64(%r9),%r9
-       subq    $1,%r10
-       jnz     L$loop
-       movq    64(%rsp),%rsi
-       movq    (%rsi),%r12
+.p2align       4
+L$done_ssse3:
+       addl    16(%rsp),%ebx
+       xorl    %eax,%esi
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       xorl    %ebp,%esi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       addl    20(%rsp),%eax
+       xorl    %ebp,%edi
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       xorl    %edx,%edi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       addl    24(%rsp),%ebp
+       xorl    %edx,%esi
+       movl    %eax,%edi
+       roll    $5,%eax
+       xorl    %ecx,%esi
+       addl    %eax,%ebp
+       rorl    $7,%ebx
+       addl    %esi,%ebp
+       addl    28(%rsp),%edx
+       xorl    %ecx,%edi
+       movl    %ebp,%esi
+       roll    $5,%ebp
+       xorl    %ebx,%edi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %edi,%edx
+       addl    32(%rsp),%ecx
+       xorl    %ebx,%esi
+       movl    %edx,%edi
+       roll    $5,%edx
+       xorl    %eax,%esi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %esi,%ecx
+       addl    36(%rsp),%ebx
+       xorl    %eax,%edi
+       movl    %ecx,%esi
+       roll    $5,%ecx
+       xorl    %ebp,%edi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %edi,%ebx
+       addl    40(%rsp),%eax
+       xorl    %ebp,%esi
+       movl    %ebx,%edi
+       roll    $5,%ebx
+       xorl    %edx,%esi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %esi,%eax
+       addl    44(%rsp),%ebp
+       xorl    %edx,%edi
+       movl    %eax,%esi
+       roll    $5,%eax
+       xorl    %ecx,%edi
+       addl    %eax,%ebp
+       rorl    $7,%ebx
+       addl    %edi,%ebp
+       addl    48(%rsp),%edx
+       xorl    %ecx,%esi
+       movl    %ebp,%edi
+       roll    $5,%ebp
+       xorl    %ebx,%esi
+       addl    %ebp,%edx
+       rorl    $7,%eax
+       addl    %esi,%edx
+       addl    52(%rsp),%ecx
+       xorl    %ebx,%edi
+       movl    %edx,%esi
+       roll    $5,%edx
+       xorl    %eax,%edi
+       addl    %edx,%ecx
+       rorl    $7,%ebp
+       addl    %edi,%ecx
+       addl    56(%rsp),%ebx
+       xorl    %eax,%esi
+       movl    %ecx,%edi
+       roll    $5,%ecx
+       xorl    %ebp,%esi
+       addl    %ecx,%ebx
+       rorl    $7,%edx
+       addl    %esi,%ebx
+       addl    60(%rsp),%eax
+       xorl    %ebp,%edi
+       movl    %ebx,%esi
+       roll    $5,%ebx
+       xorl    %edx,%edi
+       addl    %ebx,%eax
+       rorl    $7,%ecx
+       addl    %edi,%eax
+       addl    0(%r8),%eax
+       addl    4(%r8),%esi
+       addl    8(%r8),%ecx
+       movl    %eax,0(%r8)
+       addl    12(%r8),%edx
+       movl    %esi,4(%r8)
+       addl    16(%r8),%ebp
+       movl    %ecx,8(%r8)
+       movl    %edx,12(%r8)
+       movl    %ebp,16(%r8)
+       leaq    64(%rsp),%rsi
+       movq    0(%rsi),%r12
        movq    8(%rsi),%rbp
        movq    16(%rsi),%rbx
        leaq    24(%rsi),%rsp
-L$epilogue:
+L$epilogue_ssse3:
        .byte   0xf3,0xc3
 
+.p2align       6
+K_XX_XX:
+.long  0x5a827999,0x5a827999,0x5a827999,0x5a827999
+
+.long  0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1
+
+.long  0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc
+
+.long  0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6
+
+.long  0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+
 .byte  83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
-.p2align       4
+.p2align       6

diff --git a/deps/openssl/asm/x64-macosx-gas/sha/sha512-x86_64.s b/deps/openssl/asm/x64-macosx-gas/sha/sha512-x86_64.s
index 73c4990..dda5a96 100644 (file)
--- a/deps/openssl/asm/x64-macosx-gas/sha/sha512-x86_64.s
+++ b/deps/openssl/asm/x64-macosx-gas/sha/sha512-x86_64.s
@@ -38,1880 +38,1688 @@ L$prologue:
 L$loop:
        xorq    %rdi,%rdi
        movl    0(%rsi),%r12d
-       bswapl  %r12d
        movl    %r8d,%r13d
-       movl    %r8d,%r14d
+       movl    %eax,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %r9d,%r15d
+       movl    %r12d,0(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r8d,%r13d
        xorl    %r10d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r11d,%r12d
+       xorl    %eax,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r8d,%r15d
-       movl    %r12d,0(%rsp)
+       movl    %ebx,%r11d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r8d,%r13d
        xorl    %r10d,%r15d
-       addl    %r11d,%r12d
-
-       movl    %eax,%r11d
-       addl    %r13d,%r12d
 
+       xorl    %ecx,%r11d
+       xorl    %eax,%r14d
        addl    %r15d,%r12d
-       movl    %eax,%r13d
-       movl    %eax,%r14d
+       movl    %ebx,%r15d
 
-       rorl    $2,%r11d
-       rorl    $13,%r13d
-       movl    %eax,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %eax,%r11d
+       andl    %ecx,%r15d
 
-       xorl    %r13d,%r11d
-       rorl    $9,%r13d
-       orl     %ecx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r11d
 
-       xorl    %r13d,%r11d
-       andl    %ecx,%r15d
        addl    %r12d,%edx
-
-       andl    %ebx,%r14d
        addl    %r12d,%r11d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r11d
+
        movl    4(%rsi),%r12d
-       bswapl  %r12d
        movl    %edx,%r13d
-       movl    %edx,%r14d
+       movl    %r11d,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %r8d,%r15d
+       movl    %r12d,4(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %edx,%r13d
        xorl    %r9d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r10d,%r12d
+       xorl    %r11d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %edx,%r15d
-       movl    %r12d,4(%rsp)
+       movl    %eax,%r10d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %edx,%r13d
        xorl    %r9d,%r15d
-       addl    %r10d,%r12d
-
-       movl    %r11d,%r10d
-       addl    %r13d,%r12d
 
+       xorl    %ebx,%r10d
+       xorl    %r11d,%r14d
        addl    %r15d,%r12d
-       movl    %r11d,%r13d
-       movl    %r11d,%r14d
+       movl    %eax,%r15d
 
-       rorl    $2,%r10d
-       rorl    $13,%r13d
-       movl    %r11d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r11d,%r10d
+       andl    %ebx,%r15d
 
-       xorl    %r13d,%r10d
-       rorl    $9,%r13d
-       orl     %ebx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r10d
 
-       xorl    %r13d,%r10d
-       andl    %ebx,%r15d
        addl    %r12d,%ecx
-
-       andl    %eax,%r14d
        addl    %r12d,%r10d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r10d
+
        movl    8(%rsi),%r12d
-       bswapl  %r12d
        movl    %ecx,%r13d
-       movl    %ecx,%r14d
+       movl    %r10d,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %edx,%r15d
+       movl    %r12d,8(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %ecx,%r13d
        xorl    %r8d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r9d,%r12d
+       xorl    %r10d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %ecx,%r15d
-       movl    %r12d,8(%rsp)
+       movl    %r11d,%r9d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %ecx,%r13d
        xorl    %r8d,%r15d
-       addl    %r9d,%r12d
-
-       movl    %r10d,%r9d
-       addl    %r13d,%r12d
 
+       xorl    %eax,%r9d
+       xorl    %r10d,%r14d
        addl    %r15d,%r12d
-       movl    %r10d,%r13d
-       movl    %r10d,%r14d
+       movl    %r11d,%r15d
 
-       rorl    $2,%r9d
-       rorl    $13,%r13d
-       movl    %r10d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r10d,%r9d
+       andl    %eax,%r15d
 
-       xorl    %r13d,%r9d
-       rorl    $9,%r13d
-       orl     %eax,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r9d
 
-       xorl    %r13d,%r9d
-       andl    %eax,%r15d
        addl    %r12d,%ebx
-
-       andl    %r11d,%r14d
        addl    %r12d,%r9d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r9d
+
        movl    12(%rsi),%r12d
-       bswapl  %r12d
        movl    %ebx,%r13d
-       movl    %ebx,%r14d
+       movl    %r9d,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %ecx,%r15d
+       movl    %r12d,12(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %ebx,%r13d
        xorl    %edx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r8d,%r12d
+       xorl    %r9d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %ebx,%r15d
-       movl    %r12d,12(%rsp)
+       movl    %r10d,%r8d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %ebx,%r13d
        xorl    %edx,%r15d
-       addl    %r8d,%r12d
-
-       movl    %r9d,%r8d
-       addl    %r13d,%r12d
 
+       xorl    %r11d,%r8d
+       xorl    %r9d,%r14d
        addl    %r15d,%r12d
-       movl    %r9d,%r13d
-       movl    %r9d,%r14d
+       movl    %r10d,%r15d
 
-       rorl    $2,%r8d
-       rorl    $13,%r13d
-       movl    %r9d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r9d,%r8d
+       andl    %r11d,%r15d
 
-       xorl    %r13d,%r8d
-       rorl    $9,%r13d
-       orl     %r11d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r8d
 
-       xorl    %r13d,%r8d
-       andl    %r11d,%r15d
        addl    %r12d,%eax
-
-       andl    %r10d,%r14d
        addl    %r12d,%r8d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r8d
+
        movl    16(%rsi),%r12d
-       bswapl  %r12d
        movl    %eax,%r13d
-       movl    %eax,%r14d
+       movl    %r8d,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %ebx,%r15d
+       movl    %r12d,16(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %eax,%r13d
        xorl    %ecx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %edx,%r12d
+       xorl    %r8d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %eax,%r15d
-       movl    %r12d,16(%rsp)
+       movl    %r9d,%edx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %eax,%r13d
        xorl    %ecx,%r15d
-       addl    %edx,%r12d
-
-       movl    %r8d,%edx
-       addl    %r13d,%r12d
 
+       xorl    %r10d,%edx
+       xorl    %r8d,%r14d
        addl    %r15d,%r12d
-       movl    %r8d,%r13d
-       movl    %r8d,%r14d
+       movl    %r9d,%r15d
 
-       rorl    $2,%edx
-       rorl    $13,%r13d
-       movl    %r8d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r8d,%edx
+       andl    %r10d,%r15d
 
-       xorl    %r13d,%edx
-       rorl    $9,%r13d
-       orl     %r10d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%edx
 
-       xorl    %r13d,%edx
-       andl    %r10d,%r15d
        addl    %r12d,%r11d
-
-       andl    %r9d,%r14d
        addl    %r12d,%edx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%edx
+
        movl    20(%rsi),%r12d
-       bswapl  %r12d
        movl    %r11d,%r13d
-       movl    %r11d,%r14d
+       movl    %edx,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %eax,%r15d
+       movl    %r12d,20(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r11d,%r13d
        xorl    %ebx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %ecx,%r12d
+       xorl    %edx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r11d,%r15d
-       movl    %r12d,20(%rsp)
+       movl    %r8d,%ecx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r11d,%r13d
        xorl    %ebx,%r15d
-       addl    %ecx,%r12d
-
-       movl    %edx,%ecx
-       addl    %r13d,%r12d
 
+       xorl    %r9d,%ecx
+       xorl    %edx,%r14d
        addl    %r15d,%r12d
-       movl    %edx,%r13d
-       movl    %edx,%r14d
+       movl    %r8d,%r15d
 
-       rorl    $2,%ecx
-       rorl    $13,%r13d
-       movl    %edx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %edx,%ecx
+       andl    %r9d,%r15d
 
-       xorl    %r13d,%ecx
-       rorl    $9,%r13d
-       orl     %r9d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%ecx
 
-       xorl    %r13d,%ecx
-       andl    %r9d,%r15d
        addl    %r12d,%r10d
-
-       andl    %r8d,%r14d
        addl    %r12d,%ecx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%ecx
+
        movl    24(%rsi),%r12d
-       bswapl  %r12d
        movl    %r10d,%r13d
-       movl    %r10d,%r14d
+       movl    %ecx,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %r11d,%r15d
+       movl    %r12d,24(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r10d,%r13d
        xorl    %eax,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %ebx,%r12d
+       xorl    %ecx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r10d,%r15d
-       movl    %r12d,24(%rsp)
+       movl    %edx,%ebx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r10d,%r13d
        xorl    %eax,%r15d
-       addl    %ebx,%r12d
-
-       movl    %ecx,%ebx
-       addl    %r13d,%r12d
 
+       xorl    %r8d,%ebx
+       xorl    %ecx,%r14d
        addl    %r15d,%r12d
-       movl    %ecx,%r13d
-       movl    %ecx,%r14d
+       movl    %edx,%r15d
 
-       rorl    $2,%ebx
-       rorl    $13,%r13d
-       movl    %ecx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %ecx,%ebx
+       andl    %r8d,%r15d
 
-       xorl    %r13d,%ebx
-       rorl    $9,%r13d
-       orl     %r8d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%ebx
 
-       xorl    %r13d,%ebx
-       andl    %r8d,%r15d
        addl    %r12d,%r9d
-
-       andl    %edx,%r14d
        addl    %r12d,%ebx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%ebx
+
        movl    28(%rsi),%r12d
-       bswapl  %r12d
        movl    %r9d,%r13d
-       movl    %r9d,%r14d
+       movl    %ebx,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %r10d,%r15d
+       movl    %r12d,28(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r9d,%r13d
        xorl    %r11d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %eax,%r12d
+       xorl    %ebx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r9d,%r15d
-       movl    %r12d,28(%rsp)
+       movl    %ecx,%eax
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r9d,%r13d
        xorl    %r11d,%r15d
-       addl    %eax,%r12d
-
-       movl    %ebx,%eax
-       addl    %r13d,%r12d
 
+       xorl    %edx,%eax
+       xorl    %ebx,%r14d
        addl    %r15d,%r12d
-       movl    %ebx,%r13d
-       movl    %ebx,%r14d
+       movl    %ecx,%r15d
 
-       rorl    $2,%eax
-       rorl    $13,%r13d
-       movl    %ebx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %ebx,%eax
+       andl    %edx,%r15d
 
-       xorl    %r13d,%eax
-       rorl    $9,%r13d
-       orl     %edx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%eax
 
-       xorl    %r13d,%eax
-       andl    %edx,%r15d
        addl    %r12d,%r8d
-
-       andl    %ecx,%r14d
        addl    %r12d,%eax
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%eax
+
        movl    32(%rsi),%r12d
-       bswapl  %r12d
        movl    %r8d,%r13d
-       movl    %r8d,%r14d
+       movl    %eax,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %r9d,%r15d
+       movl    %r12d,32(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r8d,%r13d
        xorl    %r10d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r11d,%r12d
+       xorl    %eax,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r8d,%r15d
-       movl    %r12d,32(%rsp)
+       movl    %ebx,%r11d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r8d,%r13d
        xorl    %r10d,%r15d
-       addl    %r11d,%r12d
-
-       movl    %eax,%r11d
-       addl    %r13d,%r12d
 
+       xorl    %ecx,%r11d
+       xorl    %eax,%r14d
        addl    %r15d,%r12d
-       movl    %eax,%r13d
-       movl    %eax,%r14d
+       movl    %ebx,%r15d
 
-       rorl    $2,%r11d
-       rorl    $13,%r13d
-       movl    %eax,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %eax,%r11d
+       andl    %ecx,%r15d
 
-       xorl    %r13d,%r11d
-       rorl    $9,%r13d
-       orl     %ecx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r11d
 
-       xorl    %r13d,%r11d
-       andl    %ecx,%r15d
        addl    %r12d,%edx
-
-       andl    %ebx,%r14d
        addl    %r12d,%r11d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r11d
+
        movl    36(%rsi),%r12d
-       bswapl  %r12d
        movl    %edx,%r13d
-       movl    %edx,%r14d
+       movl    %r11d,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %r8d,%r15d
-
-       rorl    $6,%r13d
-       rorl    $11,%r14d
-       xorl    %r9d,%r15d
-
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
-       andl    %edx,%r15d
        movl    %r12d,36(%rsp)
 
-       xorl    %r14d,%r13d
+       rorl    $9,%r14d
+       xorl    %edx,%r13d
        xorl    %r9d,%r15d
-       addl    %r10d,%r12d
-
-       movl    %r11d,%r10d
-       addl    %r13d,%r12d
 
-       addl    %r15d,%r12d
-       movl    %r11d,%r13d
-       movl    %r11d,%r14d
+       rorl    $5,%r13d
+       addl    %r10d,%r12d
+       xorl    %r11d,%r14d
 
-       rorl    $2,%r10d
-       rorl    $13,%r13d
-       movl    %r11d,%r15d
        addl    (%rbp,%rdi,4),%r12d
+       andl    %edx,%r15d
+       movl    %eax,%r10d
+
+       rorl    $11,%r14d
+       xorl    %edx,%r13d
+       xorl    %r9d,%r15d
 
-       xorl    %r13d,%r10d
-       rorl    $9,%r13d
-       orl     %ebx,%r14d
+       xorl    %ebx,%r10d
+       xorl    %r11d,%r14d
+       addl    %r15d,%r12d
+       movl    %eax,%r15d
 
-       xorl    %r13d,%r10d
+       rorl    $6,%r13d
+       andl    %r11d,%r10d
        andl    %ebx,%r15d
-       addl    %r12d,%ecx
 
-       andl    %eax,%r14d
-       addl    %r12d,%r10d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r10d
 
-       orl     %r15d,%r14d
+       addl    %r12d,%ecx
+       addl    %r12d,%r10d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r10d
+
        movl    40(%rsi),%r12d
-       bswapl  %r12d
        movl    %ecx,%r13d
-       movl    %ecx,%r14d
+       movl    %r10d,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %edx,%r15d
+       movl    %r12d,40(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %ecx,%r13d
        xorl    %r8d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r9d,%r12d
+       xorl    %r10d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %ecx,%r15d
-       movl    %r12d,40(%rsp)
+       movl    %r11d,%r9d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %ecx,%r13d
        xorl    %r8d,%r15d
-       addl    %r9d,%r12d
-
-       movl    %r10d,%r9d
-       addl    %r13d,%r12d
 
+       xorl    %eax,%r9d
+       xorl    %r10d,%r14d
        addl    %r15d,%r12d
-       movl    %r10d,%r13d
-       movl    %r10d,%r14d
+       movl    %r11d,%r15d
 
-       rorl    $2,%r9d
-       rorl    $13,%r13d
-       movl    %r10d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r10d,%r9d
+       andl    %eax,%r15d
 
-       xorl    %r13d,%r9d
-       rorl    $9,%r13d
-       orl     %eax,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r9d
 
-       xorl    %r13d,%r9d
-       andl    %eax,%r15d
        addl    %r12d,%ebx
-
-       andl    %r11d,%r14d
        addl    %r12d,%r9d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r9d
+
        movl    44(%rsi),%r12d
-       bswapl  %r12d
        movl    %ebx,%r13d
-       movl    %ebx,%r14d
+       movl    %r9d,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %ecx,%r15d
+       movl    %r12d,44(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %ebx,%r13d
        xorl    %edx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r8d,%r12d
+       xorl    %r9d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %ebx,%r15d
-       movl    %r12d,44(%rsp)
+       movl    %r10d,%r8d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %ebx,%r13d
        xorl    %edx,%r15d
-       addl    %r8d,%r12d
-
-       movl    %r9d,%r8d
-       addl    %r13d,%r12d
 
+       xorl    %r11d,%r8d
+       xorl    %r9d,%r14d
        addl    %r15d,%r12d
-       movl    %r9d,%r13d
-       movl    %r9d,%r14d
+       movl    %r10d,%r15d
 
-       rorl    $2,%r8d
-       rorl    $13,%r13d
-       movl    %r9d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r9d,%r8d
+       andl    %r11d,%r15d
 
-       xorl    %r13d,%r8d
-       rorl    $9,%r13d
-       orl     %r11d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r8d
 
-       xorl    %r13d,%r8d
-       andl    %r11d,%r15d
        addl    %r12d,%eax
-
-       andl    %r10d,%r14d
        addl    %r12d,%r8d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r8d
+
        movl    48(%rsi),%r12d
-       bswapl  %r12d
        movl    %eax,%r13d
-       movl    %eax,%r14d
+       movl    %r8d,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %ebx,%r15d
+       movl    %r12d,48(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %eax,%r13d
        xorl    %ecx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %edx,%r12d
+       xorl    %r8d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %eax,%r15d
-       movl    %r12d,48(%rsp)
+       movl    %r9d,%edx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %eax,%r13d
        xorl    %ecx,%r15d
-       addl    %edx,%r12d
-
-       movl    %r8d,%edx
-       addl    %r13d,%r12d
 
+       xorl    %r10d,%edx
+       xorl    %r8d,%r14d
        addl    %r15d,%r12d
-       movl    %r8d,%r13d
-       movl    %r8d,%r14d
+       movl    %r9d,%r15d
 
-       rorl    $2,%edx
-       rorl    $13,%r13d
-       movl    %r8d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r8d,%edx
+       andl    %r10d,%r15d
 
-       xorl    %r13d,%edx
-       rorl    $9,%r13d
-       orl     %r10d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%edx
 
-       xorl    %r13d,%edx
-       andl    %r10d,%r15d
        addl    %r12d,%r11d
-
-       andl    %r9d,%r14d
        addl    %r12d,%edx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%edx
+
        movl    52(%rsi),%r12d
-       bswapl  %r12d
        movl    %r11d,%r13d
-       movl    %r11d,%r14d
+       movl    %edx,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %eax,%r15d
+       movl    %r12d,52(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r11d,%r13d
        xorl    %ebx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %ecx,%r12d
+       xorl    %edx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r11d,%r15d
-       movl    %r12d,52(%rsp)
+       movl    %r8d,%ecx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r11d,%r13d
        xorl    %ebx,%r15d
-       addl    %ecx,%r12d
-
-       movl    %edx,%ecx
-       addl    %r13d,%r12d
 
+       xorl    %r9d,%ecx
+       xorl    %edx,%r14d
        addl    %r15d,%r12d
-       movl    %edx,%r13d
-       movl    %edx,%r14d
+       movl    %r8d,%r15d
 
-       rorl    $2,%ecx
-       rorl    $13,%r13d
-       movl    %edx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %edx,%ecx
+       andl    %r9d,%r15d
 
-       xorl    %r13d,%ecx
-       rorl    $9,%r13d
-       orl     %r9d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%ecx
 
-       xorl    %r13d,%ecx
-       andl    %r9d,%r15d
        addl    %r12d,%r10d
-
-       andl    %r8d,%r14d
        addl    %r12d,%ecx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%ecx
+
        movl    56(%rsi),%r12d
-       bswapl  %r12d
        movl    %r10d,%r13d
-       movl    %r10d,%r14d
+       movl    %ecx,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %r11d,%r15d
+       movl    %r12d,56(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r10d,%r13d
        xorl    %eax,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %ebx,%r12d
+       xorl    %ecx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r10d,%r15d
-       movl    %r12d,56(%rsp)
+       movl    %edx,%ebx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r10d,%r13d
        xorl    %eax,%r15d
-       addl    %ebx,%r12d
-
-       movl    %ecx,%ebx
-       addl    %r13d,%r12d
 
+       xorl    %r8d,%ebx
+       xorl    %ecx,%r14d
        addl    %r15d,%r12d
-       movl    %ecx,%r13d
-       movl    %ecx,%r14d
+       movl    %edx,%r15d
 
-       rorl    $2,%ebx
-       rorl    $13,%r13d
-       movl    %ecx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %ecx,%ebx
+       andl    %r8d,%r15d
 
-       xorl    %r13d,%ebx
-       rorl    $9,%r13d
-       orl     %r8d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%ebx
 
-       xorl    %r13d,%ebx
-       andl    %r8d,%r15d
        addl    %r12d,%r9d
-
-       andl    %edx,%r14d
        addl    %r12d,%ebx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%ebx
+
        movl    60(%rsi),%r12d
-       bswapl  %r12d
        movl    %r9d,%r13d
-       movl    %r9d,%r14d
+       movl    %ebx,%r14d
+       bswapl  %r12d
+       rorl    $14,%r13d
        movl    %r10d,%r15d
+       movl    %r12d,60(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r9d,%r13d
        xorl    %r11d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %eax,%r12d
+       xorl    %ebx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r9d,%r15d
-       movl    %r12d,60(%rsp)
+       movl    %ecx,%eax
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r9d,%r13d
        xorl    %r11d,%r15d
-       addl    %eax,%r12d
-
-       movl    %ebx,%eax
-       addl    %r13d,%r12d
 
+       xorl    %edx,%eax
+       xorl    %ebx,%r14d
        addl    %r15d,%r12d
-       movl    %ebx,%r13d
-       movl    %ebx,%r14d
+       movl    %ecx,%r15d
 
-       rorl    $2,%eax
-       rorl    $13,%r13d
-       movl    %ebx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %ebx,%eax
+       andl    %edx,%r15d
 
-       xorl    %r13d,%eax
-       rorl    $9,%r13d
-       orl     %edx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%eax
 
-       xorl    %r13d,%eax
-       andl    %edx,%r15d
        addl    %r12d,%r8d
-
-       andl    %ecx,%r14d
        addl    %r12d,%eax
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%eax
+
        jmp     L$rounds_16_xx
 .p2align       4
 L$rounds_16_xx:
        movl    4(%rsp),%r13d
-       movl    56(%rsp),%r12d
-
-       movl    %r13d,%r15d
+       movl    56(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    36(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    36(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    0(%rsp),%r12d
        movl    %r8d,%r13d
-       movl    %r8d,%r14d
+       addl    %r14d,%r12d
+       movl    %eax,%r14d
+       rorl    $14,%r13d
        movl    %r9d,%r15d
+       movl    %r12d,0(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r8d,%r13d
        xorl    %r10d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r11d,%r12d
+       xorl    %eax,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r8d,%r15d
-       movl    %r12d,0(%rsp)
+       movl    %ebx,%r11d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r8d,%r13d
        xorl    %r10d,%r15d
-       addl    %r11d,%r12d
-
-       movl    %eax,%r11d
-       addl    %r13d,%r12d
 
+       xorl    %ecx,%r11d
+       xorl    %eax,%r14d
        addl    %r15d,%r12d
-       movl    %eax,%r13d
-       movl    %eax,%r14d
+       movl    %ebx,%r15d
 
-       rorl    $2,%r11d
-       rorl    $13,%r13d
-       movl    %eax,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %eax,%r11d
+       andl    %ecx,%r15d
 
-       xorl    %r13d,%r11d
-       rorl    $9,%r13d
-       orl     %ecx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r11d
 
-       xorl    %r13d,%r11d
-       andl    %ecx,%r15d
        addl    %r12d,%edx
-
-       andl    %ebx,%r14d
        addl    %r12d,%r11d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r11d
-       movl    8(%rsp),%r13d
-       movl    60(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    8(%rsp),%r13d
+       movl    60(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    40(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    40(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    4(%rsp),%r12d
        movl    %edx,%r13d
-       movl    %edx,%r14d
+       addl    %r14d,%r12d
+       movl    %r11d,%r14d
+       rorl    $14,%r13d
        movl    %r8d,%r15d
+       movl    %r12d,4(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %edx,%r13d
        xorl    %r9d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r10d,%r12d
+       xorl    %r11d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %edx,%r15d
-       movl    %r12d,4(%rsp)
+       movl    %eax,%r10d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %edx,%r13d
        xorl    %r9d,%r15d
-       addl    %r10d,%r12d
-
-       movl    %r11d,%r10d
-       addl    %r13d,%r12d
 
+       xorl    %ebx,%r10d
+       xorl    %r11d,%r14d
        addl    %r15d,%r12d
-       movl    %r11d,%r13d
-       movl    %r11d,%r14d
+       movl    %eax,%r15d
 
-       rorl    $2,%r10d
-       rorl    $13,%r13d
-       movl    %r11d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r11d,%r10d
+       andl    %ebx,%r15d
 
-       xorl    %r13d,%r10d
-       rorl    $9,%r13d
-       orl     %ebx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r10d
 
-       xorl    %r13d,%r10d
-       andl    %ebx,%r15d
        addl    %r12d,%ecx
-
-       andl    %eax,%r14d
        addl    %r12d,%r10d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r10d
-       movl    12(%rsp),%r13d
-       movl    0(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    12(%rsp),%r13d
+       movl    0(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    44(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    44(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    8(%rsp),%r12d
        movl    %ecx,%r13d
-       movl    %ecx,%r14d
+       addl    %r14d,%r12d
+       movl    %r10d,%r14d
+       rorl    $14,%r13d
        movl    %edx,%r15d
+       movl    %r12d,8(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %ecx,%r13d
        xorl    %r8d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r9d,%r12d
+       xorl    %r10d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %ecx,%r15d
-       movl    %r12d,8(%rsp)
+       movl    %r11d,%r9d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %ecx,%r13d
        xorl    %r8d,%r15d
-       addl    %r9d,%r12d
-
-       movl    %r10d,%r9d
-       addl    %r13d,%r12d
 
+       xorl    %eax,%r9d
+       xorl    %r10d,%r14d
        addl    %r15d,%r12d
-       movl    %r10d,%r13d
-       movl    %r10d,%r14d
+       movl    %r11d,%r15d
 
-       rorl    $2,%r9d
-       rorl    $13,%r13d
-       movl    %r10d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r10d,%r9d
+       andl    %eax,%r15d
 
-       xorl    %r13d,%r9d
-       rorl    $9,%r13d
-       orl     %eax,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r9d
 
-       xorl    %r13d,%r9d
-       andl    %eax,%r15d
        addl    %r12d,%ebx
-
-       andl    %r11d,%r14d
        addl    %r12d,%r9d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r9d
-       movl    16(%rsp),%r13d
-       movl    4(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    16(%rsp),%r13d
+       movl    4(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    48(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    48(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    12(%rsp),%r12d
        movl    %ebx,%r13d
-       movl    %ebx,%r14d
+       addl    %r14d,%r12d
+       movl    %r9d,%r14d
+       rorl    $14,%r13d
        movl    %ecx,%r15d
+       movl    %r12d,12(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %ebx,%r13d
        xorl    %edx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r8d,%r12d
+       xorl    %r9d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %ebx,%r15d
-       movl    %r12d,12(%rsp)
+       movl    %r10d,%r8d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %ebx,%r13d
        xorl    %edx,%r15d
-       addl    %r8d,%r12d
-
-       movl    %r9d,%r8d
-       addl    %r13d,%r12d
 
+       xorl    %r11d,%r8d
+       xorl    %r9d,%r14d
        addl    %r15d,%r12d
-       movl    %r9d,%r13d
-       movl    %r9d,%r14d
+       movl    %r10d,%r15d
 
-       rorl    $2,%r8d
-       rorl    $13,%r13d
-       movl    %r9d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r9d,%r8d
+       andl    %r11d,%r15d
 
-       xorl    %r13d,%r8d
-       rorl    $9,%r13d
-       orl     %r11d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r8d
 
-       xorl    %r13d,%r8d
-       andl    %r11d,%r15d
        addl    %r12d,%eax
-
-       andl    %r10d,%r14d
        addl    %r12d,%r8d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r8d
-       movl    20(%rsp),%r13d
-       movl    8(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    20(%rsp),%r13d
+       movl    8(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    52(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    52(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    16(%rsp),%r12d
        movl    %eax,%r13d
-       movl    %eax,%r14d
+       addl    %r14d,%r12d
+       movl    %r8d,%r14d
+       rorl    $14,%r13d
        movl    %ebx,%r15d
+       movl    %r12d,16(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %eax,%r13d
        xorl    %ecx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %edx,%r12d
+       xorl    %r8d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %eax,%r15d
-       movl    %r12d,16(%rsp)
+       movl    %r9d,%edx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %eax,%r13d
        xorl    %ecx,%r15d
-       addl    %edx,%r12d
-
-       movl    %r8d,%edx
-       addl    %r13d,%r12d
 
+       xorl    %r10d,%edx
+       xorl    %r8d,%r14d
        addl    %r15d,%r12d
-       movl    %r8d,%r13d
-       movl    %r8d,%r14d
+       movl    %r9d,%r15d
 
-       rorl    $2,%edx
-       rorl    $13,%r13d
-       movl    %r8d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r8d,%edx
+       andl    %r10d,%r15d
 
-       xorl    %r13d,%edx
-       rorl    $9,%r13d
-       orl     %r10d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%edx
 
-       xorl    %r13d,%edx
-       andl    %r10d,%r15d
        addl    %r12d,%r11d
-
-       andl    %r9d,%r14d
        addl    %r12d,%edx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%edx
-       movl    24(%rsp),%r13d
-       movl    12(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    24(%rsp),%r13d
+       movl    12(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    56(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    56(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    20(%rsp),%r12d
        movl    %r11d,%r13d
-       movl    %r11d,%r14d
+       addl    %r14d,%r12d
+       movl    %edx,%r14d
+       rorl    $14,%r13d
        movl    %eax,%r15d
+       movl    %r12d,20(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r11d,%r13d
        xorl    %ebx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %ecx,%r12d
+       xorl    %edx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r11d,%r15d
-       movl    %r12d,20(%rsp)
+       movl    %r8d,%ecx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r11d,%r13d
        xorl    %ebx,%r15d
-       addl    %ecx,%r12d
-
-       movl    %edx,%ecx
-       addl    %r13d,%r12d
 
+       xorl    %r9d,%ecx
+       xorl    %edx,%r14d
        addl    %r15d,%r12d
-       movl    %edx,%r13d
-       movl    %edx,%r14d
+       movl    %r8d,%r15d
 
-       rorl    $2,%ecx
-       rorl    $13,%r13d
-       movl    %edx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %edx,%ecx
+       andl    %r9d,%r15d
 
-       xorl    %r13d,%ecx
-       rorl    $9,%r13d
-       orl     %r9d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%ecx
 
-       xorl    %r13d,%ecx
-       andl    %r9d,%r15d
        addl    %r12d,%r10d
-
-       andl    %r8d,%r14d
        addl    %r12d,%ecx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%ecx
-       movl    28(%rsp),%r13d
-       movl    16(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    28(%rsp),%r13d
+       movl    16(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    60(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    60(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    24(%rsp),%r12d
        movl    %r10d,%r13d
-       movl    %r10d,%r14d
+       addl    %r14d,%r12d
+       movl    %ecx,%r14d
+       rorl    $14,%r13d
        movl    %r11d,%r15d
+       movl    %r12d,24(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r10d,%r13d
        xorl    %eax,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %ebx,%r12d
+       xorl    %ecx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r10d,%r15d
-       movl    %r12d,24(%rsp)
+       movl    %edx,%ebx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r10d,%r13d
        xorl    %eax,%r15d
-       addl    %ebx,%r12d
-
-       movl    %ecx,%ebx
-       addl    %r13d,%r12d
 
+       xorl    %r8d,%ebx
+       xorl    %ecx,%r14d
        addl    %r15d,%r12d
-       movl    %ecx,%r13d
-       movl    %ecx,%r14d
+       movl    %edx,%r15d
 
-       rorl    $2,%ebx
-       rorl    $13,%r13d
-       movl    %ecx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %ecx,%ebx
+       andl    %r8d,%r15d
 
-       xorl    %r13d,%ebx
-       rorl    $9,%r13d
-       orl     %r8d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%ebx
 
-       xorl    %r13d,%ebx
-       andl    %r8d,%r15d
        addl    %r12d,%r9d
-
-       andl    %edx,%r14d
        addl    %r12d,%ebx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%ebx
-       movl    32(%rsp),%r13d
-       movl    20(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    32(%rsp),%r13d
+       movl    20(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    0(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    0(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    28(%rsp),%r12d
        movl    %r9d,%r13d
-       movl    %r9d,%r14d
+       addl    %r14d,%r12d
+       movl    %ebx,%r14d
+       rorl    $14,%r13d
        movl    %r10d,%r15d
+       movl    %r12d,28(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r9d,%r13d
        xorl    %r11d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %eax,%r12d
+       xorl    %ebx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r9d,%r15d
-       movl    %r12d,28(%rsp)
+       movl    %ecx,%eax
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r9d,%r13d
        xorl    %r11d,%r15d
-       addl    %eax,%r12d
-
-       movl    %ebx,%eax
-       addl    %r13d,%r12d
 
+       xorl    %edx,%eax
+       xorl    %ebx,%r14d
        addl    %r15d,%r12d
-       movl    %ebx,%r13d
-       movl    %ebx,%r14d
+       movl    %ecx,%r15d
 
-       rorl    $2,%eax
-       rorl    $13,%r13d
-       movl    %ebx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %ebx,%eax
+       andl    %edx,%r15d
 
-       xorl    %r13d,%eax
-       rorl    $9,%r13d
-       orl     %edx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%eax
 
-       xorl    %r13d,%eax
-       andl    %edx,%r15d
        addl    %r12d,%r8d
-
-       andl    %ecx,%r14d
        addl    %r12d,%eax
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%eax
-       movl    36(%rsp),%r13d
-       movl    24(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    36(%rsp),%r13d
+       movl    24(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
 
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
-
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    4(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    4(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    32(%rsp),%r12d
        movl    %r8d,%r13d
-       movl    %r8d,%r14d
+       addl    %r14d,%r12d
+       movl    %eax,%r14d
+       rorl    $14,%r13d
        movl    %r9d,%r15d
+       movl    %r12d,32(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r8d,%r13d
        xorl    %r10d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r11d,%r12d
+       xorl    %eax,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r8d,%r15d
-       movl    %r12d,32(%rsp)
+       movl    %ebx,%r11d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r8d,%r13d
        xorl    %r10d,%r15d
-       addl    %r11d,%r12d
-
-       movl    %eax,%r11d
-       addl    %r13d,%r12d
 
+       xorl    %ecx,%r11d
+       xorl    %eax,%r14d
        addl    %r15d,%r12d
-       movl    %eax,%r13d
-       movl    %eax,%r14d
-
-       rorl    $2,%r11d
-       rorl    $13,%r13d
-       movl    %eax,%r15d
-       addl    (%rbp,%rdi,4),%r12d
-
-       xorl    %r13d,%r11d
-       rorl    $9,%r13d
-       orl     %ecx,%r14d
+       movl    %ebx,%r15d
 
-       xorl    %r13d,%r11d
+       rorl    $6,%r13d
+       andl    %eax,%r11d
        andl    %ecx,%r15d
-       addl    %r12d,%edx
 
-       andl    %ebx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r11d
+
+       addl    %r12d,%edx
        addl    %r12d,%r11d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r11d
-       movl    40(%rsp),%r13d
-       movl    28(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    40(%rsp),%r13d
+       movl    28(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
-
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
 
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    8(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    8(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    36(%rsp),%r12d
        movl    %edx,%r13d
-       movl    %edx,%r14d
+       addl    %r14d,%r12d
+       movl    %r11d,%r14d
+       rorl    $14,%r13d
        movl    %r8d,%r15d
+       movl    %r12d,36(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %edx,%r13d
        xorl    %r9d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r10d,%r12d
+       xorl    %r11d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %edx,%r15d
-       movl    %r12d,36(%rsp)
+       movl    %eax,%r10d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %edx,%r13d
        xorl    %r9d,%r15d
-       addl    %r10d,%r12d
-
-       movl    %r11d,%r10d
-       addl    %r13d,%r12d
 
+       xorl    %ebx,%r10d
+       xorl    %r11d,%r14d
        addl    %r15d,%r12d
-       movl    %r11d,%r13d
-       movl    %r11d,%r14d
+       movl    %eax,%r15d
 
-       rorl    $2,%r10d
-       rorl    $13,%r13d
-       movl    %r11d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r11d,%r10d
+       andl    %ebx,%r15d
 
-       xorl    %r13d,%r10d
-       rorl    $9,%r13d
-       orl     %ebx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r10d
 
-       xorl    %r13d,%r10d
-       andl    %ebx,%r15d
        addl    %r12d,%ecx
-
-       andl    %eax,%r14d
        addl    %r12d,%r10d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r10d
-       movl    44(%rsp),%r13d
-       movl    32(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    44(%rsp),%r13d
+       movl    32(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
-
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
 
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    12(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    12(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    40(%rsp),%r12d
        movl    %ecx,%r13d
-       movl    %ecx,%r14d
+       addl    %r14d,%r12d
+       movl    %r10d,%r14d
+       rorl    $14,%r13d
        movl    %edx,%r15d
+       movl    %r12d,40(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %ecx,%r13d
        xorl    %r8d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r9d,%r12d
+       xorl    %r10d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %ecx,%r15d
-       movl    %r12d,40(%rsp)
+       movl    %r11d,%r9d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %ecx,%r13d
        xorl    %r8d,%r15d
-       addl    %r9d,%r12d
-
-       movl    %r10d,%r9d
-       addl    %r13d,%r12d
 
+       xorl    %eax,%r9d
+       xorl    %r10d,%r14d
        addl    %r15d,%r12d
-       movl    %r10d,%r13d
-       movl    %r10d,%r14d
+       movl    %r11d,%r15d
 
-       rorl    $2,%r9d
-       rorl    $13,%r13d
-       movl    %r10d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r10d,%r9d
+       andl    %eax,%r15d
 
-       xorl    %r13d,%r9d
-       rorl    $9,%r13d
-       orl     %eax,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r9d
 
-       xorl    %r13d,%r9d
-       andl    %eax,%r15d
        addl    %r12d,%ebx
-
-       andl    %r11d,%r14d
        addl    %r12d,%r9d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r9d
-       movl    48(%rsp),%r13d
-       movl    36(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    48(%rsp),%r13d
+       movl    36(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
-
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
 
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    16(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    16(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    44(%rsp),%r12d
        movl    %ebx,%r13d
-       movl    %ebx,%r14d
+       addl    %r14d,%r12d
+       movl    %r9d,%r14d
+       rorl    $14,%r13d
        movl    %ecx,%r15d
+       movl    %r12d,44(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %ebx,%r13d
        xorl    %edx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %r8d,%r12d
+       xorl    %r9d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %ebx,%r15d
-       movl    %r12d,44(%rsp)
+       movl    %r10d,%r8d
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %ebx,%r13d
        xorl    %edx,%r15d
-       addl    %r8d,%r12d
-
-       movl    %r9d,%r8d
-       addl    %r13d,%r12d
 
+       xorl    %r11d,%r8d
+       xorl    %r9d,%r14d
        addl    %r15d,%r12d
-       movl    %r9d,%r13d
-       movl    %r9d,%r14d
+       movl    %r10d,%r15d
 
-       rorl    $2,%r8d
-       rorl    $13,%r13d
-       movl    %r9d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r9d,%r8d
+       andl    %r11d,%r15d
 
-       xorl    %r13d,%r8d
-       rorl    $9,%r13d
-       orl     %r11d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%r8d
 
-       xorl    %r13d,%r8d
-       andl    %r11d,%r15d
        addl    %r12d,%eax
-
-       andl    %r10d,%r14d
        addl    %r12d,%r8d
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%r8d
-       movl    52(%rsp),%r13d
-       movl    40(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    52(%rsp),%r13d
+       movl    40(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
-
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
 
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    20(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    20(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    48(%rsp),%r12d
        movl    %eax,%r13d
-       movl    %eax,%r14d
+       addl    %r14d,%r12d
+       movl    %r8d,%r14d
+       rorl    $14,%r13d
        movl    %ebx,%r15d
+       movl    %r12d,48(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %eax,%r13d
        xorl    %ecx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %edx,%r12d
+       xorl    %r8d,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %eax,%r15d
-       movl    %r12d,48(%rsp)
+       movl    %r9d,%edx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %eax,%r13d
        xorl    %ecx,%r15d
-       addl    %edx,%r12d
-
-       movl    %r8d,%edx
-       addl    %r13d,%r12d
 
+       xorl    %r10d,%edx
+       xorl    %r8d,%r14d
        addl    %r15d,%r12d
-       movl    %r8d,%r13d
-       movl    %r8d,%r14d
+       movl    %r9d,%r15d
 
-       rorl    $2,%edx
-       rorl    $13,%r13d
-       movl    %r8d,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %r8d,%edx
+       andl    %r10d,%r15d
 
-       xorl    %r13d,%edx
-       rorl    $9,%r13d
-       orl     %r10d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%edx
 
-       xorl    %r13d,%edx
-       andl    %r10d,%r15d
        addl    %r12d,%r11d
-
-       andl    %r9d,%r14d
        addl    %r12d,%edx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%edx
-       movl    56(%rsp),%r13d
-       movl    44(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    56(%rsp),%r13d
+       movl    44(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
-
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
 
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    24(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    24(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    52(%rsp),%r12d
        movl    %r11d,%r13d
-       movl    %r11d,%r14d
+       addl    %r14d,%r12d
+       movl    %edx,%r14d
+       rorl    $14,%r13d
        movl    %eax,%r15d
+       movl    %r12d,52(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r11d,%r13d
        xorl    %ebx,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %ecx,%r12d
+       xorl    %edx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r11d,%r15d
-       movl    %r12d,52(%rsp)
+       movl    %r8d,%ecx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r11d,%r13d
        xorl    %ebx,%r15d
-       addl    %ecx,%r12d
-
-       movl    %edx,%ecx
-       addl    %r13d,%r12d
 
+       xorl    %r9d,%ecx
+       xorl    %edx,%r14d
        addl    %r15d,%r12d
-       movl    %edx,%r13d
-       movl    %edx,%r14d
+       movl    %r8d,%r15d
 
-       rorl    $2,%ecx
-       rorl    $13,%r13d
-       movl    %edx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %edx,%ecx
+       andl    %r9d,%r15d
 
-       xorl    %r13d,%ecx
-       rorl    $9,%r13d
-       orl     %r9d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%ecx
 
-       xorl    %r13d,%ecx
-       andl    %r9d,%r15d
        addl    %r12d,%r10d
-
-       andl    %r8d,%r14d
        addl    %r12d,%ecx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%ecx
-       movl    60(%rsp),%r13d
-       movl    48(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    60(%rsp),%r13d
+       movl    48(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
-
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
 
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    28(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    28(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    56(%rsp),%r12d
        movl    %r10d,%r13d
-       movl    %r10d,%r14d
+       addl    %r14d,%r12d
+       movl    %ecx,%r14d
+       rorl    $14,%r13d
        movl    %r11d,%r15d
+       movl    %r12d,56(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r10d,%r13d
        xorl    %eax,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %ebx,%r12d
+       xorl    %ecx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r10d,%r15d
-       movl    %r12d,56(%rsp)
+       movl    %edx,%ebx
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r10d,%r13d
        xorl    %eax,%r15d
-       addl    %ebx,%r12d
-
-       movl    %ecx,%ebx
-       addl    %r13d,%r12d
 
+       xorl    %r8d,%ebx
+       xorl    %ecx,%r14d
        addl    %r15d,%r12d
-       movl    %ecx,%r13d
-       movl    %ecx,%r14d
+       movl    %edx,%r15d
 
-       rorl    $2,%ebx
-       rorl    $13,%r13d
-       movl    %ecx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %ecx,%ebx
+       andl    %r8d,%r15d
 
-       xorl    %r13d,%ebx
-       rorl    $9,%r13d
-       orl     %r8d,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%ebx
 
-       xorl    %r13d,%ebx
-       andl    %r8d,%r15d
        addl    %r12d,%r9d
-
-       andl    %edx,%r14d
        addl    %r12d,%ebx
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%ebx
-       movl    0(%rsp),%r13d
-       movl    52(%rsp),%r12d
 
-       movl    %r13d,%r15d
+       movl    0(%rsp),%r13d
+       movl    52(%rsp),%r14d
+       movl    %r13d,%r12d
+       movl    %r14d,%r15d
 
+       rorl    $11,%r12d
+       xorl    %r13d,%r12d
        shrl    $3,%r13d
-       rorl    $7,%r15d
-
-       xorl    %r15d,%r13d
-       rorl    $11,%r15d
-
-       xorl    %r15d,%r13d
-       movl    %r12d,%r14d
 
-       shrl    $10,%r12d
-       rorl    $17,%r14d
-
-       xorl    %r14d,%r12d
-       rorl    $2,%r14d
+       rorl    $7,%r12d
+       xorl    %r12d,%r13d
+       movl    32(%rsp),%r12d
 
-       xorl    %r14d,%r12d
+       rorl    $2,%r15d
+       xorl    %r14d,%r15d
+       shrl    $10,%r14d
 
+       rorl    $17,%r15d
        addl    %r13d,%r12d
-
-       addl    32(%rsp),%r12d
+       xorl    %r15d,%r14d
 
        addl    60(%rsp),%r12d
        movl    %r9d,%r13d
-       movl    %r9d,%r14d
+       addl    %r14d,%r12d
+       movl    %ebx,%r14d
+       rorl    $14,%r13d
        movl    %r10d,%r15d
+       movl    %r12d,60(%rsp)
 
-       rorl    $6,%r13d
-       rorl    $11,%r14d
+       rorl    $9,%r14d
+       xorl    %r9d,%r13d
        xorl    %r11d,%r15d
 
-       xorl    %r14d,%r13d
-       rorl    $14,%r14d
+       rorl    $5,%r13d
+       addl    %eax,%r12d
+       xorl    %ebx,%r14d
+
+       addl    (%rbp,%rdi,4),%r12d
        andl    %r9d,%r15d
-       movl    %r12d,60(%rsp)
+       movl    %ecx,%eax
 
-       xorl    %r14d,%r13d
+       rorl    $11,%r14d
+       xorl    %r9d,%r13d
        xorl    %r11d,%r15d
-       addl    %eax,%r12d
-
-       movl    %ebx,%eax
-       addl    %r13d,%r12d
 
+       xorl    %edx,%eax
+       xorl    %ebx,%r14d
        addl    %r15d,%r12d
-       movl    %ebx,%r13d
-       movl    %ebx,%r14d
+       movl    %ecx,%r15d
 
-       rorl    $2,%eax
-       rorl    $13,%r13d
-       movl    %ebx,%r15d
-       addl    (%rbp,%rdi,4),%r12d
+       rorl    $6,%r13d
+       andl    %ebx,%eax
+       andl    %edx,%r15d
 
-       xorl    %r13d,%eax
-       rorl    $9,%r13d
-       orl     %edx,%r14d
+       rorl    $2,%r14d
+       addl    %r13d,%r12d
+       addl    %r15d,%eax
 
-       xorl    %r13d,%eax
-       andl    %edx,%r15d
        addl    %r12d,%r8d
-
-       andl    %ecx,%r14d
        addl    %r12d,%eax
-
-       orl     %r15d,%r14d
        leaq    1(%rdi),%rdi
-
        addl    %r14d,%eax
+
        cmpq    $64,%rdi
        jb      L$rounds_16_xx
 

diff --git a/deps/openssl/asm/x64-macosx-gas/x86_64cpuid.s b/deps/openssl/asm/x64-macosx-gas/x86_64cpuid.s
index a1670e3..21e8a8f 100644 (file)
--- a/deps/openssl/asm/x64-macosx-gas/x86_64cpuid.s
+++ b/deps/openssl/asm/x64-macosx-gas/x86_64cpuid.s
@@ -1,8 +1,12 @@
 
+.private_extern        _OPENSSL_cpuid_setup
 .mod_init_func
        .p2align        3
        .quad   _OPENSSL_cpuid_setup
 
+.private_extern        _OPENSSL_ia32cap_P
+.comm  _OPENSSL_ia32cap_P,8,2
+
 .text
 
 
@@ -68,7 +72,15 @@ _OPENSSL_ia32_cpuid:
 
        movl    $2147483648,%eax
        cpuid
-       cmpl    $2147483656,%eax
+       cmpl    $2147483649,%eax
+       jb      L$intel
+       movl    %eax,%r10d
+       movl    $2147483649,%eax
+       cpuid
+       orl     %ecx,%r9d
+       andl    $2049,%r9d
+
+       cmpl    $2147483656,%r10d
        jb      L$intel
 
        movl    $2147483656,%eax
@@ -79,12 +91,12 @@ _OPENSSL_ia32_cpuid:
        movl    $1,%eax
        cpuid
        btl     $28,%edx
-       jnc     L$done
+       jnc     L$generic
        shrl    $16,%ebx
        cmpb    %r10b,%bl
-       ja      L$done
+       ja      L$generic
        andl    $4026531839,%edx
-       jmp     L$done
+       jmp     L$generic
 
 L$intel:
        cmpl    $4,%r11d
@@ -101,30 +113,48 @@ L$intel:
 L$nocacheinfo:
        movl    $1,%eax
        cpuid
+       andl    $3220176895,%edx
        cmpl    $0,%r9d
        jne     L$notintel
-       orl     $1048576,%edx
+       orl     $1073741824,%edx
        andb    $15,%ah
        cmpb    $15,%ah
-       je      L$notintel
-       orl     $1073741824,%edx
+       jne     L$notintel
+       orl     $1048576,%edx
 L$notintel:
        btl     $28,%edx
-       jnc     L$done
+       jnc     L$generic
        andl    $4026531839,%edx
        cmpl    $0,%r10d
-       je      L$done
+       je      L$generic
 
        orl     $268435456,%edx
        shrl    $16,%ebx
        cmpb    $1,%bl
-       ja      L$done
+       ja      L$generic
        andl    $4026531839,%edx
+L$generic:
+       andl    $2048,%r9d
+       andl    $4294965247,%ecx
+       orl     %ecx,%r9d
+
+       movl    %edx,%r10d
+       btl     $27,%r9d
+       jnc     L$clear_avx
+       xorl    %ecx,%ecx
+.byte  0x0f,0x01,0xd0
+
+       andl    $6,%eax
+       cmpl    $6,%eax
+       je      L$done
+L$clear_avx:
+       movl    $4026525695,%eax
+       andl    %eax,%r9d
 L$done:
-       shlq    $32,%rcx
-       movl    %edx,%eax
+       shlq    $32,%r9
+       movl    %r10d,%eax
        movq    %r8,%rbx
-       orq     %rcx,%rax
+       orq     %r9,%rax
        .byte   0xf3,0xc3
 
 
@@ -193,3 +223,16 @@ _OPENSSL_wipe_cpu:
        leaq    8(%rsp),%rax
        .byte   0xf3,0xc3
 
+.globl _OPENSSL_ia32_rdrand
+
+.p2align       4
+_OPENSSL_ia32_rdrand:
+       movl    $8,%ecx
+L$oop_rdrand:
+.byte  72,15,199,240
+       jc      L$break_rdrand
+       loop    L$oop_rdrand
+L$break_rdrand:
+       cmpq    $0,%rax
+       cmoveq  %rcx,%rax
+       .byte   0xf3,0xc3

diff --git a/deps/openssl/asm/x64-win32-masm/aes/aes-x86_64.asm b/deps/openssl/asm/x64-win32-masm/aes/aes-x86_64.asm
index 2c590b9..b9f6fd0 100644 (file)
--- a/deps/openssl/asm/x64-win32-masm/aes/aes-x86_64.asm
+++ b/deps/openssl/asm/x64-win32-masm/aes/aes-x86_64.asm
@@ -333,6 +333,9 @@ _x86_64_AES_encrypt_compact ENDP
 PUBLIC AES_encrypt
 
 ALIGN  16
+PUBLIC asm_AES_encrypt
+
+asm_AES_encrypt::
 AES_encrypt    PROC PUBLIC
        mov     QWORD PTR[8+rsp],rdi    ;WIN64 prologue
        mov     QWORD PTR[16+rsp],rsi
@@ -792,6 +795,9 @@ _x86_64_AES_decrypt_compact ENDP
 PUBLIC AES_decrypt
 
 ALIGN  16
+PUBLIC asm_AES_decrypt
+
+asm_AES_decrypt::
 AES_decrypt    PROC PUBLIC
        mov     QWORD PTR[8+rsp],rdi    ;WIN64 prologue
        mov     QWORD PTR[16+rsp],rsi
@@ -867,14 +873,14 @@ $L$dec_epilogue::
        DB      0F3h,0C3h               ;repret
 $L$SEH_end_AES_decrypt::
 AES_decrypt    ENDP
-PUBLIC AES_set_encrypt_key
+PUBLIC private_AES_set_encrypt_key
 
 ALIGN  16
-AES_set_encrypt_key    PROC PUBLIC
+private_AES_set_encrypt_key    PROC PUBLIC
        mov     QWORD PTR[8+rsp],rdi    ;WIN64 prologue
        mov     QWORD PTR[16+rsp],rsi
        mov     rax,rsp
-$L$SEH_begin_AES_set_encrypt_key::
+$L$SEH_begin_private_AES_set_encrypt_key::
        mov     rdi,rcx
        mov     rsi,rdx
        mov     rdx,r8
@@ -902,8 +908,8 @@ $L$enc_key_epilogue::
        mov     rdi,QWORD PTR[8+rsp]    ;WIN64 epilogue
        mov     rsi,QWORD PTR[16+rsp]
        DB      0F3h,0C3h               ;repret
-$L$SEH_end_AES_set_encrypt_key::
-AES_set_encrypt_key    ENDP
+$L$SEH_end_private_AES_set_encrypt_key::
+private_AES_set_encrypt_key    ENDP
 
 
 ALIGN  16
@@ -1145,14 +1151,14 @@ $L$exit::
 DB     0f3h,0c3h
 
 _x86_64_AES_set_encrypt_key    ENDP
-PUBLIC AES_set_decrypt_key
+PUBLIC private_AES_set_decrypt_key
 
 ALIGN  16
-AES_set_decrypt_key    PROC PUBLIC
+private_AES_set_decrypt_key    PROC PUBLIC
        mov     QWORD PTR[8+rsp],rdi    ;WIN64 prologue
        mov     QWORD PTR[16+rsp],rsi
        mov     rax,rsp
-$L$SEH_begin_AES_set_decrypt_key::
+$L$SEH_begin_private_AES_set_decrypt_key::
        mov     rdi,rcx
        mov     rsi,rdx
        mov     rdx,r8
@@ -1342,12 +1348,15 @@ $L$dec_key_epilogue::
        mov     rdi,QWORD PTR[8+rsp]    ;WIN64 epilogue
        mov     rsi,QWORD PTR[16+rsp]
        DB      0F3h,0C3h               ;repret
-$L$SEH_end_AES_set_decrypt_key::
-AES_set_decrypt_key    ENDP
+$L$SEH_end_private_AES_set_decrypt_key::
+private_AES_set_decrypt_key    ENDP
 PUBLIC AES_cbc_encrypt
 
 ALIGN  16
 EXTERN OPENSSL_ia32cap_P:NEAR
+PUBLIC asm_AES_cbc_encrypt
+
+asm_AES_cbc_encrypt::
 AES_cbc_encrypt        PROC PUBLIC
        mov     QWORD PTR[8+rsp],rdi    ;WIN64 prologue
        mov     QWORD PTR[16+rsp],rsi
@@ -2842,13 +2851,13 @@ ALIGN   4
        DD      imagerel $L$SEH_end_AES_decrypt
        DD      imagerel $L$SEH_info_AES_decrypt
 
-       DD      imagerel $L$SEH_begin_AES_set_encrypt_key
-       DD      imagerel $L$SEH_end_AES_set_encrypt_key
-       DD      imagerel $L$SEH_info_AES_set_encrypt_key
+       DD      imagerel $L$SEH_begin_private_AES_set_encrypt_key
+       DD      imagerel $L$SEH_end_private_AES_set_encrypt_key
+       DD      imagerel $L$SEH_info_private_AES_set_encrypt_key
 
-       DD      imagerel $L$SEH_begin_AES_set_decrypt_key
-       DD      imagerel $L$SEH_end_AES_set_decrypt_key
-       DD      imagerel $L$SEH_info_AES_set_decrypt_key
+       DD      imagerel $L$SEH_begin_private_AES_set_decrypt_key
+       DD      imagerel $L$SEH_end_private_AES_set_decrypt_key
+       DD      imagerel $L$SEH_info_private_AES_set_decrypt_key
 
        DD      imagerel $L$SEH_begin_AES_cbc_encrypt
        DD      imagerel $L$SEH_end_AES_cbc_encrypt
@@ -2867,12 +2876,12 @@ DB      9,0,0,0
        DD      imagerel block_se_handler
        DD      imagerel $L$dec_prologue,imagerel $L$dec_epilogue
 
-$L$SEH_info_AES_set_encrypt_key::
+$L$SEH_info_private_AES_set_encrypt_key::
 DB     9,0,0,0
        DD      imagerel key_se_handler
        DD      imagerel $L$enc_key_prologue,imagerel $L$enc_key_epilogue
 
-$L$SEH_info_AES_set_decrypt_key::
+$L$SEH_info_private_AES_set_decrypt_key::
 DB     9,0,0,0
        DD      imagerel key_se_handler
        DD      imagerel $L$dec_key_prologue,imagerel $L$dec_key_epilogue

diff --git a/deps/openssl/asm/x64-win32-masm/bn/x86_64-mont.asm b/deps/openssl/asm/x64-win32-masm/bn/x86_64-mont.asm
index 9e54d88..f4518aa 100644 (file)
--- a/deps/openssl/asm/x64-win32-masm/bn/x86_64-mont.asm
+++ b/deps/openssl/asm/x64-win32-masm/bn/x86_64-mont.asm
@@ -17,6 +17,641 @@ $L$SEH_begin_bn_mul_mont::
        mov     r9,QWORD PTR[48+rsp]
 
 
+       test    r9d,3
+       jnz     $L$mul_enter
+       cmp     r9d,8
+       jb      $L$mul_enter
+       cmp     rdx,rsi
+       jne     $L$mul4x_enter
+       jmp     $L$sqr4x_enter
+
+ALIGN  16
+$L$mul_enter::
+       push    rbx
+       push    rbp
+       push    r12
+       push    r13
+       push    r14
+       push    r15
+
+       mov     r9d,r9d
+       lea     r10,QWORD PTR[2+r9]
+       mov     r11,rsp
+       neg     r10
+       lea     rsp,QWORD PTR[r10*8+rsp]
+       and     rsp,-1024
+
+       mov     QWORD PTR[8+r9*8+rsp],r11
+$L$mul_body::
+       mov     r12,rdx
+       mov     r8,QWORD PTR[r8]
+       mov     rbx,QWORD PTR[r12]
+       mov     rax,QWORD PTR[rsi]
+
+       xor     r14,r14
+       xor     r15,r15
+
+       mov     rbp,r8
+       mul     rbx
+       mov     r10,rax
+       mov     rax,QWORD PTR[rcx]
+
+       imul    rbp,r10
+       mov     r11,rdx
+
+       mul     rbp
+       add     r10,rax
+       mov     rax,QWORD PTR[8+rsi]
+       adc     rdx,0
+       mov     r13,rdx
+
+       lea     r15,QWORD PTR[1+r15]
+       jmp     $L$1st_enter
+
+ALIGN  16
+$L$1st::
+       add     r13,rax
+       mov     rax,QWORD PTR[r15*8+rsi]
+       adc     rdx,0
+       add     r13,r11
+       mov     r11,r10
+       adc     rdx,0
+       mov     QWORD PTR[((-16))+r15*8+rsp],r13
+       mov     r13,rdx
+
+$L$1st_enter::
+       mul     rbx
+       add     r11,rax
+       mov     rax,QWORD PTR[r15*8+rcx]
+       adc     rdx,0
+       lea     r15,QWORD PTR[1+r15]
+       mov     r10,rdx
+
+       mul     rbp
+       cmp     r15,r9
+       jne     $L$1st
+
+       add     r13,rax
+       mov     rax,QWORD PTR[rsi]
+       adc     rdx,0
+       add     r13,r11
+       adc     rdx,0
+       mov     QWORD PTR[((-16))+r15*8+rsp],r13
+       mov     r13,rdx
+       mov     r11,r10
+
+       xor     rdx,rdx
+       add     r13,r11
+       adc     rdx,0
+       mov     QWORD PTR[((-8))+r9*8+rsp],r13
+       mov     QWORD PTR[r9*8+rsp],rdx
+
+       lea     r14,QWORD PTR[1+r14]
+       jmp     $L$outer
+ALIGN  16
+$L$outer::
+       mov     rbx,QWORD PTR[r14*8+r12]
+       xor     r15,r15
+       mov     rbp,r8
+       mov     r10,QWORD PTR[rsp]
+       mul     rbx
+       add     r10,rax
+       mov     rax,QWORD PTR[rcx]
+       adc     rdx,0
+
+       imul    rbp,r10
+       mov     r11,rdx
+
+       mul     rbp
+       add     r10,rax
+       mov     rax,QWORD PTR[8+rsi]
+       adc     rdx,0
+       mov     r10,QWORD PTR[8+rsp]
+       mov     r13,rdx
+
+       lea     r15,QWORD PTR[1+r15]
+       jmp     $L$inner_enter
+
+ALIGN  16
+$L$inner::
+       add     r13,rax
+       mov     rax,QWORD PTR[r15*8+rsi]
+       adc     rdx,0
+       add     r13,r10
+       mov     r10,QWORD PTR[r15*8+rsp]
+       adc     rdx,0
+       mov     QWORD PTR[((-16))+r15*8+rsp],r13
+       mov     r13,rdx
+
+$L$inner_enter::
+       mul     rbx
+       add     r11,rax
+       mov     rax,QWORD PTR[r15*8+rcx]
+       adc     rdx,0
+       add     r10,r11
+       mov     r11,rdx
+       adc     r11,0
+       lea     r15,QWORD PTR[1+r15]
+
+       mul     rbp
+       cmp     r15,r9
+       jne     $L$inner
+
+       add     r13,rax
+       mov     rax,QWORD PTR[rsi]
+       adc     rdx,0
+       add     r13,r10
+       mov     r10,QWORD PTR[r15*8+rsp]
+       adc     rdx,0
+       mov     QWORD PTR[((-16))+r15*8+rsp],r13
+       mov     r13,rdx
+
+       xor     rdx,rdx
+       add     r13,r11
+       adc     rdx,0
+       add     r13,r10
+       adc     rdx,0
+       mov     QWORD PTR[((-8))+r9*8+rsp],r13
+       mov     QWORD PTR[r9*8+rsp],rdx
+
+       lea     r14,QWORD PTR[1+r14]
+       cmp     r14,r9
+       jl      $L$outer
+
+       xor     r14,r14
+       mov     rax,QWORD PTR[rsp]
+       lea     rsi,QWORD PTR[rsp]
+       mov     r15,r9
+       jmp     $L$sub
+ALIGN  16
+$L$sub::       sbb     rax,QWORD PTR[r14*8+rcx]
+       mov     QWORD PTR[r14*8+rdi],rax
+       mov     rax,QWORD PTR[8+r14*8+rsi]
+       lea     r14,QWORD PTR[1+r14]
+       dec     r15
+       jnz     $L$sub
+
+       sbb     rax,0
+       xor     r14,r14
+       and     rsi,rax
+       not     rax
+       mov     rcx,rdi
+       and     rcx,rax
+       mov     r15,r9
+       or      rsi,rcx
+ALIGN  16
+$L$copy::
+       mov     rax,QWORD PTR[r14*8+rsi]
+       mov     QWORD PTR[r14*8+rsp],r14
+       mov     QWORD PTR[r14*8+rdi],rax
+       lea     r14,QWORD PTR[1+r14]
+       sub     r15,1
+       jnz     $L$copy
+
+       mov     rsi,QWORD PTR[8+r9*8+rsp]
+       mov     rax,1
+       mov     r15,QWORD PTR[rsi]
+       mov     r14,QWORD PTR[8+rsi]
+       mov     r13,QWORD PTR[16+rsi]
+       mov     r12,QWORD PTR[24+rsi]
+       mov     rbp,QWORD PTR[32+rsi]
+       mov     rbx,QWORD PTR[40+rsi]
+       lea     rsp,QWORD PTR[48+rsi]
+$L$mul_epilogue::
+       mov     rdi,QWORD PTR[8+rsp]    ;WIN64 epilogue
+       mov     rsi,QWORD PTR[16+rsp]
+       DB      0F3h,0C3h               ;repret
+$L$SEH_end_bn_mul_mont::
+bn_mul_mont    ENDP
+
+ALIGN  16
+bn_mul4x_mont  PROC PRIVATE
+       mov     QWORD PTR[8+rsp],rdi    ;WIN64 prologue
+       mov     QWORD PTR[16+rsp],rsi
+       mov     rax,rsp
+$L$SEH_begin_bn_mul4x_mont::
+       mov     rdi,rcx
+       mov     rsi,rdx
+       mov     rdx,r8
+       mov     rcx,r9
+       mov     r8,QWORD PTR[40+rsp]
+       mov     r9,QWORD PTR[48+rsp]
+
+
+$L$mul4x_enter::
+       push    rbx
+       push    rbp
+       push    r12
+       push    r13
+       push    r14
+       push    r15
+
+       mov     r9d,r9d
+       lea     r10,QWORD PTR[4+r9]
+       mov     r11,rsp
+       neg     r10
+       lea     rsp,QWORD PTR[r10*8+rsp]
+       and     rsp,-1024
+
+       mov     QWORD PTR[8+r9*8+rsp],r11
+$L$mul4x_body::
+       mov     QWORD PTR[16+r9*8+rsp],rdi
+       mov     r12,rdx
+       mov     r8,QWORD PTR[r8]
+       mov     rbx,QWORD PTR[r12]
+       mov     rax,QWORD PTR[rsi]
+
+       xor     r14,r14
+       xor     r15,r15
+
+       mov     rbp,r8
+       mul     rbx
+       mov     r10,rax
+       mov     rax,QWORD PTR[rcx]
+
+       imul    rbp,r10
+       mov     r11,rdx
+
+       mul     rbp
+       add     r10,rax
+       mov     rax,QWORD PTR[8+rsi]
+       adc     rdx,0
+       mov     rdi,rdx
+
+       mul     rbx
+       add     r11,rax
+       mov     rax,QWORD PTR[8+rcx]
+       adc     rdx,0
+       mov     r10,rdx
+
+       mul     rbp
+       add     rdi,rax
+       mov     rax,QWORD PTR[16+rsi]
+       adc     rdx,0
+       add     rdi,r11
+       lea     r15,QWORD PTR[4+r15]
+       adc     rdx,0
+       mov     QWORD PTR[rsp],rdi
+       mov     r13,rdx
+       jmp     $L$1st4x
+ALIGN  16
+$L$1st4x::
+       mul     rbx
+       add     r10,rax
+       mov     rax,QWORD PTR[((-16))+r15*8+rcx]
+       adc     rdx,0
+       mov     r11,rdx
+
+       mul     rbp
+       add     r13,rax
+       mov     rax,QWORD PTR[((-8))+r15*8+rsi]
+       adc     rdx,0
+       add     r13,r10
+       adc     rdx,0
+       mov     QWORD PTR[((-24))+r15*8+rsp],r13
+       mov     rdi,rdx
+
+       mul     rbx
+       add     r11,rax
+       mov     rax,QWORD PTR[((-8))+r15*8+rcx]
+       adc     rdx,0
+       mov     r10,rdx
+
+       mul     rbp
+       add     rdi,rax
+       mov     rax,QWORD PTR[r15*8+rsi]
+       adc     rdx,0
+       add     rdi,r11
+       adc     rdx,0
+       mov     QWORD PTR[((-16))+r15*8+rsp],rdi
+       mov     r13,rdx
+
+       mul     rbx
+       add     r10,rax
+       mov     rax,QWORD PTR[r15*8+rcx]
+       adc     rdx,0
+       mov     r11,rdx
+
+       mul     rbp
+       add     r13,rax
+       mov     rax,QWORD PTR[8+r15*8+rsi]
+       adc     rdx,0
+       add     r13,r10
+       adc     rdx,0
+       mov     QWORD PTR[((-8))+r15*8+rsp],r13
+       mov     rdi,rdx
+
+       mul     rbx
+       add     r11,rax
+       mov     rax,QWORD PTR[8+r15*8+rcx]
+       adc     rdx,0
+       lea     r15,QWORD PTR[4+r15]
+       mov     r10,rdx
+
+       mul     rbp
+       add     rdi,rax
+       mov     rax,QWORD PTR[((-16))+r15*8+rsi]
+       adc     rdx,0
+       add     rdi,r11
+       adc     rdx,0
+       mov     QWORD PTR[((-32))+r15*8+rsp],rdi
+       mov     r13,rdx
+       cmp     r15,r9
+       jl      $L$1st4x
+
+       mul     rbx
+       add     r10,rax
+       mov     rax,QWORD PTR[((-16))+r15*8+rcx]
+       adc     rdx,0
+       mov     r11,rdx
+
+       mul     rbp
+       add     r13,rax
+       mov     rax,QWORD PTR[((-8))+r15*8+rsi]
+       adc     rdx,0
+       add     r13,r10
+       adc     rdx,0
+       mov     QWORD PTR[((-24))+r15*8+rsp],r13
+       mov     rdi,rdx
+
+       mul     rbx
+       add     r11,rax
+       mov     rax,QWORD PTR[((-8))+r15*8+rcx]
+       adc     rdx,0
+       mov     r10,rdx
+
+       mul     rbp
+       add     rdi,rax
+       mov     rax,QWORD PTR[rsi]
+       adc     rdx,0
+       add     rdi,r11
+       adc     rdx,0
+       mov     QWORD PTR[((-16))+r15*8+rsp],rdi
+       mov     r13,rdx
+
+       xor     rdi,rdi
+       add     r13,r10
+       adc     rdi,0
+       mov     QWORD PTR[((-8))+r15*8+rsp],r13
+       mov     QWORD PTR[r15*8+rsp],rdi
+
+       lea     r14,QWORD PTR[1+r14]
+ALIGN  4
+$L$outer4x::
+       mov     rbx,QWORD PTR[r14*8+r12]
+       xor     r15,r15
+       mov     r10,QWORD PTR[rsp]
+       mov     rbp,r8
+       mul     rbx
+       add     r10,rax
+       mov     rax,QWORD PTR[rcx]
+       adc     rdx,0
+
+       imul    rbp,r10
+       mov     r11,rdx
+
+       mul     rbp
+       add     r10,rax
+       mov     rax,QWORD PTR[8+rsi]
+       adc     rdx,0
+       mov     rdi,rdx
+
+       mul     rbx
+       add     r11,rax
+       mov     rax,QWORD PTR[8+rcx]
+       adc     rdx,0
+       add     r11,QWORD PTR[8+rsp]
+       adc     rdx,0
+       mov     r10,rdx
+
+       mul     rbp
+       add     rdi,rax
+       mov     rax,QWORD PTR[16+rsi]
+       adc     rdx,0
+       add     rdi,r11
+       lea     r15,QWORD PTR[4+r15]
+       adc     rdx,0
+       mov     QWORD PTR[rsp],rdi
+       mov     r13,rdx
+       jmp     $L$inner4x
+ALIGN  16
+$L$inner4x::
+       mul     rbx
+       add     r10,rax
+       mov     rax,QWORD PTR[((-16))+r15*8+rcx]
+       adc     rdx,0
+       add     r10,QWORD PTR[((-16))+r15*8+rsp]
+       adc     rdx,0
+       mov     r11,rdx
+
+       mul     rbp
+       add     r13,rax
+       mov     rax,QWORD PTR[((-8))+r15*8+rsi]
+       adc     rdx,0
+       add     r13,r10
+       adc     rdx,0
+       mov     QWORD PTR[((-24))+r15*8+rsp],r13
+       mov     rdi,rdx
+
+       mul     rbx
+       add     r11,rax
+       mov     rax,QWORD PTR[((-8))+r15*8+rcx]
+       adc     rdx,0
+       add     r11,QWORD PTR[((-8))+r15*8+rsp]
+       adc     rdx,0
+       mov     r10,rdx
+
+       mul     rbp
+       add     rdi,rax
+       mov     rax,QWORD PTR[r15*8+rsi]
+       adc     rdx,0
+       add     rdi,r11
+       adc     rdx,0
+       mov     QWORD PTR[((-16))+r15*8+rsp],rdi
+       mov     r13,rdx
+
+       mul     rbx
+       add     r10,rax
+       mov     rax,QWORD PTR[r15*8+rcx]
+       adc     rdx,0
+       add     r10,QWORD PTR[r15*8+rsp]
+       adc     rdx,0
+       mov     r11,rdx
+
+       mul     rbp
+       add     r13,rax
+       mov     rax,QWORD PTR[8+r15*8+rsi]
+       adc     rdx,0
+       add     r13,r10
+       adc     rdx,0
+       mov     QWORD PTR[((-8))+r15*8+rsp],r13
+       mov     rdi,rdx
+
+       mul     rbx
+       add     r11,rax
+       mov     rax,QWORD PTR[8+r15*8+rcx]
+       adc     rdx,0
+       add     r11,QWORD PTR[8+r15*8+rsp]
+       adc     rdx,0
+       lea     r15,QWORD PTR[4+r15]
+       mov     r10,rdx
+
+       mul     rbp
+       add     rdi,rax
+       mov     rax,QWORD PTR[((-16))+r15*8+rsi]
+       adc     rdx,0
+       add     rdi,r11
+       adc     rdx,0
+       mov     QWORD PTR[((-32))+r15*8+rsp],rdi
+       mov     r13,rdx
+       cmp     r15,r9
+       jl      $L$inner4x
+
+       mul     rbx
+       add     r10,rax
+       mov     rax,QWORD PTR[((-16))+r15*8+rcx]
+       adc     rdx,0
+       add     r10,QWORD PTR[((-16))+r15*8+rsp]
+       adc     rdx,0
+       mov     r11,rdx
+
+       mul     rbp
+       add     r13,rax
+       mov     rax,QWORD PTR[((-8))+r15*8+rsi]
+       adc     rdx,0
+       add     r13,r10
+       adc     rdx,0
+       mov     QWORD PTR[((-24))+r15*8+rsp],r13
+       mov     rdi,rdx
+
+       mul     rbx
+       add     r11,rax
+       mov     rax,QWORD PTR[((-8))+r15*8+rcx]
+       adc     rdx,0
+       add     r11,QWORD PTR[((-8))+r15*8+rsp]
+       adc     rdx,0
+       lea     r14,QWORD PTR[1+r14]
+       mov     r10,rdx
+
+       mul     rbp
+       add     rdi,rax
+       mov     rax,QWORD PTR[rsi]
+       adc     rdx,0
+       add     rdi,r11
+       adc     rdx,0
+       mov     QWORD PTR[((-16))+r15*8+rsp],rdi
+       mov     r13,rdx
+
+       xor     rdi,rdi
+       add     r13,r10
+       adc     rdi,0
+       add     r13,QWORD PTR[r9*8+rsp]
+       adc     rdi,0
+       mov     QWORD PTR[((-8))+r15*8+rsp],r13
+       mov     QWORD PTR[r15*8+rsp],rdi
+
+       cmp     r14,r9
+       jl      $L$outer4x
+       mov     rdi,QWORD PTR[16+r9*8+rsp]
+       mov     rax,QWORD PTR[rsp]
+       pxor    xmm0,xmm0
+       mov     rdx,QWORD PTR[8+rsp]
+       shr     r9,2
+       lea     rsi,QWORD PTR[rsp]
+       xor     r14,r14
+
+       sub     rax,QWORD PTR[rcx]
+       mov     rbx,QWORD PTR[16+rsi]
+       mov     rbp,QWORD PTR[24+rsi]
+       sbb     rdx,QWORD PTR[8+rcx]
+       lea     r15,QWORD PTR[((-1))+r9]
+       jmp     $L$sub4x
+ALIGN  16
+$L$sub4x::
+       mov     QWORD PTR[r14*8+rdi],rax
+       mov     QWORD PTR[8+r14*8+rdi],rdx
+       sbb     rbx,QWORD PTR[16+r14*8+rcx]
+       mov     rax,QWORD PTR[32+r14*8+rsi]
+       mov     rdx,QWORD PTR[40+r14*8+rsi]
+       sbb     rbp,QWORD PTR[24+r14*8+rcx]
+       mov     QWORD PTR[16+r14*8+rdi],rbx
+       mov     QWORD PTR[24+r14*8+rdi],rbp
+       sbb     rax,QWORD PTR[32+r14*8+rcx]
+       mov     rbx,QWORD PTR[48+r14*8+rsi]
+       mov     rbp,QWORD PTR[56+r14*8+rsi]
+       sbb     rdx,QWORD PTR[40+r14*8+rcx]
+       lea     r14,QWORD PTR[4+r14]
+       dec     r15
+       jnz     $L$sub4x
+
+       mov     QWORD PTR[r14*8+rdi],rax
+       mov     rax,QWORD PTR[32+r14*8+rsi]
+       sbb     rbx,QWORD PTR[16+r14*8+rcx]
+       mov     QWORD PTR[8+r14*8+rdi],rdx
+       sbb     rbp,QWORD PTR[24+r14*8+rcx]
+       mov     QWORD PTR[16+r14*8+rdi],rbx
+
+       sbb     rax,0
+       mov     QWORD PTR[24+r14*8+rdi],rbp
+       xor     r14,r14
+       and     rsi,rax
+       not     rax
+       mov     rcx,rdi
+       and     rcx,rax
+       lea     r15,QWORD PTR[((-1))+r9]
+       or      rsi,rcx
+
+       movdqu  xmm1,XMMWORD PTR[rsi]
+       movdqa  XMMWORD PTR[rsp],xmm0
+       movdqu  XMMWORD PTR[rdi],xmm1
+       jmp     $L$copy4x
+ALIGN  16
+$L$copy4x::
+       movdqu  xmm2,XMMWORD PTR[16+r14*1+rsi]
+       movdqu  xmm1,XMMWORD PTR[32+r14*1+rsi]
+       movdqa  XMMWORD PTR[16+r14*1+rsp],xmm0
+       movdqu  XMMWORD PTR[16+r14*1+rdi],xmm2
+       movdqa  XMMWORD PTR[32+r14*1+rsp],xmm0
+       movdqu  XMMWORD PTR[32+r14*1+rdi],xmm1
+       lea     r14,QWORD PTR[32+r14]
+       dec     r15
+       jnz     $L$copy4x
+
+       shl     r9,2
+       movdqu  xmm2,XMMWORD PTR[16+r14*1+rsi]
+       movdqa  XMMWORD PTR[16+r14*1+rsp],xmm0
+       movdqu  XMMWORD PTR[16+r14*1+rdi],xmm2
+       mov     rsi,QWORD PTR[8+r9*8+rsp]
+       mov     rax,1
+       mov     r15,QWORD PTR[rsi]
+       mov     r14,QWORD PTR[8+rsi]
+       mov     r13,QWORD PTR[16+rsi]
+       mov     r12,QWORD PTR[24+rsi]
+       mov     rbp,QWORD PTR[32+rsi]
+       mov     rbx,QWORD PTR[40+rsi]
+       lea     rsp,QWORD PTR[48+rsi]
+$L$mul4x_epilogue::
+       mov     rdi,QWORD PTR[8+rsp]    ;WIN64 epilogue
+       mov     rsi,QWORD PTR[16+rsp]
+       DB      0F3h,0C3h               ;repret
+$L$SEH_end_bn_mul4x_mont::
+bn_mul4x_mont  ENDP
+
+ALIGN  16
+bn_sqr4x_mont  PROC PRIVATE
+       mov     QWORD PTR[8+rsp],rdi    ;WIN64 prologue
+       mov     QWORD PTR[16+rsp],rsi
+       mov     rax,rsp
+$L$SEH_begin_bn_sqr4x_mont::
+       mov     rdi,rcx
+       mov     rsi,rdx
+       mov     rdx,r8
+       mov     rcx,r9
+       mov     r8,QWORD PTR[40+rsp]
+       mov     r9,QWORD PTR[48+rsp]
+
+
+$L$sqr4x_enter::
        push    rbx
        push    rbp
        push    r12
@@ -24,151 +659,749 @@ $L$SEH_begin_bn_mul_mont::
        push    r14
        push    r15
 
-       mov     r9d,r9d
-       lea     r10,QWORD PTR[2+r9]
+       shl     r9d,3
+       xor     r10,r10
        mov     r11,rsp
-       neg     r10
-       lea     rsp,QWORD PTR[r10*8+rsp]
+       sub     r10,r9
+       mov     r8,QWORD PTR[r8]
+       lea     rsp,QWORD PTR[((-72))+r10*2+rsp]
        and     rsp,-1024
 
-       mov     QWORD PTR[8+r9*8+rsp],r11
-$L$prologue::
-       mov     r12,rdx
 
-       mov     r8,QWORD PTR[r8]
 
-       xor     r14,r14
-       xor     r15,r15
 
-       mov     rbx,QWORD PTR[r12]
-       mov     rax,QWORD PTR[rsi]
-       mul     rbx
-       mov     r10,rax
-       mov     r11,rdx
 
-       imul    rax,r8
-       mov     rbp,rax
 
-       mul     QWORD PTR[rcx]
-       add     rax,r10
-       adc     rdx,0
-       mov     r13,rdx
 
-       lea     r15,QWORD PTR[1+r15]
-$L$1st::
-       mov     rax,QWORD PTR[r15*8+rsi]
-       mul     rbx
-       add     rax,r11
-       adc     rdx,0
+
+
+
+
+       mov     QWORD PTR[32+rsp],rdi
+       mov     QWORD PTR[40+rsp],rcx
+       mov     QWORD PTR[48+rsp],r8
+       mov     QWORD PTR[56+rsp],r11
+$L$sqr4x_body::
+
+
+
+
+
+
+
+       lea     rbp,QWORD PTR[32+r10]
+       lea     rsi,QWORD PTR[r9*1+rsi]
+
+       mov     rcx,r9
+
+
+       mov     r14,QWORD PTR[((-32))+rbp*1+rsi]
+       lea     rdi,QWORD PTR[64+r9*2+rsp]
+       mov     rax,QWORD PTR[((-24))+rbp*1+rsi]
+       lea     rdi,QWORD PTR[((-32))+rbp*1+rdi]
+       mov     rbx,QWORD PTR[((-16))+rbp*1+rsi]
+       mov     r15,rax
+
+       mul     r14
        mov     r10,rax
-       mov     rax,QWORD PTR[r15*8+rcx]
+       mov     rax,rbx
        mov     r11,rdx
+       mov     QWORD PTR[((-24))+rbp*1+rdi],r10
 
-       mul     rbp
-       add     rax,r13
-       lea     r15,QWORD PTR[1+r15]
-       adc     rdx,0
-       add     rax,r10
-       adc     rdx,0
-       mov     QWORD PTR[((-16))+r15*8+rsp],rax
-       cmp     r15,r9
+       xor     r10,r10
+       mul     r14
+       add     r11,rax
+       mov     rax,rbx
+       adc     r10,rdx
+       mov     QWORD PTR[((-16))+rbp*1+rdi],r11
+
+       lea     rcx,QWORD PTR[((-16))+rbp]
+
+
+       mov     rbx,QWORD PTR[8+rcx*1+rsi]
+       mul     r15
+       mov     r12,rax
+       mov     rax,rbx
        mov     r13,rdx
-       jl      $L$1st
 
-       xor     rdx,rdx
+       xor     r11,r11
+       add     r10,r12
+       lea     rcx,QWORD PTR[16+rcx]
+       adc     r11,0
+       mul     r14
+       add     r10,rax
+       mov     rax,rbx
+       adc     r11,rdx
+       mov     QWORD PTR[((-8))+rcx*1+rdi],r10
+       jmp     $L$sqr4x_1st
+
+ALIGN  16
+$L$sqr4x_1st::
+       mov     rbx,QWORD PTR[rcx*1+rsi]
+       xor     r12,r12
+       mul     r15
+       add     r13,rax
+       mov     rax,rbx
+       adc     r12,rdx
+
+       xor     r10,r10
+       add     r11,r13
+       adc     r10,0
+       mul     r14
+       add     r11,rax
+       mov     rax,rbx
+       adc     r10,rdx
+       mov     QWORD PTR[rcx*1+rdi],r11
+
+
+       mov     rbx,QWORD PTR[8+rcx*1+rsi]
+       xor     r13,r13
+       mul     r15
+       add     r12,rax
+       mov     rax,rbx
+       adc     r13,rdx
+
+       xor     r11,r11
+       add     r10,r12
+       adc     r11,0
+       mul     r14
+       add     r10,rax
+       mov     rax,rbx
+       adc     r11,rdx
+       mov     QWORD PTR[8+rcx*1+rdi],r10
+
+       mov     rbx,QWORD PTR[16+rcx*1+rsi]
+       xor     r12,r12
+       mul     r15
+       add     r13,rax
+       mov     rax,rbx
+       adc     r12,rdx
+
+       xor     r10,r10
+       add     r11,r13
+       adc     r10,0
+       mul     r14
+       add     r11,rax
+       mov     rax,rbx
+       adc     r10,rdx
+       mov     QWORD PTR[16+rcx*1+rdi],r11
+
+
+       mov     rbx,QWORD PTR[24+rcx*1+rsi]
+       xor     r13,r13
+       mul     r15
+       add     r12,rax
+       mov     rax,rbx
+       adc     r13,rdx
+
+       xor     r11,r11
+       add     r10,r12
+       lea     rcx,QWORD PTR[32+rcx]
+       adc     r11,0
+       mul     r14
+       add     r10,rax
+       mov     rax,rbx
+       adc     r11,rdx
+       mov     QWORD PTR[((-8))+rcx*1+rdi],r10
+
+       cmp     rcx,0
+       jne     $L$sqr4x_1st
+
+       xor     r12,r12
        add     r13,r11
-       adc     rdx,0
-       mov     QWORD PTR[((-8))+r9*8+rsp],r13
-       mov     QWORD PTR[r9*8+rsp],rdx
+       adc     r12,0
+       mul     r15
+       add     r13,rax
+       adc     r12,rdx
 
-       lea     r14,QWORD PTR[1+r14]
-ALIGN  4
-$L$outer::
-       xor     r15,r15
+       mov     QWORD PTR[rdi],r13
+       lea     rbp,QWORD PTR[16+rbp]
+       mov     QWORD PTR[8+rdi],r12
+       jmp     $L$sqr4x_outer
 
-       mov     rbx,QWORD PTR[r14*8+r12]
-       mov     rax,QWORD PTR[rsi]
-       mul     rbx
-       add     rax,QWORD PTR[rsp]
-       adc     rdx,0
-       mov     r10,rax
-       mov     r11,rdx
+ALIGN  16
+$L$sqr4x_outer::
+       mov     r14,QWORD PTR[((-32))+rbp*1+rsi]
+       lea     rdi,QWORD PTR[64+r9*2+rsp]
+       mov     rax,QWORD PTR[((-24))+rbp*1+rsi]
+       lea     rdi,QWORD PTR[((-32))+rbp*1+rdi]
+       mov     rbx,QWORD PTR[((-16))+rbp*1+rsi]
+       mov     r15,rax
 
-       imul    rax,r8
-       mov     rbp,rax
+       mov     r10,QWORD PTR[((-24))+rbp*1+rdi]
+       xor     r11,r11
+       mul     r14
+       add     r10,rax
+       mov     rax,rbx
+       adc     r11,rdx
+       mov     QWORD PTR[((-24))+rbp*1+rdi],r10
 
-       mul     QWORD PTR[r15*8+rcx]
-       add     rax,r10
-       mov     r10,QWORD PTR[8+rsp]
-       adc     rdx,0
-       mov     r13,rdx
+       xor     r10,r10
+       add     r11,QWORD PTR[((-16))+rbp*1+rdi]
+       adc     r10,0
+       mul     r14
+       add     r11,rax
+       mov     rax,rbx
+       adc     r10,rdx
+       mov     QWORD PTR[((-16))+rbp*1+rdi],r11
 
-       lea     r15,QWORD PTR[1+r15]
-ALIGN  4
-$L$inner::
-       mov     rax,QWORD PTR[r15*8+rsi]
-       mul     rbx
-       add     rax,r11
-       adc     rdx,0
+       lea     rcx,QWORD PTR[((-16))+rbp]
+       xor     r12,r12
+
+
+       mov     rbx,QWORD PTR[8+rcx*1+rsi]
+       xor     r13,r13
+       add     r12,QWORD PTR[8+rcx*1+rdi]
+       adc     r13,0
+       mul     r15
+       add     r12,rax
+       mov     rax,rbx
+       adc     r13,rdx
+
+       xor     r11,r11
+       add     r10,r12
+       adc     r11,0
+       mul     r14
        add     r10,rax
-       mov     rax,QWORD PTR[r15*8+rcx]
-       adc     rdx,0
-       mov     r11,rdx
+       mov     rax,rbx
+       adc     r11,rdx
+       mov     QWORD PTR[8+rcx*1+rdi],r10
 
-       mul     rbp
-       add     rax,r13
-       lea     r15,QWORD PTR[1+r15]
-       adc     rdx,0
-       add     rax,r10
+       lea     rcx,QWORD PTR[16+rcx]
+       jmp     $L$sqr4x_inner
+
+ALIGN  16
+$L$sqr4x_inner::
+       mov     rbx,QWORD PTR[rcx*1+rsi]
+       xor     r12,r12
+       add     r13,QWORD PTR[rcx*1+rdi]
+       adc     r12,0
+       mul     r15
+       add     r13,rax
+       mov     rax,rbx
+       adc     r12,rdx
+
+       xor     r10,r10
+       add     r11,r13
+       adc     r10,0
+       mul     r14
+       add     r11,rax
+       mov     rax,rbx
+       adc     r10,rdx
+       mov     QWORD PTR[rcx*1+rdi],r11
+
+       mov     rbx,QWORD PTR[8+rcx*1+rsi]
+       xor     r13,r13
+       add     r12,QWORD PTR[8+rcx*1+rdi]
+       adc     r13,0
+       mul     r15
+       add     r12,rax
+       mov     rax,rbx
+       adc     r13,rdx
+
+       xor     r11,r11
+       add     r10,r12
+       lea     rcx,QWORD PTR[16+rcx]
+       adc     r11,0
+       mul     r14
+       add     r10,rax
+       mov     rax,rbx
+       adc     r11,rdx
+       mov     QWORD PTR[((-8))+rcx*1+rdi],r10
+
+       cmp     rcx,0
+       jne     $L$sqr4x_inner
+
+       xor     r12,r12
+       add     r13,r11
+       adc     r12,0
+       mul     r15
+       add     r13,rax
+       adc     r12,rdx
+
+       mov     QWORD PTR[rdi],r13
+       mov     QWORD PTR[8+rdi],r12
+
+       add     rbp,16
+       jnz     $L$sqr4x_outer
+
+
+       mov     r14,QWORD PTR[((-32))+rsi]
+       lea     rdi,QWORD PTR[64+r9*2+rsp]
+       mov     rax,QWORD PTR[((-24))+rsi]
+       lea     rdi,QWORD PTR[((-32))+rbp*1+rdi]
+       mov     rbx,QWORD PTR[((-16))+rsi]
+       mov     r15,rax
+
+       xor     r11,r11
+       mul     r14
+       add     r10,rax
+       mov     rax,rbx
+       adc     r11,rdx
+       mov     QWORD PTR[((-24))+rdi],r10
+
+       xor     r10,r10
+       add     r11,r13
+       adc     r10,0
+       mul     r14
+       add     r11,rax
+       mov     rax,rbx
+       adc     r10,rdx
+       mov     QWORD PTR[((-16))+rdi],r11
+
+       mov     rbx,QWORD PTR[((-8))+rsi]
+       mul     r15
+       add     r12,rax
+       mov     rax,rbx
        adc     rdx,0
-       mov     r10,QWORD PTR[r15*8+rsp]
-       cmp     r15,r9
-       mov     QWORD PTR[((-16))+r15*8+rsp],rax
+
+       xor     r11,r11
+       add     r10,r12
        mov     r13,rdx
-       jl      $L$inner
+       adc     r11,0
+       mul     r14
+       add     r10,rax
+       mov     rax,rbx
+       adc     r11,rdx
+       mov     QWORD PTR[((-8))+rdi],r10
 
-       xor     rdx,rdx
+       xor     r12,r12
        add     r13,r11
+       adc     r12,0
+       mul     r15
+       add     r13,rax
+       mov     rax,QWORD PTR[((-16))+rsi]
+       adc     r12,rdx
+
+       mov     QWORD PTR[rdi],r13
+       mov     QWORD PTR[8+rdi],r12
+
+       mul     rbx
+       add     rbp,16
+       xor     r14,r14
+       sub     rbp,r9
+       xor     r15,r15
+
+       add     rax,r12
        adc     rdx,0
+       mov     QWORD PTR[8+rdi],rax
+       mov     QWORD PTR[16+rdi],rdx
+       mov     QWORD PTR[24+rdi],r15
+
+       mov     rax,QWORD PTR[((-16))+rbp*1+rsi]
+       lea     rdi,QWORD PTR[64+r9*2+rsp]
+       xor     r10,r10
+       mov     r11,QWORD PTR[((-24))+rbp*2+rdi]
+
+       lea     r12,QWORD PTR[r10*2+r14]
+       shr     r10,63
+       lea     r13,QWORD PTR[r11*2+rcx]
+       shr     r11,63
+       or      r13,r10
+       mov     r10,QWORD PTR[((-16))+rbp*2+rdi]
+       mov     r14,r11
+       mul     rax
+       neg     r15
+       mov     r11,QWORD PTR[((-8))+rbp*2+rdi]
+       adc     r12,rax
+       mov     rax,QWORD PTR[((-8))+rbp*1+rsi]
+       mov     QWORD PTR[((-32))+rbp*2+rdi],r12
+       adc     r13,rdx
+
+       lea     rbx,QWORD PTR[r10*2+r14]
+       mov     QWORD PTR[((-24))+rbp*2+rdi],r13
+       sbb     r15,r15
+       shr     r10,63
+       lea     r8,QWORD PTR[r11*2+rcx]
+       shr     r11,63
+       or      r8,r10
+       mov     r10,QWORD PTR[rbp*2+rdi]
+       mov     r14,r11
+       mul     rax
+       neg     r15
+       mov     r11,QWORD PTR[8+rbp*2+rdi]
+       adc     rbx,rax
+       mov     rax,QWORD PTR[rbp*1+rsi]
+       mov     QWORD PTR[((-16))+rbp*2+rdi],rbx
+       adc     r8,rdx
+       lea     rbp,QWORD PTR[16+rbp]
+       mov     QWORD PTR[((-40))+rbp*2+rdi],r8
+       sbb     r15,r15
+       jmp     $L$sqr4x_shift_n_add
+
+ALIGN  16
+$L$sqr4x_shift_n_add::
+       lea     r12,QWORD PTR[r10*2+r14]
+       shr     r10,63
+       lea     r13,QWORD PTR[r11*2+rcx]
+       shr     r11,63
+       or      r13,r10
+       mov     r10,QWORD PTR[((-16))+rbp*2+rdi]
+       mov     r14,r11
+       mul     rax
+       neg     r15
+       mov     r11,QWORD PTR[((-8))+rbp*2+rdi]
+       adc     r12,rax
+       mov     rax,QWORD PTR[((-8))+rbp*1+rsi]
+       mov     QWORD PTR[((-32))+rbp*2+rdi],r12
+       adc     r13,rdx
+
+       lea     rbx,QWORD PTR[r10*2+r14]
+       mov     QWORD PTR[((-24))+rbp*2+rdi],r13
+       sbb     r15,r15
+       shr     r10,63
+       lea     r8,QWORD PTR[r11*2+rcx]
+       shr     r11,63
+       or      r8,r10
+       mov     r10,QWORD PTR[rbp*2+rdi]
+       mov     r14,r11
+       mul     rax
+       neg     r15
+       mov     r11,QWORD PTR[8+rbp*2+rdi]
+       adc     rbx,rax
+       mov     rax,QWORD PTR[rbp*1+rsi]
+       mov     QWORD PTR[((-16))+rbp*2+rdi],rbx
+       adc     r8,rdx
+
+       lea     r12,QWORD PTR[r10*2+r14]
+       mov     QWORD PTR[((-8))+rbp*2+rdi],r8
+       sbb     r15,r15
+       shr     r10,63
+       lea     r13,QWORD PTR[r11*2+rcx]
+       shr     r11,63
+       or      r13,r10
+       mov     r10,QWORD PTR[16+rbp*2+rdi]
+       mov     r14,r11
+       mul     rax
+       neg     r15
+       mov     r11,QWORD PTR[24+rbp*2+rdi]
+       adc     r12,rax
+       mov     rax,QWORD PTR[8+rbp*1+rsi]
+       mov     QWORD PTR[rbp*2+rdi],r12
+       adc     r13,rdx
+
+       lea     rbx,QWORD PTR[r10*2+r14]
+       mov     QWORD PTR[8+rbp*2+rdi],r13
+       sbb     r15,r15
+       shr     r10,63
+       lea     r8,QWORD PTR[r11*2+rcx]
+       shr     r11,63
+       or      r8,r10
+       mov     r10,QWORD PTR[32+rbp*2+rdi]
+       mov     r14,r11
+       mul     rax
+       neg     r15
+       mov     r11,QWORD PTR[40+rbp*2+rdi]
+       adc     rbx,rax
+       mov     rax,QWORD PTR[16+rbp*1+rsi]
+       mov     QWORD PTR[16+rbp*2+rdi],rbx
+       adc     r8,rdx
+       mov     QWORD PTR[24+rbp*2+rdi],r8
+       sbb     r15,r15
+       add     rbp,32
+       jnz     $L$sqr4x_shift_n_add
+
+       lea     r12,QWORD PTR[r10*2+r14]
+       shr     r10,63
+       lea     r13,QWORD PTR[r11*2+rcx]
+       shr     r11,63
+       or      r13,r10
+       mov     r10,QWORD PTR[((-16))+rdi]
+       mov     r14,r11
+       mul     rax
+       neg     r15
+       mov     r11,QWORD PTR[((-8))+rdi]
+       adc     r12,rax
+       mov     rax,QWORD PTR[((-8))+rsi]
+       mov     QWORD PTR[((-32))+rdi],r12
+       adc     r13,rdx
+
+       lea     rbx,QWORD PTR[r10*2+r14]
+       mov     QWORD PTR[((-24))+rdi],r13
+       sbb     r15,r15
+       shr     r10,63
+       lea     r8,QWORD PTR[r11*2+rcx]
+       shr     r11,63
+       or      r8,r10
+       mul     rax
+       neg     r15
+       adc     rbx,rax
+       adc     r8,rdx
+       mov     QWORD PTR[((-16))+rdi],rbx
+       mov     QWORD PTR[((-8))+rdi],r8
+       mov     rsi,QWORD PTR[40+rsp]
+       mov     r8,QWORD PTR[48+rsp]
+       xor     rcx,rcx
+       mov     QWORD PTR[rsp],r9
+       sub     rcx,r9
+       mov     r10,QWORD PTR[64+rsp]
+       mov     r14,r8
+       lea     rax,QWORD PTR[64+r9*2+rsp]
+       lea     rdi,QWORD PTR[64+r9*1+rsp]
+       mov     QWORD PTR[8+rsp],rax
+       lea     rsi,QWORD PTR[r9*1+rsi]
+       xor     rbp,rbp
+
+       mov     rax,QWORD PTR[rcx*1+rsi]
+       mov     r9,QWORD PTR[8+rcx*1+rsi]
+       imul    r14,r10
+       mov     rbx,rax
+       jmp     $L$sqr4x_mont_outer
+
+ALIGN  16
+$L$sqr4x_mont_outer::
+       xor     r11,r11
+       mul     r14
+       add     r10,rax
+       mov     rax,r9
+       adc     r11,rdx
+       mov     r15,r8
+
+       xor     r10,r10
+       add     r11,QWORD PTR[8+rcx*1+rdi]
+       adc     r10,0
+       mul     r14
+       add     r11,rax
+       mov     rax,rbx
+       adc     r10,rdx
+
+       imul    r15,r11
+
+       mov     rbx,QWORD PTR[16+rcx*1+rsi]
+       xor     r13,r13
+       add     r12,r11
+       adc     r13,0
+       mul     r15
+       add     r12,rax
+       mov     rax,rbx
+       adc     r13,rdx
+       mov     QWORD PTR[8+rcx*1+rdi],r12
+
+       xor     r11,r11
+       add     r10,QWORD PTR[16+rcx*1+rdi]
+       adc     r11,0
+       mul     r14
+       add     r10,rax
+       mov     rax,r9
+       adc     r11,rdx
+
+       mov     r9,QWORD PTR[24+rcx*1+rsi]
+       xor     r12,r12
        add     r13,r10
-       adc     rdx,0
-       mov     QWORD PTR[((-8))+r9*8+rsp],r13
-       mov     QWORD PTR[r9*8+rsp],rdx
+       adc     r12,0
+       mul     r15
+       add     r13,rax
+       mov     rax,r9
+       adc     r12,rdx
+       mov     QWORD PTR[16+rcx*1+rdi],r13
 
-       lea     r14,QWORD PTR[1+r14]
-       cmp     r14,r9
-       jl      $L$outer
+       xor     r10,r10
+       add     r11,QWORD PTR[24+rcx*1+rdi]
+       lea     rcx,QWORD PTR[32+rcx]
+       adc     r10,0
+       mul     r14
+       add     r11,rax
+       mov     rax,rbx
+       adc     r10,rdx
+       jmp     $L$sqr4x_mont_inner
 
-       lea     rsi,QWORD PTR[rsp]
-       lea     r15,QWORD PTR[((-1))+r9]
+ALIGN  16
+$L$sqr4x_mont_inner::
+       mov     rbx,QWORD PTR[rcx*1+rsi]
+       xor     r13,r13
+       add     r12,r11
+       adc     r13,0
+       mul     r15
+       add     r12,rax
+       mov     rax,rbx
+       adc     r13,rdx
+       mov     QWORD PTR[((-8))+rcx*1+rdi],r12
 
-       mov     rax,QWORD PTR[rsi]
-       xor     r14,r14
-       jmp     $L$sub
+       xor     r11,r11
+       add     r10,QWORD PTR[rcx*1+rdi]
+       adc     r11,0
+       mul     r14
+       add     r10,rax
+       mov     rax,r9
+       adc     r11,rdx
+
+       mov     r9,QWORD PTR[8+rcx*1+rsi]
+       xor     r12,r12
+       add     r13,r10
+       adc     r12,0
+       mul     r15
+       add     r13,rax
+       mov     rax,r9
+       adc     r12,rdx
+       mov     QWORD PTR[rcx*1+rdi],r13
+
+       xor     r10,r10
+       add     r11,QWORD PTR[8+rcx*1+rdi]
+       adc     r10,0
+       mul     r14
+       add     r11,rax
+       mov     rax,rbx
+       adc     r10,rdx
+
+
+       mov     rbx,QWORD PTR[16+rcx*1+rsi]
+       xor     r13,r13
+       add     r12,r11
+       adc     r13,0
+       mul     r15
+       add     r12,rax
+       mov     rax,rbx
+       adc     r13,rdx
+       mov     QWORD PTR[8+rcx*1+rdi],r12
+
+       xor     r11,r11
+       add     r10,QWORD PTR[16+rcx*1+rdi]
+       adc     r11,0
+       mul     r14
+       add     r10,rax
+       mov     rax,r9
+       adc     r11,rdx
+
+       mov     r9,QWORD PTR[24+rcx*1+rsi]
+       xor     r12,r12
+       add     r13,r10
+       adc     r12,0
+       mul     r15
+       add     r13,rax
+       mov     rax,r9
+       adc     r12,rdx
+       mov     QWORD PTR[16+rcx*1+rdi],r13
+
+       xor     r10,r10
+       add     r11,QWORD PTR[24+rcx*1+rdi]
+       lea     rcx,QWORD PTR[32+rcx]
+       adc     r10,0
+       mul     r14
+       add     r11,rax
+       mov     rax,rbx
+       adc     r10,rdx
+       cmp     rcx,0
+       jne     $L$sqr4x_mont_inner
+
+       sub     rcx,QWORD PTR[rsp]
+       mov     r14,r8
+
+       xor     r13,r13
+       add     r12,r11
+       adc     r13,0
+       mul     r15
+       add     r12,rax
+       mov     rax,r9
+       adc     r13,rdx
+       mov     QWORD PTR[((-8))+rdi],r12
+
+       xor     r11,r11
+       add     r10,QWORD PTR[rdi]
+       adc     r11,0
+       mov     rbx,QWORD PTR[rcx*1+rsi]
+       add     r10,rbp
+       adc     r11,0
+
+       imul    r14,QWORD PTR[16+rcx*1+rdi]
+       xor     r12,r12
+       mov     r9,QWORD PTR[8+rcx*1+rsi]
+       add     r13,r10
+       mov     r10,QWORD PTR[16+rcx*1+rdi]
+       adc     r12,0
+       mul     r15
+       add     r13,rax
+       mov     rax,rbx
+       adc     r12,rdx
+       mov     QWORD PTR[rdi],r13
+
+       xor     rbp,rbp
+       add     r12,QWORD PTR[8+rdi]
+       adc     rbp,rbp
+       add     r12,r11
+       lea     rdi,QWORD PTR[16+rdi]
+       adc     rbp,0
+       mov     QWORD PTR[((-8))+rdi],r12
+       cmp     rdi,QWORD PTR[8+rsp]
+       jb      $L$sqr4x_mont_outer
+
+       mov     r9,QWORD PTR[rsp]
+       mov     QWORD PTR[rdi],rbp
+       mov     rax,QWORD PTR[64+r9*1+rsp]
+       lea     rbx,QWORD PTR[64+r9*1+rsp]
+       mov     rsi,QWORD PTR[40+rsp]
+       shr     r9,5
+       mov     rdx,QWORD PTR[8+rbx]
+       xor     rbp,rbp
+
+       mov     rdi,QWORD PTR[32+rsp]
+       sub     rax,QWORD PTR[rsi]
+       mov     r10,QWORD PTR[16+rbx]
+       mov     r11,QWORD PTR[24+rbx]
+       sbb     rdx,QWORD PTR[8+rsi]
+       lea     rcx,QWORD PTR[((-1))+r9]
+       jmp     $L$sqr4x_sub
 ALIGN  16
-$L$sub::       sbb     rax,QWORD PTR[r14*8+rcx]
-       mov     QWORD PTR[r14*8+rdi],rax
-       dec     r15
-       mov     rax,QWORD PTR[8+r14*8+rsi]
-       lea     r14,QWORD PTR[1+r14]
-       jge     $L$sub
+$L$sqr4x_sub::
+       mov     QWORD PTR[rbp*8+rdi],rax
+       mov     QWORD PTR[8+rbp*8+rdi],rdx
+       sbb     r10,QWORD PTR[16+rbp*8+rsi]
+       mov     rax,QWORD PTR[32+rbp*8+rbx]
+       mov     rdx,QWORD PTR[40+rbp*8+rbx]
+       sbb     r11,QWORD PTR[24+rbp*8+rsi]
+       mov     QWORD PTR[16+rbp*8+rdi],r10
+       mov     QWORD PTR[24+rbp*8+rdi],r11
+       sbb     rax,QWORD PTR[32+rbp*8+rsi]
+       mov     r10,QWORD PTR[48+rbp*8+rbx]
+       mov     r11,QWORD PTR[56+rbp*8+rbx]
+       sbb     rdx,QWORD PTR[40+rbp*8+rsi]
+       lea     rbp,QWORD PTR[4+rbp]
+       dec     rcx
+       jnz     $L$sqr4x_sub
+
+       mov     QWORD PTR[rbp*8+rdi],rax
+       mov     rax,QWORD PTR[32+rbp*8+rbx]
+       sbb     r10,QWORD PTR[16+rbp*8+rsi]
+       mov     QWORD PTR[8+rbp*8+rdi],rdx
+       sbb     r11,QWORD PTR[24+rbp*8+rsi]
+       mov     QWORD PTR[16+rbp*8+rdi],r10
 
        sbb     rax,0
-       and     rsi,rax
+       mov     QWORD PTR[24+rbp*8+rdi],r11
+       xor     rbp,rbp
+       and     rbx,rax
        not     rax
-       mov     rcx,rdi
-       and     rcx,rax
-       lea     r15,QWORD PTR[((-1))+r9]
-       or      rsi,rcx
+       mov     rsi,rdi
+       and     rsi,rax
+       lea     rcx,QWORD PTR[((-1))+r9]
+       or      rbx,rsi
+
+       pxor    xmm0,xmm0
+       lea     rsi,QWORD PTR[64+r9*8+rsp]
+       movdqu  xmm1,XMMWORD PTR[rbx]
+       lea     rsi,QWORD PTR[r9*8+rsi]
+       movdqa  XMMWORD PTR[64+rsp],xmm0
+       movdqa  XMMWORD PTR[rsi],xmm0
+       movdqu  XMMWORD PTR[rdi],xmm1
+       jmp     $L$sqr4x_copy
 ALIGN  16
-$L$copy::
-       mov     rax,QWORD PTR[r15*8+rsi]
-       mov     QWORD PTR[r15*8+rdi],rax
-       mov     QWORD PTR[r15*8+rsp],r14
-       dec     r15
-       jge     $L$copy
+$L$sqr4x_copy::
+       movdqu  xmm2,XMMWORD PTR[16+rbp*1+rbx]
+       movdqu  xmm1,XMMWORD PTR[32+rbp*1+rbx]
+       movdqa  XMMWORD PTR[80+rbp*1+rsp],xmm0
+       movdqa  XMMWORD PTR[96+rbp*1+rsp],xmm0
+       movdqa  XMMWORD PTR[16+rbp*1+rsi],xmm0
+       movdqa  XMMWORD PTR[32+rbp*1+rsi],xmm0
+       movdqu  XMMWORD PTR[16+rbp*1+rdi],xmm2
+       movdqu  XMMWORD PTR[32+rbp*1+rdi],xmm1
+       lea     rbp,QWORD PTR[32+rbp]
+       dec     rcx
+       jnz     $L$sqr4x_copy
 
-       mov     rsi,QWORD PTR[8+r9*8+rsp]
+       movdqu  xmm2,XMMWORD PTR[16+rbp*1+rbx]
+       movdqa  XMMWORD PTR[80+rbp*1+rsp],xmm0
+       movdqa  XMMWORD PTR[16+rbp*1+rsi],xmm0
+       movdqu  XMMWORD PTR[16+rbp*1+rdi],xmm2
+       mov     rsi,QWORD PTR[56+rsp]
        mov     rax,1
        mov     r15,QWORD PTR[rsi]
        mov     r14,QWORD PTR[8+rsi]
@@ -177,12 +1410,12 @@ $L$copy::
        mov     rbp,QWORD PTR[32+rsi]
        mov     rbx,QWORD PTR[40+rsi]
        lea     rsp,QWORD PTR[48+rsi]
-$L$epilogue::
+$L$sqr4x_epilogue::
        mov     rdi,QWORD PTR[8+rsp]    ;WIN64 epilogue
        mov     rsi,QWORD PTR[16+rsp]
        DB      0F3h,0C3h               ;repret
-$L$SEH_end_bn_mul_mont::
-bn_mul_mont    ENDP
+$L$SEH_end_bn_sqr4x_mont::
+bn_sqr4x_mont  ENDP
 DB     77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105
 DB     112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56
 DB     54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83
@@ -192,7 +1425,7 @@ ALIGN      16
 EXTERN __imp_RtlVirtualUnwind:NEAR
 
 ALIGN  16
-se_handler     PROC PRIVATE
+mul_handler    PROC PRIVATE
        push    rsi
        push    rdi
        push    rbx
@@ -207,15 +1440,20 @@ se_handler       PROC PRIVATE
        mov     rax,QWORD PTR[120+r8]
        mov     rbx,QWORD PTR[248+r8]
 
-       lea     r10,QWORD PTR[$L$prologue]
+       mov     rsi,QWORD PTR[8+r9]
+       mov     r11,QWORD PTR[56+r9]
+
+       mov     r10d,DWORD PTR[r11]
+       lea     r10,QWORD PTR[r10*1+rsi]
        cmp     rbx,r10
-       jb      $L$in_prologue
+       jb      $L$common_seh_tail
 
        mov     rax,QWORD PTR[152+r8]
 
-       lea     r10,QWORD PTR[$L$epilogue]
+       mov     r10d,DWORD PTR[4+r11]
+       lea     r10,QWORD PTR[r10*1+rsi]
        cmp     rbx,r10
-       jae     $L$in_prologue
+       jae     $L$common_seh_tail
 
        mov     r10,QWORD PTR[192+r8]
        mov     rax,QWORD PTR[8+r10*8+rax]
@@ -234,7 +1472,53 @@ se_handler        PROC PRIVATE
        mov     QWORD PTR[232+r8],r14
        mov     QWORD PTR[240+r8],r15
 
-$L$in_prologue::
+       jmp     $L$common_seh_tail
+mul_handler    ENDP
+
+
+ALIGN  16
+sqr_handler    PROC PRIVATE
+       push    rsi
+       push    rdi
+       push    rbx
+       push    rbp
+       push    r12
+       push    r13
+       push    r14
+       push    r15
+       pushfq
+       sub     rsp,64
+
+       mov     rax,QWORD PTR[120+r8]
+       mov     rbx,QWORD PTR[248+r8]
+
+       lea     r10,QWORD PTR[$L$sqr4x_body]
+       cmp     rbx,r10
+       jb      $L$common_seh_tail
+
+       mov     rax,QWORD PTR[152+r8]
+
+       lea     r10,QWORD PTR[$L$sqr4x_epilogue]
+       cmp     rbx,r10
+       jae     $L$common_seh_tail
+
+       mov     rax,QWORD PTR[56+rax]
+       lea     rax,QWORD PTR[48+rax]
+
+       mov     rbx,QWORD PTR[((-8))+rax]
+       mov     rbp,QWORD PTR[((-16))+rax]
+       mov     r12,QWORD PTR[((-24))+rax]
+       mov     r13,QWORD PTR[((-32))+rax]
+       mov     r14,QWORD PTR[((-40))+rax]
+       mov     r15,QWORD PTR[((-48))+rax]
+       mov     QWORD PTR[144+r8],rbx
+       mov     QWORD PTR[160+r8],rbp
+       mov     QWORD PTR[216+r8],r12
+       mov     QWORD PTR[224+r8],r13
+       mov     QWORD PTR[232+r8],r14
+       mov     QWORD PTR[240+r8],r15
+
+$L$common_seh_tail::
        mov     rdi,QWORD PTR[8+rax]
        mov     rsi,QWORD PTR[16+rax]
        mov     QWORD PTR[152+r8],rax
@@ -273,7 +1557,7 @@ $L$in_prologue::
        pop     rdi
        pop     rsi
        DB      0F3h,0C3h               ;repret
-se_handler     ENDP
+sqr_handler    ENDP
 
 .text$ ENDS
 .pdata SEGMENT READONLY ALIGN(4)
@@ -282,12 +1566,30 @@ ALIGN    4
        DD      imagerel $L$SEH_end_bn_mul_mont
        DD      imagerel $L$SEH_info_bn_mul_mont
 
+       DD      imagerel $L$SEH_begin_bn_mul4x_mont
+       DD      imagerel $L$SEH_end_bn_mul4x_mont
+       DD      imagerel $L$SEH_info_bn_mul4x_mont
+
+       DD      imagerel $L$SEH_begin_bn_sqr4x_mont
+       DD      imagerel $L$SEH_end_bn_sqr4x_mont
+       DD      imagerel $L$SEH_info_bn_sqr4x_mont
+
 .pdata ENDS
 .xdata SEGMENT READONLY ALIGN(8)
 ALIGN  8
 $L$SEH_info_bn_mul_mont::
 DB     9,0,0,0
-       DD      imagerel se_handler
+       DD      imagerel mul_handler
+       DD      imagerel $L$mul_body,imagerel $L$mul_epilogue
+
+$L$SEH_info_bn_mul4x_mont::
+DB     9,0,0,0
+       DD      imagerel mul_handler
+       DD      imagerel $L$mul4x_body,imagerel $L$mul4x_epilogue
+
+$L$SEH_info_bn_sqr4x_mont::
+DB     9,0,0,0
+       DD      imagerel sqr_handler
 
 .xdata ENDS
 END

diff --git a/deps/openssl/asm/x64-win32-masm/camellia/cmll-x86_64.asm b/deps/openssl/asm/x64-win32-masm/camellia/cmll-x86_64.asm
index a5913da..0ea789b 100644 (file)
--- a/deps/openssl/asm/x64-win32-masm/camellia/cmll-x86_64.asm
+++ b/deps/openssl/asm/x64-win32-masm/camellia/cmll-x86_64.asm
@@ -250,7 +250,7 @@ $L$eloop::
        xor     r8d,ecx
        xor     r9d,ecx
        xor     r9d,edx
-       lea     r14,QWORD PTR[((16*4))+r14]
+       lea     r14,QWORD PTR[64+r14]
        cmp     r14,r15
        mov     edx,DWORD PTR[8+r14]
        mov     ecx,DWORD PTR[12+r14]
@@ -533,7 +533,7 @@ $L$dloop::
        xor     r8d,ecx
        xor     r9d,ecx
        xor     r9d,edx
-       lea     r14,QWORD PTR[((-16*4))+r14]
+       lea     r14,QWORD PTR[((-64))+r14]
        cmp     r14,r15
        mov     edx,DWORD PTR[r14]
        mov     ecx,DWORD PTR[4+r14]

diff --git a/deps/openssl/asm/x64-win32-masm/md5/md5-x86_64.asm b/deps/openssl/asm/x64-win32-masm/md5/md5-x86_64.asm
index 34305c6..8ddad41 100644 (file)
--- a/deps/openssl/asm/x64-win32-masm/md5/md5-x86_64.asm
+++ b/deps/openssl/asm/x64-win32-masm/md5/md5-x86_64.asm
@@ -27,10 +27,10 @@ $L$prologue::
        mov     rbp,rdi
        shl     rdx,6
        lea     rdi,QWORD PTR[rdx*1+rsi]
-       mov     eax,DWORD PTR[((0*4))+rbp]
-       mov     ebx,DWORD PTR[((1*4))+rbp]
-       mov     ecx,DWORD PTR[((2*4))+rbp]
-       mov     edx,DWORD PTR[((3*4))+rbp]
+       mov     eax,DWORD PTR[rbp]
+       mov     ebx,DWORD PTR[4+rbp]
+       mov     ecx,DWORD PTR[8+rbp]
+       mov     edx,DWORD PTR[12+rbp]
 
 
 
@@ -48,160 +48,160 @@ $L$loop::
        mov     r9d,ebx
        mov     r14d,ecx
        mov     r15d,edx
-       mov     r10d,DWORD PTR[((0*4))+rsi]
+       mov     r10d,DWORD PTR[rsi]
        mov     r11d,edx
        xor     r11d,ecx
-       lea     eax,DWORD PTR[0d76aa478h+r10*1+rax]
+       lea     eax,DWORD PTR[((-680876936))+r10*1+rax]
        and     r11d,ebx
        xor     r11d,edx
-       mov     r10d,DWORD PTR[((1*4))+rsi]
+       mov     r10d,DWORD PTR[4+rsi]
        add     eax,r11d
        rol     eax,7
        mov     r11d,ecx
        add     eax,ebx
        xor     r11d,ebx
-       lea     edx,DWORD PTR[0e8c7b756h+r10*1+rdx]
+       lea     edx,DWORD PTR[((-389564586))+r10*1+rdx]
        and     r11d,eax
        xor     r11d,ecx
-       mov     r10d,DWORD PTR[((2*4))+rsi]
+       mov     r10d,DWORD PTR[8+rsi]
        add     edx,r11d
        rol     edx,12
        mov     r11d,ebx
        add     edx,eax
        xor     r11d,eax
-       lea     ecx,DWORD PTR[0242070dbh+r10*1+rcx]
+       lea     ecx,DWORD PTR[606105819+r10*1+rcx]
        and     r11d,edx
        xor     r11d,ebx
-       mov     r10d,DWORD PTR[((3*4))+rsi]
+       mov     r10d,DWORD PTR[12+rsi]
        add     ecx,r11d
        rol     ecx,17
        mov     r11d,eax
        add     ecx,edx
        xor     r11d,edx
-       lea     ebx,DWORD PTR[0c1bdceeeh+r10*1+rbx]
+       lea     ebx,DWORD PTR[((-1044525330))+r10*1+rbx]
        and     r11d,ecx
        xor     r11d,eax
-       mov     r10d,DWORD PTR[((4*4))+rsi]
+       mov     r10d,DWORD PTR[16+rsi]
        add     ebx,r11d
        rol     ebx,22
        mov     r11d,edx
        add     ebx,ecx
        xor     r11d,ecx
-       lea     eax,DWORD PTR[0f57c0fafh+r10*1+rax]
+       lea     eax,DWORD PTR[((-176418897))+r10*1+rax]
        and     r11d,ebx
        xor     r11d,edx
-       mov     r10d,DWORD PTR[((5*4))+rsi]
+       mov     r10d,DWORD PTR[20+rsi]
        add     eax,r11d
        rol     eax,7
        mov     r11d,ecx
        add     eax,ebx
        xor     r11d,ebx
-       lea     edx,DWORD PTR[04787c62ah+r10*1+rdx]
+       lea     edx,DWORD PTR[1200080426+r10*1+rdx]
        and     r11d,eax
        xor     r11d,ecx
-       mov     r10d,DWORD PTR[((6*4))+rsi]
+       mov     r10d,DWORD PTR[24+rsi]
        add     edx,r11d
        rol     edx,12
        mov     r11d,ebx
        add     edx,eax
        xor     r11d,eax
-       lea     ecx,DWORD PTR[0a8304613h+r10*1+rcx]
+       lea     ecx,DWORD PTR[((-1473231341))+r10*1+rcx]
        and     r11d,edx
        xor     r11d,ebx
-       mov     r10d,DWORD PTR[((7*4))+rsi]
+       mov     r10d,DWORD PTR[28+rsi]
        add     ecx,r11d
        rol     ecx,17
        mov     r11d,eax
        add     ecx,edx
        xor     r11d,edx
-       lea     ebx,DWORD PTR[0fd469501h+r10*1+rbx]
+       lea     ebx,DWORD PTR[((-45705983))+r10*1+rbx]
        and     r11d,ecx
        xor     r11d,eax
-       mov     r10d,DWORD PTR[((8*4))+rsi]
+       mov     r10d,DWORD PTR[32+rsi]
        add     ebx,r11d
        rol     ebx,22
        mov     r11d,edx
        add     ebx,ecx
        xor     r11d,ecx
-       lea     eax,DWORD PTR[0698098d8h+r10*1+rax]
+       lea     eax,DWORD PTR[1770035416+r10*1+rax]
        and     r11d,ebx
        xor     r11d,edx
-       mov     r10d,DWORD PTR[((9*4))+rsi]
+       mov     r10d,DWORD PTR[36+rsi]
        add     eax,r11d
        rol     eax,7
        mov     r11d,ecx
        add     eax,ebx
        xor     r11d,ebx
-       lea     edx,DWORD PTR[08b44f7afh+r10*1+rdx]
+       lea     edx,DWORD PTR[((-1958414417))+r10*1+rdx]
        and     r11d,eax
        xor     r11d,ecx
-       mov     r10d,DWORD PTR[((10*4))+rsi]
+       mov     r10d,DWORD PTR[40+rsi]
        add     edx,r11d
        rol     edx,12
        mov     r11d,ebx
        add     edx,eax
        xor     r11d,eax
-       lea     ecx,DWORD PTR[0ffff5bb1h+r10*1+rcx]
+       lea     ecx,DWORD PTR[((-42063))+r10*1+rcx]
        and     r11d,edx
        xor     r11d,ebx
-       mov     r10d,DWORD PTR[((11*4))+rsi]
+       mov     r10d,DWORD PTR[44+rsi]
        add     ecx,r11d
        rol     ecx,17
        mov     r11d,eax
        add     ecx,edx
        xor     r11d,edx
-       lea     ebx,DWORD PTR[0895cd7beh+r10*1+rbx]
+       lea     ebx,DWORD PTR[((-1990404162))+r10*1+rbx]
        and     r11d,ecx
        xor     r11d,eax
-       mov     r10d,DWORD PTR[((12*4))+rsi]
+       mov     r10d,DWORD PTR[48+rsi]
        add     ebx,r11d
        rol     ebx,22
        mov     r11d,edx
        add     ebx,ecx
        xor     r11d,ecx
-       lea     eax,DWORD PTR[06b901122h+r10*1+rax]
+       lea     eax,DWORD PTR[1804603682+r10*1+rax]
        and     r11d,ebx
        xor     r11d,edx
-       mov     r10d,DWORD PTR[((13*4))+rsi]
+       mov     r10d,DWORD PTR[52+rsi]
        add     eax,r11d
        rol     eax,7
        mov     r11d,ecx
        add     eax,ebx
        xor     r11d,ebx
-       lea     edx,DWORD PTR[0fd987193h+r10*1+rdx]
+       lea     edx,DWORD PTR[((-40341101))+r10*1+rdx]
        and     r11d,eax
        xor     r11d,ecx
-       mov     r10d,DWORD PTR[((14*4))+rsi]
+       mov     r10d,DWORD PTR[56+rsi]
        add     edx,r11d
        rol     edx,12
        mov     r11d,ebx
        add     edx,eax
        xor     r11d,eax
-       lea     ecx,DWORD PTR[0a679438eh+r10*1+rcx]
+       lea     ecx,DWORD PTR[((-1502002290))+r10*1+rcx]
        and     r11d,edx
        xor     r11d,ebx
-       mov     r10d,DWORD PTR[((15*4))+rsi]
+       mov     r10d,DWORD PTR[60+rsi]
        add     ecx,r11d
        rol     ecx,17
        mov     r11d,eax
        add     ecx,edx
        xor     r11d,edx
-       lea     ebx,DWORD PTR[049b40821h+r10*1+rbx]
+       lea     ebx,DWORD PTR[1236535329+r10*1+rbx]
        and     r11d,ecx
        xor     r11d,eax
-       mov     r10d,DWORD PTR[((0*4))+rsi]
+       mov     r10d,DWORD PTR[rsi]
        add     ebx,r11d
        rol     ebx,22
        mov     r11d,edx
        add     ebx,ecx
-       mov     r10d,DWORD PTR[((1*4))+rsi]
+       mov     r10d,DWORD PTR[4+rsi]
        mov     r11d,edx
        mov     r12d,edx
        not     r11d
-       lea     eax,DWORD PTR[0f61e2562h+r10*1+rax]
+       lea     eax,DWORD PTR[((-165796510))+r10*1+rax]
        and     r12d,ebx
        and     r11d,ecx
-       mov     r10d,DWORD PTR[((6*4))+rsi]
+       mov     r10d,DWORD PTR[24+rsi]
        or      r12d,r11d
        mov     r11d,ecx
        add     eax,r12d
@@ -209,10 +209,10 @@ $L$loop::
        rol     eax,5
        add     eax,ebx
        not     r11d
-       lea     edx,DWORD PTR[0c040b340h+r10*1+rdx]
+       lea     edx,DWORD PTR[((-1069501632))+r10*1+rdx]
        and     r12d,eax
        and     r11d,ebx
-       mov     r10d,DWORD PTR[((11*4))+rsi]
+       mov     r10d,DWORD PTR[44+rsi]
        or      r12d,r11d
        mov     r11d,ebx
        add     edx,r12d
@@ -220,10 +220,10 @@ $L$loop::
        rol     edx,9
        add     edx,eax
        not     r11d
-       lea     ecx,DWORD PTR[0265e5a51h+r10*1+rcx]
+       lea     ecx,DWORD PTR[643717713+r10*1+rcx]
        and     r12d,edx
        and     r11d,eax
-       mov     r10d,DWORD PTR[((0*4))+rsi]
+       mov     r10d,DWORD PTR[rsi]
        or      r12d,r11d
        mov     r11d,eax
        add     ecx,r12d
@@ -231,10 +231,10 @@ $L$loop::
        rol     ecx,14
        add     ecx,edx
        not     r11d
-       lea     ebx,DWORD PTR[0e9b6c7aah+r10*1+rbx]
+       lea     ebx,DWORD PTR[((-373897302))+r10*1+rbx]
        and     r12d,ecx
        and     r11d,edx
-       mov     r10d,DWORD PTR[((5*4))+rsi]
+       mov     r10d,DWORD PTR[20+rsi]
        or      r12d,r11d
        mov     r11d,edx
        add     ebx,r12d
@@ -242,10 +242,10 @@ $L$loop::
        rol     ebx,20
        add     ebx,ecx
        not     r11d
-       lea     eax,DWORD PTR[0d62f105dh+r10*1+rax]
+       lea     eax,DWORD PTR[((-701558691))+r10*1+rax]
        and     r12d,ebx
        and     r11d,ecx
-       mov     r10d,DWORD PTR[((10*4))+rsi]
+       mov     r10d,DWORD PTR[40+rsi]
        or      r12d,r11d
        mov     r11d,ecx
        add     eax,r12d
@@ -253,10 +253,10 @@ $L$loop::
        rol     eax,5
        add     eax,ebx
        not     r11d
-       lea     edx,DWORD PTR[02441453h+r10*1+rdx]
+       lea     edx,DWORD PTR[38016083+r10*1+rdx]
        and     r12d,eax
        and     r11d,ebx
-       mov     r10d,DWORD PTR[((15*4))+rsi]
+       mov     r10d,DWORD PTR[60+rsi]
        or      r12d,r11d
        mov     r11d,ebx
        add     edx,r12d
@@ -264,10 +264,10 @@ $L$loop::
        rol     edx,9
        add     edx,eax
        not     r11d
-       lea     ecx,DWORD PTR[0d8a1e681h+r10*1+rcx]
+       lea     ecx,DWORD PTR[((-660478335))+r10*1+rcx]
        and     r12d,edx
        and     r11d,eax
-       mov     r10d,DWORD PTR[((4*4))+rsi]
+       mov     r10d,DWORD PTR[16+rsi]
        or      r12d,r11d
        mov     r11d,eax
        add     ecx,r12d
@@ -275,10 +275,10 @@ $L$loop::
        rol     ecx,14
        add     ecx,edx
        not     r11d
-       lea     ebx,DWORD PTR[0e7d3fbc8h+r10*1+rbx]
+       lea     ebx,DWORD PTR[((-405537848))+r10*1+rbx]
        and     r12d,ecx
        and     r11d,edx
-       mov     r10d,DWORD PTR[((9*4))+rsi]
+       mov     r10d,DWORD PTR[36+rsi]
        or      r12d,r11d
        mov     r11d,edx
        add     ebx,r12d
@@ -286,10 +286,10 @@ $L$loop::
        rol     ebx,20
        add     ebx,ecx
        not     r11d
-       lea     eax,DWORD PTR[021e1cde6h+r10*1+rax]
+       lea     eax,DWORD PTR[568446438+r10*1+rax]
        and     r12d,ebx
        and     r11d,ecx
-       mov     r10d,DWORD PTR[((14*4))+rsi]
+       mov     r10d,DWORD PTR[56+rsi]
        or      r12d,r11d
        mov     r11d,ecx
        add     eax,r12d
@@ -297,10 +297,10 @@ $L$loop::
        rol     eax,5
        add     eax,ebx
        not     r11d
-       lea     edx,DWORD PTR[0c33707d6h+r10*1+rdx]
+       lea     edx,DWORD PTR[((-1019803690))+r10*1+rdx]
        and     r12d,eax
        and     r11d,ebx
-       mov     r10d,DWORD PTR[((3*4))+rsi]
+       mov     r10d,DWORD PTR[12+rsi]
        or      r12d,r11d
        mov     r11d,ebx
        add     edx,r12d
@@ -308,10 +308,10 @@ $L$loop::
        rol     edx,9
        add     edx,eax
        not     r11d
-       lea     ecx,DWORD PTR[0f4d50d87h+r10*1+rcx]
+       lea     ecx,DWORD PTR[((-187363961))+r10*1+rcx]
        and     r12d,edx
        and     r11d,eax
-       mov     r10d,DWORD PTR[((8*4))+rsi]
+       mov     r10d,DWORD PTR[32+rsi]
        or      r12d,r11d
        mov     r11d,eax
        add     ecx,r12d
@@ -319,10 +319,10 @@ $L$loop::
        rol     ecx,14
        add     ecx,edx
        not     r11d
-       lea     ebx,DWORD PTR[0455a14edh+r10*1+rbx]
+       lea     ebx,DWORD PTR[1163531501+r10*1+rbx]
        and     r12d,ecx
        and     r11d,edx
-       mov     r10d,DWORD PTR[((13*4))+rsi]
+       mov     r10d,DWORD PTR[52+rsi]
        or      r12d,r11d
        mov     r11d,edx
        add     ebx,r12d
@@ -330,10 +330,10 @@ $L$loop::
        rol     ebx,20
        add     ebx,ecx
        not     r11d
-       lea     eax,DWORD PTR[0a9e3e905h+r10*1+rax]
+       lea     eax,DWORD PTR[((-1444681467))+r10*1+rax]
        and     r12d,ebx
        and     r11d,ecx
-       mov     r10d,DWORD PTR[((2*4))+rsi]
+       mov     r10d,DWORD PTR[8+rsi]
        or      r12d,r11d
        mov     r11d,ecx
        add     eax,r12d
@@ -341,10 +341,10 @@ $L$loop::
        rol     eax,5
        add     eax,ebx
        not     r11d
-       lea     edx,DWORD PTR[0fcefa3f8h+r10*1+rdx]
+       lea     edx,DWORD PTR[((-51403784))+r10*1+rdx]
        and     r12d,eax
        and     r11d,ebx
-       mov     r10d,DWORD PTR[((7*4))+rsi]
+       mov     r10d,DWORD PTR[28+rsi]
        or      r12d,r11d
        mov     r11d,ebx
        add     edx,r12d
@@ -352,10 +352,10 @@ $L$loop::
        rol     edx,9
        add     edx,eax
        not     r11d
-       lea     ecx,DWORD PTR[0676f02d9h+r10*1+rcx]
+       lea     ecx,DWORD PTR[1735328473+r10*1+rcx]
        and     r12d,edx
        and     r11d,eax
-       mov     r10d,DWORD PTR[((12*4))+rsi]
+       mov     r10d,DWORD PTR[48+rsi]
        or      r12d,r11d
        mov     r11d,eax
        add     ecx,r12d
@@ -363,289 +363,289 @@ $L$loop::
        rol     ecx,14
        add     ecx,edx
        not     r11d
-       lea     ebx,DWORD PTR[08d2a4c8ah+r10*1+rbx]
+       lea     ebx,DWORD PTR[((-1926607734))+r10*1+rbx]
        and     r12d,ecx
        and     r11d,edx
-       mov     r10d,DWORD PTR[((0*4))+rsi]
+       mov     r10d,DWORD PTR[rsi]
        or      r12d,r11d
        mov     r11d,edx
        add     ebx,r12d
        mov     r12d,edx
        rol     ebx,20
        add     ebx,ecx
-       mov     r10d,DWORD PTR[((5*4))+rsi]
+       mov     r10d,DWORD PTR[20+rsi]
        mov     r11d,ecx
-       lea     eax,DWORD PTR[0fffa3942h+r10*1+rax]
-       mov     r10d,DWORD PTR[((8*4))+rsi]
+       lea     eax,DWORD PTR[((-378558))+r10*1+rax]
+       mov     r10d,DWORD PTR[32+rsi]
        xor     r11d,edx
        xor     r11d,ebx
        add     eax,r11d
        rol     eax,4
        mov     r11d,ebx
        add     eax,ebx
-       lea     edx,DWORD PTR[08771f681h+r10*1+rdx]
-       mov     r10d,DWORD PTR[((11*4))+rsi]
+       lea     edx,DWORD PTR[((-2022574463))+r10*1+rdx]
+       mov     r10d,DWORD PTR[44+rsi]
        xor     r11d,ecx
        xor     r11d,eax
        add     edx,r11d
        rol     edx,11
        mov     r11d,eax
        add     edx,eax
-       lea     ecx,DWORD PTR[06d9d6122h+r10*1+rcx]
-       mov     r10d,DWORD PTR[((14*4))+rsi]
+       lea     ecx,DWORD PTR[1839030562+r10*1+rcx]
+       mov     r10d,DWORD PTR[56+rsi]
        xor     r11d,ebx
        xor     r11d,edx
        add     ecx,r11d
        rol     ecx,16
        mov     r11d,edx
        add     ecx,edx
-       lea     ebx,DWORD PTR[0fde5380ch+r10*1+rbx]
-       mov     r10d,DWORD PTR[((1*4))+rsi]
+       lea     ebx,DWORD PTR[((-35309556))+r10*1+rbx]
+       mov     r10d,DWORD PTR[4+rsi]
        xor     r11d,eax
        xor     r11d,ecx
        add     ebx,r11d
        rol     ebx,23
        mov     r11d,ecx
        add     ebx,ecx
-       lea     eax,DWORD PTR[0a4beea44h+r10*1+rax]
-       mov     r10d,DWORD PTR[((4*4))+rsi]
+       lea     eax,DWORD PTR[((-1530992060))+r10*1+rax]
+       mov     r10d,DWORD PTR[16+rsi]
        xor     r11d,edx
        xor     r11d,ebx
        add     eax,r11d
        rol     eax,4
        mov     r11d,ebx
        add     eax,ebx
-       lea     edx,DWORD PTR[04bdecfa9h+r10*1+rdx]
-       mov     r10d,DWORD PTR[((7*4))+rsi]
+       lea     edx,DWORD PTR[1272893353+r10*1+rdx]
+       mov     r10d,DWORD PTR[28+rsi]
        xor     r11d,ecx
        xor     r11d,eax
        add     edx,r11d
        rol     edx,11
        mov     r11d,eax
        add     edx,eax
-       lea     ecx,DWORD PTR[0f6bb4b60h+r10*1+rcx]
-       mov     r10d,DWORD PTR[((10*4))+rsi]
+       lea     ecx,DWORD PTR[((-155497632))+r10*1+rcx]
+       mov     r10d,DWORD PTR[40+rsi]
        xor     r11d,ebx
        xor     r11d,edx
        add     ecx,r11d
        rol     ecx,16
        mov     r11d,edx
        add     ecx,edx
-       lea     ebx,DWORD PTR[0bebfbc70h+r10*1+rbx]
-       mov     r10d,DWORD PTR[((13*4))+rsi]
+       lea     ebx,DWORD PTR[((-1094730640))+r10*1+rbx]
+       mov     r10d,DWORD PTR[52+rsi]
        xor     r11d,eax
        xor     r11d,ecx
        add     ebx,r11d
        rol     ebx,23
        mov     r11d,ecx
        add     ebx,ecx
-       lea     eax,DWORD PTR[0289b7ec6h+r10*1+rax]
-       mov     r10d,DWORD PTR[((0*4))+rsi]
+       lea     eax,DWORD PTR[681279174+r10*1+rax]
+       mov     r10d,DWORD PTR[rsi]
        xor     r11d,edx
        xor     r11d,ebx
        add     eax,r11d
        rol     eax,4
        mov     r11d,ebx
        add     eax,ebx
-       lea     edx,DWORD PTR[0eaa127fah+r10*1+rdx]
-       mov     r10d,DWORD PTR[((3*4))+rsi]
+       lea     edx,DWORD PTR[((-358537222))+r10*1+rdx]
+       mov     r10d,DWORD PTR[12+rsi]
        xor     r11d,ecx
        xor     r11d,eax
        add     edx,r11d
        rol     edx,11
        mov     r11d,eax
        add     edx,eax
-       lea     ecx,DWORD PTR[0d4ef3085h+r10*1+rcx]
-       mov     r10d,DWORD PTR[((6*4))+rsi]
+       lea     ecx,DWORD PTR[((-722521979))+r10*1+rcx]
+       mov     r10d,DWORD PTR[24+rsi]
        xor     r11d,ebx
        xor     r11d,edx
        add     ecx,r11d
        rol     ecx,16
        mov     r11d,edx
        add     ecx,edx
-       lea     ebx,DWORD PTR[04881d05h+r10*1+rbx]
-       mov     r10d,DWORD PTR[((9*4))+rsi]
+       lea     ebx,DWORD PTR[76029189+r10*1+rbx]
+       mov     r10d,DWORD PTR[36+rsi]
        xor     r11d,eax
        xor     r11d,ecx
        add     ebx,r11d
        rol     ebx,23
        mov     r11d,ecx
        add     ebx,ecx
-       lea     eax,DWORD PTR[0d9d4d039h+r10*1+rax]
-       mov     r10d,DWORD PTR[((12*4))+rsi]
+       lea     eax,DWORD PTR[((-640364487))+r10*1+rax]
+       mov     r10d,DWORD PTR[48+rsi]
        xor     r11d,edx
        xor     r11d,ebx
        add     eax,r11d
        rol     eax,4
        mov     r11d,ebx
        add     eax,ebx
-       lea     edx,DWORD PTR[0e6db99e5h+r10*1+rdx]
-       mov     r10d,DWORD PTR[((15*4))+rsi]
+       lea     edx,DWORD PTR[((-421815835))+r10*1+rdx]
+       mov     r10d,DWORD PTR[60+rsi]
        xor     r11d,ecx
        xor     r11d,eax
        add     edx,r11d
        rol     edx,11
        mov     r11d,eax
        add     edx,eax
-       lea     ecx,DWORD PTR[01fa27cf8h+r10*1+rcx]
-       mov     r10d,DWORD PTR[((2*4))+rsi]
+       lea     ecx,DWORD PTR[530742520+r10*1+rcx]
+       mov     r10d,DWORD PTR[8+rsi]
        xor     r11d,ebx
        xor     r11d,edx
        add     ecx,r11d
        rol     ecx,16
        mov     r11d,edx
        add     ecx,edx
-       lea     ebx,DWORD PTR[0c4ac5665h+r10*1+rbx]
-       mov     r10d,DWORD PTR[((0*4))+rsi]
+       lea     ebx,DWORD PTR[((-995338651))+r10*1+rbx]
+       mov     r10d,DWORD PTR[rsi]
        xor     r11d,eax
        xor     r11d,ecx
        add     ebx,r11d
        rol     ebx,23
        mov     r11d,ecx
        add     ebx,ecx
-       mov     r10d,DWORD PTR[((0*4))+rsi]
+       mov     r10d,DWORD PTR[rsi]
        mov     r11d,0ffffffffh
        xor     r11d,edx
-       lea     eax,DWORD PTR[0f4292244h+r10*1+rax]
+       lea     eax,DWORD PTR[((-198630844))+r10*1+rax]
        or      r11d,ebx
        xor     r11d,ecx
        add     eax,r11d
-       mov     r10d,DWORD PTR[((7*4))+rsi]
+       mov     r10d,DWORD PTR[28+rsi]
        mov     r11d,0ffffffffh
        rol     eax,6
        xor     r11d,ecx
        add     eax,ebx
-       lea     edx,DWORD PTR[0432aff97h+r10*1+rdx]
+       lea     edx,DWORD PTR[1126891415+r10*1+rdx]
        or      r11d,eax
        xor     r11d,ebx
        add     edx,r11d
-       mov     r10d,DWORD PTR[((14*4))+rsi]
+       mov     r10d,DWORD PTR[56+rsi]
        mov     r11d,0ffffffffh
        rol     edx,10
        xor     r11d,ebx
        add     edx,eax
-       lea     ecx,DWORD PTR[0ab9423a7h+r10*1+rcx]
+       lea     ecx,DWORD PTR[((-1416354905))+r10*1+rcx]
        or      r11d,edx
        xor     r11d,eax
        add     ecx,r11d
-       mov     r10d,DWORD PTR[((5*4))+rsi]
+       mov     r10d,DWORD PTR[20+rsi]
        mov     r11d,0ffffffffh
        rol     ecx,15
        xor     r11d,eax
        add     ecx,edx
-       lea     ebx,DWORD PTR[0fc93a039h+r10*1+rbx]
+       lea     ebx,DWORD PTR[((-57434055))+r10*1+rbx]
        or      r11d,ecx
        xor     r11d,edx
        add     ebx,r11d
-       mov     r10d,DWORD PTR[((12*4))+rsi]
+       mov     r10d,DWORD PTR[48+rsi]
        mov     r11d,0ffffffffh
        rol     ebx,21
        xor     r11d,edx
        add     ebx,ecx
-       lea     eax,DWORD PTR[0655b59c3h+r10*1+rax]
+       lea     eax,DWORD PTR[1700485571+r10*1+rax]
        or      r11d,ebx
        xor     r11d,ecx
        add     eax,r11d
-       mov     r10d,DWORD PTR[((3*4))+rsi]
+       mov     r10d,DWORD PTR[12+rsi]
        mov     r11d,0ffffffffh
        rol     eax,6
        xor     r11d,ecx
        add     eax,ebx
-       lea     edx,DWORD PTR[08f0ccc92h+r10*1+rdx]
+       lea     edx,DWORD PTR[((-1894986606))+r10*1+rdx]
        or      r11d,eax
        xor     r11d,ebx
        add     edx,r11d
-       mov     r10d,DWORD PTR[((10*4))+rsi]
+       mov     r10d,DWORD PTR[40+rsi]
        mov     r11d,0ffffffffh
        rol     edx,10
        xor     r11d,ebx
        add     edx,eax
-       lea     ecx,DWORD PTR[0ffeff47dh+r10*1+rcx]
+       lea     ecx,DWORD PTR[((-1051523))+r10*1+rcx]
        or      r11d,edx
        xor     r11d,eax
        add     ecx,r11d
-       mov     r10d,DWORD PTR[((1*4))+rsi]
+       mov     r10d,DWORD PTR[4+rsi]
        mov     r11d,0ffffffffh
        rol     ecx,15
        xor     r11d,eax
        add     ecx,edx
-       lea     ebx,DWORD PTR[085845dd1h+r10*1+rbx]
+       lea     ebx,DWORD PTR[((-2054922799))+r10*1+rbx]
        or      r11d,ecx
        xor     r11d,edx
        add     ebx,r11d
-       mov     r10d,DWORD PTR[((8*4))+rsi]
+       mov     r10d,DWORD PTR[32+rsi]
        mov     r11d,0ffffffffh
        rol     ebx,21
        xor     r11d,edx
        add     ebx,ecx
-       lea     eax,DWORD PTR[06fa87e4fh+r10*1+rax]
+       lea     eax,DWORD PTR[1873313359+r10*1+rax]
        or      r11d,ebx
        xor     r11d,ecx
        add     eax,r11d
-       mov     r10d,DWORD PTR[((15*4))+rsi]
+       mov     r10d,DWORD PTR[60+rsi]
        mov     r11d,0ffffffffh
        rol     eax,6
        xor     r11d,ecx
        add     eax,ebx
-       lea     edx,DWORD PTR[0fe2ce6e0h+r10*1+rdx]
+       lea     edx,DWORD PTR[((-30611744))+r10*1+rdx]
        or      r11d,eax
        xor     r11d,ebx
        add     edx,r11d
-       mov     r10d,DWORD PTR[((6*4))+rsi]
+       mov     r10d,DWORD PTR[24+rsi]
        mov     r11d,0ffffffffh
        rol     edx,10
        xor     r11d,ebx
        add     edx,eax
-       lea     ecx,DWORD PTR[0a3014314h+r10*1+rcx]
+       lea     ecx,DWORD PTR[((-1560198380))+r10*1+rcx]
        or      r11d,edx
        xor     r11d,eax
        add     ecx,r11d
-       mov     r10d,DWORD PTR[((13*4))+rsi]
+       mov     r10d,DWORD PTR[52+rsi]
        mov     r11d,0ffffffffh
        rol     ecx,15
        xor     r11d,eax
        add     ecx,edx
-       lea     ebx,DWORD PTR[04e0811a1h+r10*1+rbx]
+       lea     ebx,DWORD PTR[1309151649+r10*1+rbx]
        or      r11d,ecx
        xor     r11d,edx
        add     ebx,r11d
-       mov     r10d,DWORD PTR[((4*4))+rsi]
+       mov     r10d,DWORD PTR[16+rsi]
        mov     r11d,0ffffffffh
        rol     ebx,21
        xor     r11d,edx
        add     ebx,ecx
-       lea     eax,DWORD PTR[0f7537e82h+r10*1+rax]
+       lea     eax,DWORD PTR[((-145523070))+r10*1+rax]
        or      r11d,ebx
        xor     r11d,ecx
        add     eax,r11d
-       mov     r10d,DWORD PTR[((11*4))+rsi]
+       mov     r10d,DWORD PTR[44+rsi]
        mov     r11d,0ffffffffh
        rol     eax,6
        xor     r11d,ecx
        add     eax,ebx
-       lea     edx,DWORD PTR[0bd3af235h+r10*1+rdx]
+       lea     edx,DWORD PTR[((-1120210379))+r10*1+rdx]
        or      r11d,eax
        xor     r11d,ebx
        add     edx,r11d
-       mov     r10d,DWORD PTR[((2*4))+rsi]
+       mov     r10d,DWORD PTR[8+rsi]
        mov     r11d,0ffffffffh
        rol     edx,10
        xor     r11d,ebx
        add     edx,eax
-       lea     ecx,DWORD PTR[02ad7d2bbh+r10*1+rcx]
+       lea     ecx,DWORD PTR[718787259+r10*1+rcx]
        or      r11d,edx
        xor     r11d,eax
        add     ecx,r11d
-       mov     r10d,DWORD PTR[((9*4))+rsi]
+       mov     r10d,DWORD PTR[36+rsi]
        mov     r11d,0ffffffffh
        rol     ecx,15
        xor     r11d,eax
        add     ecx,edx
-       lea     ebx,DWORD PTR[0eb86d391h+r10*1+rbx]
+       lea     ebx,DWORD PTR[((-343485551))+r10*1+rbx]
        or      r11d,ecx
        xor     r11d,edx
        add     ebx,r11d
-       mov     r10d,DWORD PTR[((0*4))+rsi]
+       mov     r10d,DWORD PTR[rsi]
        mov     r11d,0ffffffffh
        rol     ebx,21
        xor     r11d,edx
@@ -664,10 +664,10 @@ $L$loop::
 
 
 $L$end::
-       mov     DWORD PTR[((0*4))+rbp],eax
-       mov     DWORD PTR[((1*4))+rbp],ebx
-       mov     DWORD PTR[((2*4))+rbp],ecx
-       mov     DWORD PTR[((3*4))+rbp],edx
+       mov     DWORD PTR[rbp],eax
+       mov     DWORD PTR[4+rbp],ebx
+       mov     DWORD PTR[8+rbp],ecx
+       mov     DWORD PTR[12+rbp],edx
 
        mov     r15,QWORD PTR[rsp]
        mov     r14,QWORD PTR[8+rsp]

diff --git a/deps/openssl/asm/x64-win32-masm/rc4/rc4-x86_64.asm b/deps/openssl/asm/x64-win32-masm/rc4/rc4-x86_64.asm
index f508fa6..aea304f 100644 (file)
--- a/deps/openssl/asm/x64-win32-masm/rc4/rc4-x86_64.asm
+++ b/deps/openssl/asm/x64-win32-masm/rc4/rc4-x86_64.asm
@@ -1,5 +1,6 @@
 OPTION DOTNAME
 .text$ SEGMENT ALIGN(64) 'CODE'
+EXTERN OPENSSL_ia32cap_P:NEAR
 
 PUBLIC RC4
 
@@ -24,316 +25,511 @@ $L$entry::
        push    r12
        push    r13
 $L$prologue::
+       mov     r11,rsi
+       mov     r12,rdx
+       mov     r13,rcx
+       xor     r10,r10
+       xor     rcx,rcx
 
-       add     rdi,8
-       mov     r8d,DWORD PTR[((-8))+rdi]
-       mov     r12d,DWORD PTR[((-4))+rdi]
+       lea     rdi,QWORD PTR[8+rdi]
+       mov     r10b,BYTE PTR[((-8))+rdi]
+       mov     cl,BYTE PTR[((-4))+rdi]
        cmp     DWORD PTR[256+rdi],-1
        je      $L$RC4_CHAR
-       inc     r8b
-       mov     r9d,DWORD PTR[r8*4+rdi]
-       test    rsi,-8
-       jz      $L$loop1
-       jmp     $L$loop8
-ALIGN  16
-$L$loop8::
-       add     r12b,r9b
-       mov     r10,r8
-       mov     r13d,DWORD PTR[r12*4+rdi]
-       ror     rax,8
-       inc     r10b
-       mov     r11d,DWORD PTR[r10*4+rdi]
-       cmp     r12,r10
-       mov     DWORD PTR[r12*4+rdi],r9d
-       cmove   r11,r9
-       mov     DWORD PTR[r8*4+rdi],r13d
-       add     r13b,r9b
-       mov     al,BYTE PTR[r13*4+rdi]
-       add     r12b,r11b
-       mov     r8,r10
-       mov     r13d,DWORD PTR[r12*4+rdi]
-       ror     rax,8
-       inc     r8b
-       mov     r9d,DWORD PTR[r8*4+rdi]
-       cmp     r12,r8
-       mov     DWORD PTR[r12*4+rdi],r11d
-       cmove   r9,r11
-       mov     DWORD PTR[r10*4+rdi],r13d
-       add     r13b,r11b
-       mov     al,BYTE PTR[r13*4+rdi]
-       add     r12b,r9b
-       mov     r10,r8
-       mov     r13d,DWORD PTR[r12*4+rdi]
-       ror     rax,8
+       mov     r8d,DWORD PTR[OPENSSL_ia32cap_P]
+       xor     rbx,rbx
        inc     r10b
-       mov     r11d,DWORD PTR[r10*4+rdi]
-       cmp     r12,r10
-       mov     DWORD PTR[r12*4+rdi],r9d
-       cmove   r11,r9
-       mov     DWORD PTR[r8*4+rdi],r13d
-       add     r13b,r9b
-       mov     al,BYTE PTR[r13*4+rdi]
-       add     r12b,r11b
-       mov     r8,r10
-       mov     r13d,DWORD PTR[r12*4+rdi]
-       ror     rax,8
-       inc     r8b
-       mov     r9d,DWORD PTR[r8*4+rdi]
-       cmp     r12,r8
-       mov     DWORD PTR[r12*4+rdi],r11d
-       cmove   r9,r11
-       mov     DWORD PTR[r10*4+rdi],r13d
-       add     r13b,r11b
-       mov     al,BYTE PTR[r13*4+rdi]
-       add     r12b,r9b
-       mov     r10,r8
-       mov     r13d,DWORD PTR[r12*4+rdi]
-       ror     rax,8
+       sub     rbx,r10
+       sub     r13,r12
+       mov     eax,DWORD PTR[r10*4+rdi]
+       test    r11,-16
+       jz      $L$loop1
+       bt      r8d,30
+       jc      $L$intel
+       and     rbx,7
+       lea     rsi,QWORD PTR[1+r10]
+       jz      $L$oop8
+       sub     r11,rbx
+$L$oop8_warmup::
+       add     cl,al
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],eax
+       mov     DWORD PTR[r10*4+rdi],edx
+       add     al,dl
        inc     r10b
-       mov     r11d,DWORD PTR[r10*4+rdi]
-       cmp     r12,r10
-       mov     DWORD PTR[r12*4+rdi],r9d
-       cmove   r11,r9
-       mov     DWORD PTR[r8*4+rdi],r13d
-       add     r13b,r9b
-       mov     al,BYTE PTR[r13*4+rdi]
-       add     r12b,r11b
-       mov     r8,r10
-       mov     r13d,DWORD PTR[r12*4+rdi]
-       ror     rax,8
-       inc     r8b
-       mov     r9d,DWORD PTR[r8*4+rdi]
-       cmp     r12,r8
-       mov     DWORD PTR[r12*4+rdi],r11d
-       cmove   r9,r11
-       mov     DWORD PTR[r10*4+rdi],r13d
-       add     r13b,r11b
-       mov     al,BYTE PTR[r13*4+rdi]
-       add     r12b,r9b
-       mov     r10,r8
-       mov     r13d,DWORD PTR[r12*4+rdi]
-       ror     rax,8
+       mov     edx,DWORD PTR[rax*4+rdi]
+       mov     eax,DWORD PTR[r10*4+rdi]
+       xor     dl,BYTE PTR[r12]
+       mov     BYTE PTR[r12*1+r13],dl
+       lea     r12,QWORD PTR[1+r12]
+       dec     rbx
+       jnz     $L$oop8_warmup
+
+       lea     rsi,QWORD PTR[1+r10]
+       jmp     $L$oop8
+ALIGN  16
+$L$oop8::
+       add     cl,al
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],eax
+       mov     ebx,DWORD PTR[rsi*4+rdi]
+       ror     r8,8
+       mov     DWORD PTR[r10*4+rdi],edx
+       add     dl,al
+       mov     r8b,BYTE PTR[rdx*4+rdi]
+       add     cl,bl
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],ebx
+       mov     eax,DWORD PTR[4+rsi*4+rdi]
+       ror     r8,8
+       mov     DWORD PTR[4+r10*4+rdi],edx
+       add     dl,bl
+       mov     r8b,BYTE PTR[rdx*4+rdi]
+       add     cl,al
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],eax
+       mov     ebx,DWORD PTR[8+rsi*4+rdi]
+       ror     r8,8
+       mov     DWORD PTR[8+r10*4+rdi],edx
+       add     dl,al
+       mov     r8b,BYTE PTR[rdx*4+rdi]
+       add     cl,bl
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],ebx
+       mov     eax,DWORD PTR[12+rsi*4+rdi]
+       ror     r8,8
+       mov     DWORD PTR[12+r10*4+rdi],edx
+       add     dl,bl
+       mov     r8b,BYTE PTR[rdx*4+rdi]
+       add     cl,al
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],eax
+       mov     ebx,DWORD PTR[16+rsi*4+rdi]
+       ror     r8,8
+       mov     DWORD PTR[16+r10*4+rdi],edx
+       add     dl,al
+       mov     r8b,BYTE PTR[rdx*4+rdi]
+       add     cl,bl
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],ebx
+       mov     eax,DWORD PTR[20+rsi*4+rdi]
+       ror     r8,8
+       mov     DWORD PTR[20+r10*4+rdi],edx
+       add     dl,bl
+       mov     r8b,BYTE PTR[rdx*4+rdi]
+       add     cl,al
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],eax
+       mov     ebx,DWORD PTR[24+rsi*4+rdi]
+       ror     r8,8
+       mov     DWORD PTR[24+r10*4+rdi],edx
+       add     dl,al
+       mov     r8b,BYTE PTR[rdx*4+rdi]
+       add     sil,8
+       add     cl,bl
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],ebx
+       mov     eax,DWORD PTR[((-4))+rsi*4+rdi]
+       ror     r8,8
+       mov     DWORD PTR[28+r10*4+rdi],edx
+       add     dl,bl
+       mov     r8b,BYTE PTR[rdx*4+rdi]
+       add     r10b,8
+       ror     r8,8
+       sub     r11,8
+
+       xor     r8,QWORD PTR[r12]
+       mov     QWORD PTR[r12*1+r13],r8
+       lea     r12,QWORD PTR[8+r12]
+
+       test    r11,-8
+       jnz     $L$oop8
+       cmp     r11,0
+       jne     $L$loop1
+       jmp     $L$exit
+
+ALIGN  16
+$L$intel::
+       test    r11,-32
+       jz      $L$loop1
+       and     rbx,15
+       jz      $L$oop16_is_hot
+       sub     r11,rbx
+$L$oop16_warmup::
+       add     cl,al
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],eax
+       mov     DWORD PTR[r10*4+rdi],edx
+       add     al,dl
        inc     r10b
-       mov     r11d,DWORD PTR[r10*4+rdi]
-       cmp     r12,r10
-       mov     DWORD PTR[r12*4+rdi],r9d
-       cmove   r11,r9
-       mov     DWORD PTR[r8*4+rdi],r13d
-       add     r13b,r9b
-       mov     al,BYTE PTR[r13*4+rdi]
-       add     r12b,r11b
-       mov     r8,r10
-       mov     r13d,DWORD PTR[r12*4+rdi]
-       ror     rax,8
-       inc     r8b
-       mov     r9d,DWORD PTR[r8*4+rdi]
-       cmp     r12,r8
-       mov     DWORD PTR[r12*4+rdi],r11d
-       cmove   r9,r11
-       mov     DWORD PTR[r10*4+rdi],r13d
-       add     r13b,r11b
-       mov     al,BYTE PTR[r13*4+rdi]
-       ror     rax,8
-       sub     rsi,8
-
-       xor     rax,QWORD PTR[rdx]
-       add     rdx,8
-       mov     QWORD PTR[rcx],rax
-       add     rcx,8
-
-       test    rsi,-8
-       jnz     $L$loop8
-       cmp     rsi,0
+       mov     edx,DWORD PTR[rax*4+rdi]
+       mov     eax,DWORD PTR[r10*4+rdi]
+       xor     dl,BYTE PTR[r12]
+       mov     BYTE PTR[r12*1+r13],dl
+       lea     r12,QWORD PTR[1+r12]
+       dec     rbx
+       jnz     $L$oop16_warmup
+
+       mov     rbx,rcx
+       xor     rcx,rcx
+       mov     cl,bl
+
+$L$oop16_is_hot::
+       lea     rsi,QWORD PTR[r10*4+rdi]
+       add     cl,al
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       pxor    xmm0,xmm0
+       mov     DWORD PTR[rcx*4+rdi],eax
+       add     al,dl
+       mov     ebx,DWORD PTR[4+rsi]
+       movzx   eax,al
+       mov     DWORD PTR[rsi],edx
+       add     cl,bl
+       pinsrw  xmm0,WORD PTR[rax*4+rdi],0
+       jmp     $L$oop16_enter
+ALIGN  16
+$L$oop16::
+       add     cl,al
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       pxor    xmm2,xmm0
+       psllq   xmm1,8
+       pxor    xmm0,xmm0
+       mov     DWORD PTR[rcx*4+rdi],eax
+       add     al,dl
+       mov     ebx,DWORD PTR[4+rsi]
+       movzx   eax,al
+       mov     DWORD PTR[rsi],edx
+       pxor    xmm2,xmm1
+       add     cl,bl
+       pinsrw  xmm0,WORD PTR[rax*4+rdi],0
+       movdqu  XMMWORD PTR[r12*1+r13],xmm2
+       lea     r12,QWORD PTR[16+r12]
+$L$oop16_enter::
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       pxor    xmm1,xmm1
+       mov     DWORD PTR[rcx*4+rdi],ebx
+       add     bl,dl
+       mov     eax,DWORD PTR[8+rsi]
+       movzx   ebx,bl
+       mov     DWORD PTR[4+rsi],edx
+       add     cl,al
+       pinsrw  xmm1,WORD PTR[rbx*4+rdi],0
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],eax
+       add     al,dl
+       mov     ebx,DWORD PTR[12+rsi]
+       movzx   eax,al
+       mov     DWORD PTR[8+rsi],edx
+       add     cl,bl
+       pinsrw  xmm0,WORD PTR[rax*4+rdi],1
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],ebx
+       add     bl,dl
+       mov     eax,DWORD PTR[16+rsi]
+       movzx   ebx,bl
+       mov     DWORD PTR[12+rsi],edx
+       add     cl,al
+       pinsrw  xmm1,WORD PTR[rbx*4+rdi],1
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],eax
+       add     al,dl
+       mov     ebx,DWORD PTR[20+rsi]
+       movzx   eax,al
+       mov     DWORD PTR[16+rsi],edx
+       add     cl,bl
+       pinsrw  xmm0,WORD PTR[rax*4+rdi],2
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],ebx
+       add     bl,dl
+       mov     eax,DWORD PTR[24+rsi]
+       movzx   ebx,bl
+       mov     DWORD PTR[20+rsi],edx
+       add     cl,al
+       pinsrw  xmm1,WORD PTR[rbx*4+rdi],2
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],eax
+       add     al,dl
+       mov     ebx,DWORD PTR[28+rsi]
+       movzx   eax,al
+       mov     DWORD PTR[24+rsi],edx
+       add     cl,bl
+       pinsrw  xmm0,WORD PTR[rax*4+rdi],3
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],ebx
+       add     bl,dl
+       mov     eax,DWORD PTR[32+rsi]
+       movzx   ebx,bl
+       mov     DWORD PTR[28+rsi],edx
+       add     cl,al
+       pinsrw  xmm1,WORD PTR[rbx*4+rdi],3
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],eax
+       add     al,dl
+       mov     ebx,DWORD PTR[36+rsi]
+       movzx   eax,al
+       mov     DWORD PTR[32+rsi],edx
+       add     cl,bl
+       pinsrw  xmm0,WORD PTR[rax*4+rdi],4
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],ebx
+       add     bl,dl
+       mov     eax,DWORD PTR[40+rsi]
+       movzx   ebx,bl
+       mov     DWORD PTR[36+rsi],edx
+       add     cl,al
+       pinsrw  xmm1,WORD PTR[rbx*4+rdi],4
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],eax
+       add     al,dl
+       mov     ebx,DWORD PTR[44+rsi]
+       movzx   eax,al
+       mov     DWORD PTR[40+rsi],edx
+       add     cl,bl
+       pinsrw  xmm0,WORD PTR[rax*4+rdi],5
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],ebx
+       add     bl,dl
+       mov     eax,DWORD PTR[48+rsi]
+       movzx   ebx,bl
+       mov     DWORD PTR[44+rsi],edx
+       add     cl,al
+       pinsrw  xmm1,WORD PTR[rbx*4+rdi],5
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],eax
+       add     al,dl
+       mov     ebx,DWORD PTR[52+rsi]
+       movzx   eax,al
+       mov     DWORD PTR[48+rsi],edx
+       add     cl,bl
+       pinsrw  xmm0,WORD PTR[rax*4+rdi],6
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],ebx
+       add     bl,dl
+       mov     eax,DWORD PTR[56+rsi]
+       movzx   ebx,bl
+       mov     DWORD PTR[52+rsi],edx
+       add     cl,al
+       pinsrw  xmm1,WORD PTR[rbx*4+rdi],6
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],eax
+       add     al,dl
+       mov     ebx,DWORD PTR[60+rsi]
+       movzx   eax,al
+       mov     DWORD PTR[56+rsi],edx
+       add     cl,bl
+       pinsrw  xmm0,WORD PTR[rax*4+rdi],7
+       add     r10b,16
+       movdqu  xmm2,XMMWORD PTR[r12]
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],ebx
+       add     bl,dl
+       movzx   ebx,bl
+       mov     DWORD PTR[60+rsi],edx
+       lea     rsi,QWORD PTR[r10*4+rdi]
+       pinsrw  xmm1,WORD PTR[rbx*4+rdi],7
+       mov     eax,DWORD PTR[rsi]
+       mov     rbx,rcx
+       xor     rcx,rcx
+       sub     r11,16
+       mov     cl,bl
+       test    r11,-16
+       jnz     $L$oop16
+
+       psllq   xmm1,8
+       pxor    xmm2,xmm0
+       pxor    xmm2,xmm1
+       movdqu  XMMWORD PTR[r12*1+r13],xmm2
+       lea     r12,QWORD PTR[16+r12]
+
+       cmp     r11,0
        jne     $L$loop1
        jmp     $L$exit
 
 ALIGN  16
 $L$loop1::
-       add     r12b,r9b
-       mov     r13d,DWORD PTR[r12*4+rdi]
-       mov     DWORD PTR[r12*4+rdi],r9d
-       mov     DWORD PTR[r8*4+rdi],r13d
-       add     r9b,r13b
-       inc     r8b
-       mov     r13d,DWORD PTR[r9*4+rdi]
-       mov     r9d,DWORD PTR[r8*4+rdi]
-       xor     r13b,BYTE PTR[rdx]
-       inc     rdx
-       mov     BYTE PTR[rcx],r13b
-       inc     rcx
-       dec     rsi
+       add     cl,al
+       mov     edx,DWORD PTR[rcx*4+rdi]
+       mov     DWORD PTR[rcx*4+rdi],eax
+       mov     DWORD PTR[r10*4+rdi],edx
+       add     al,dl
+       inc     r10b
+       mov     edx,DWORD PTR[rax*4+rdi]
+       mov     eax,DWORD PTR[r10*4+rdi]
+       xor     dl,BYTE PTR[r12]
+       mov     BYTE PTR[r12*1+r13],dl
+       lea     r12,QWORD PTR[1+r12]
+       dec     r11
        jnz     $L$loop1
        jmp     $L$exit
 
 ALIGN  16
 $L$RC4_CHAR::
-       add     r8b,1
-       movzx   r9d,BYTE PTR[r8*1+rdi]
-       test    rsi,-8
+       add     r10b,1
+       movzx   eax,BYTE PTR[r10*1+rdi]
+       test    r11,-8
        jz      $L$cloop1
-       cmp     DWORD PTR[260+rdi],0
-       jnz     $L$cloop1
        jmp     $L$cloop8
 ALIGN  16
 $L$cloop8::
-       mov     eax,DWORD PTR[rdx]
-       mov     ebx,DWORD PTR[4+rdx]
-       add     r12b,r9b
-       lea     r10,QWORD PTR[1+r8]
-       movzx   r13d,BYTE PTR[r12*1+rdi]
-       movzx   r10d,r10b
-       movzx   r11d,BYTE PTR[r10*1+rdi]
-       mov     BYTE PTR[r12*1+rdi],r9b
-       cmp     r12,r10
-       mov     BYTE PTR[r8*1+rdi],r13b
+       mov     r8d,DWORD PTR[r12]
+       mov     r9d,DWORD PTR[4+r12]
+       add     cl,al
+       lea     rsi,QWORD PTR[1+r10]
+       movzx   edx,BYTE PTR[rcx*1+rdi]
+       movzx   esi,sil
+       movzx   ebx,BYTE PTR[rsi*1+rdi]
+       mov     BYTE PTR[rcx*1+rdi],al
+       cmp     rcx,rsi
+       mov     BYTE PTR[r10*1+rdi],dl
        jne     $L$cmov0
 
-       mov     r11,r9
+       mov     rbx,rax
 $L$cmov0::
-       add     r13b,r9b
-       xor     al,BYTE PTR[r13*1+rdi]
-       ror     eax,8
-       add     r12b,r11b
-       lea     r8,QWORD PTR[1+r10]
-       movzx   r13d,BYTE PTR[r12*1+rdi]
-       movzx   r8d,r8b
-       movzx   r9d,BYTE PTR[r8*1+rdi]
-       mov     BYTE PTR[r12*1+rdi],r11b
-       cmp     r12,r8
-       mov     BYTE PTR[r10*1+rdi],r13b
+       add     dl,al
+       xor     r8b,BYTE PTR[rdx*1+rdi]
+       ror     r8d,8
+       add     cl,bl
+       lea     r10,QWORD PTR[1+rsi]
+       movzx   edx,BYTE PTR[rcx*1+rdi]
+       movzx   r10d,r10b
+       movzx   eax,BYTE PTR[r10*1+rdi]
+       mov     BYTE PTR[rcx*1+rdi],bl
+       cmp     rcx,r10
+       mov     BYTE PTR[rsi*1+rdi],dl
        jne     $L$cmov1
 
-       mov     r9,r11
+       mov     rax,rbx
 $L$cmov1::
-       add     r13b,r11b
-       xor     al,BYTE PTR[r13*1+rdi]
-       ror     eax,8
-       add     r12b,r9b
-       lea     r10,QWORD PTR[1+r8]
-       movzx   r13d,BYTE PTR[r12*1+rdi]
-       movzx   r10d,r10b
-       movzx   r11d,BYTE PTR[r10*1+rdi]
-       mov     BYTE PTR[r12*1+rdi],r9b
-       cmp     r12,r10
-       mov     BYTE PTR[r8*1+rdi],r13b
+       add     dl,bl
+       xor     r8b,BYTE PTR[rdx*1+rdi]
+       ror     r8d,8
+       add     cl,al
+       lea     rsi,QWORD PTR[1+r10]
+       movzx   edx,BYTE PTR[rcx*1+rdi]
+       movzx   esi,sil
+       movzx   ebx,BYTE PTR[rsi*1+rdi]
+       mov     BYTE PTR[rcx*1+rdi],al
+       cmp     rcx,rsi
+       mov     BYTE PTR[r10*1+rdi],dl
        jne     $L$cmov2
 
-       mov     r11,r9
+       mov     rbx,rax
 $L$cmov2::
-       add     r13b,r9b
-       xor     al,BYTE PTR[r13*1+rdi]
-       ror     eax,8
-       add     r12b,r11b
-       lea     r8,QWORD PTR[1+r10]
-       movzx   r13d,BYTE PTR[r12*1+rdi]
-       movzx   r8d,r8b
-       movzx   r9d,BYTE PTR[r8*1+rdi]
-       mov     BYTE PTR[r12*1+rdi],r11b
-       cmp     r12,r8
-       mov     BYTE PTR[r10*1+rdi],r13b
+       add     dl,al
+       xor     r8b,BYTE PTR[rdx*1+rdi]
+       ror     r8d,8
+       add     cl,bl
+       lea     r10,QWORD PTR[1+rsi]
+       movzx   edx,BYTE PTR[rcx*1+rdi]
+       movzx   r10d,r10b
+       movzx   eax,BYTE PTR[r10*1+rdi]
+       mov     BYTE PTR[rcx*1+rdi],bl
+       cmp     rcx,r10
+       mov     BYTE PTR[rsi*1+rdi],dl
        jne     $L$cmov3
 
-       mov     r9,r11
+       mov     rax,rbx
 $L$cmov3::
-       add     r13b,r11b
-       xor     al,BYTE PTR[r13*1+rdi]
-       ror     eax,8
-       add     r12b,r9b
-       lea     r10,QWORD PTR[1+r8]
-       movzx   r13d,BYTE PTR[r12*1+rdi]
-       movzx   r10d,r10b
-       movzx   r11d,BYTE PTR[r10*1+rdi]
-       mov     BYTE PTR[r12*1+rdi],r9b
-       cmp     r12,r10
-       mov     BYTE PTR[r8*1+rdi],r13b
+       add     dl,bl
+       xor     r8b,BYTE PTR[rdx*1+rdi]
+       ror     r8d,8
+       add     cl,al
+       lea     rsi,QWORD PTR[1+r10]
+       movzx   edx,BYTE PTR[rcx*1+rdi]
+       movzx   esi,sil
+       movzx   ebx,BYTE PTR[rsi*1+rdi]
+       mov     BYTE PTR[rcx*1+rdi],al
+       cmp     rcx,rsi
+       mov     BYTE PTR[r10*1+rdi],dl
        jne     $L$cmov4
 
-       mov     r11,r9
+       mov     rbx,rax
 $L$cmov4::
-       add     r13b,r9b
-       xor     bl,BYTE PTR[r13*1+rdi]
-       ror     ebx,8
-       add     r12b,r11b
-       lea     r8,QWORD PTR[1+r10]
-       movzx   r13d,BYTE PTR[r12*1+rdi]
-       movzx   r8d,r8b
-       movzx   r9d,BYTE PTR[r8*1+rdi]
-       mov     BYTE PTR[r12*1+rdi],r11b
-       cmp     r12,r8
-       mov     BYTE PTR[r10*1+rdi],r13b
+       add     dl,al
+       xor     r9b,BYTE PTR[rdx*1+rdi]
+       ror     r9d,8
+       add     cl,bl
+       lea     r10,QWORD PTR[1+rsi]
+       movzx   edx,BYTE PTR[rcx*1+rdi]
+       movzx   r10d,r10b
+       movzx   eax,BYTE PTR[r10*1+rdi]
+       mov     BYTE PTR[rcx*1+rdi],bl
+       cmp     rcx,r10
+       mov     BYTE PTR[rsi*1+rdi],dl
        jne     $L$cmov5
 
-       mov     r9,r11
+       mov     rax,rbx
 $L$cmov5::
-       add     r13b,r11b
-       xor     bl,BYTE PTR[r13*1+rdi]
-       ror     ebx,8
-       add     r12b,r9b
-       lea     r10,QWORD PTR[1+r8]
-       movzx   r13d,BYTE PTR[r12*1+rdi]
-       movzx   r10d,r10b
-       movzx   r11d,BYTE PTR[r10*1+rdi]
-       mov     BYTE PTR[r12*1+rdi],r9b
-       cmp     r12,r10
-       mov     BYTE PTR[r8*1+rdi],r13b
+       add     dl,bl
+       xor     r9b,BYTE PTR[rdx*1+rdi]
+       ror     r9d,8
+       add     cl,al
+       lea     rsi,QWORD PTR[1+r10]
+       movzx   edx,BYTE PTR[rcx*1+rdi]
+       movzx   esi,sil
+       movzx   ebx,BYTE PTR[rsi*1+rdi]
+       mov     BYTE PTR[rcx*1+rdi],al
+       cmp     rcx,rsi
+       mov     BYTE PTR[r10*1+rdi],dl
        jne     $L$cmov6
 
-       mov     r11,r9
+       mov     rbx,rax
 $L$cmov6::
-       add     r13b,r9b
-       xor     bl,BYTE PTR[r13*1+rdi]
-       ror     ebx,8
-       add     r12b,r11b
-       lea     r8,QWORD PTR[1+r10]
-       movzx   r13d,BYTE PTR[r12*1+rdi]
-       movzx   r8d,r8b
-       movzx   r9d,BYTE PTR[r8*1+rdi]
-       mov     BYTE PTR[r12*1+rdi],r11b
-       cmp     r12,r8
-       mov     BYTE PTR[r10*1+rdi],r13b
+       add     dl,al
+       xor     r9b,BYTE PTR[rdx*1+rdi]
+       ror     r9d,8
+       add     cl,bl
+       lea     r10,QWORD PTR[1+rsi]
+       movzx   edx,BYTE PTR[rcx*1+rdi]
+       movzx   r10d,r10b
+       movzx   eax,BYTE PTR[r10*1+rdi]
+       mov     BYTE PTR[rcx*1+rdi],bl
+       cmp     rcx,r10
+       mov     BYTE PTR[rsi*1+rdi],dl
        jne     $L$cmov7
 
-       mov     r9,r11
+       mov     rax,rbx
 $L$cmov7::
-       add     r13b,r11b
-       xor     bl,BYTE PTR[r13*1+rdi]
-       ror     ebx,8
-       lea     rsi,QWORD PTR[((-8))+rsi]
-       mov     DWORD PTR[rcx],eax
-       lea     rdx,QWORD PTR[8+rdx]
-       mov     DWORD PTR[4+rcx],ebx
-       lea     rcx,QWORD PTR[8+rcx]
-
-       test    rsi,-8
+       add     dl,bl
+       xor     r9b,BYTE PTR[rdx*1+rdi]
+       ror     r9d,8
+       lea     r11,QWORD PTR[((-8))+r11]
+       mov     DWORD PTR[r13],r8d
+       lea     r12,QWORD PTR[8+r12]
+       mov     DWORD PTR[4+r13],r9d
+       lea     r13,QWORD PTR[8+r13]
+
+       test    r11,-8
        jnz     $L$cloop8
-       cmp     rsi,0
+       cmp     r11,0
        jne     $L$cloop1
        jmp     $L$exit
 ALIGN  16
 $L$cloop1::
-       add     r12b,r9b
-       movzx   r13d,BYTE PTR[r12*1+rdi]
-       mov     BYTE PTR[r12*1+rdi],r9b
-       mov     BYTE PTR[r8*1+rdi],r13b
-       add     r13b,r9b
-       add     r8b,1
-       movzx   r13d,r13b
-       movzx   r8d,r8b
-       movzx   r13d,BYTE PTR[r13*1+rdi]
-       movzx   r9d,BYTE PTR[r8*1+rdi]
-       xor     r13b,BYTE PTR[rdx]
-       lea     rdx,QWORD PTR[1+rdx]
-       mov     BYTE PTR[rcx],r13b
-       lea     rcx,QWORD PTR[1+rcx]
-       sub     rsi,1
+       add     cl,al
+       movzx   ecx,cl
+       movzx   edx,BYTE PTR[rcx*1+rdi]
+       mov     BYTE PTR[rcx*1+rdi],al
+       mov     BYTE PTR[r10*1+rdi],dl
+       add     dl,al
+       add     r10b,1
+       movzx   edx,dl
+       movzx   r10d,r10b
+       movzx   edx,BYTE PTR[rdx*1+rdi]
+       movzx   eax,BYTE PTR[r10*1+rdi]
+       xor     dl,BYTE PTR[r12]
+       lea     r12,QWORD PTR[1+r12]
+       mov     BYTE PTR[r13],dl
+       lea     r13,QWORD PTR[1+r13]
+       sub     r11,1
        jnz     $L$cloop1
        jmp     $L$exit
 
 ALIGN  16
 $L$exit::
-       sub     r8b,1
-       mov     DWORD PTR[((-8))+rdi],r8d
-       mov     DWORD PTR[((-4))+rdi],r12d
+       sub     r10b,1
+       mov     DWORD PTR[((-8))+rdi],r10d
+       mov     DWORD PTR[((-4))+rdi],ecx
 
        mov     r13,QWORD PTR[rsp]
        mov     r12,QWORD PTR[8+rsp]
@@ -345,15 +541,14 @@ $L$epilogue::
        DB      0F3h,0C3h               ;repret
 $L$SEH_end_RC4::
 RC4    ENDP
-EXTERN OPENSSL_ia32cap_P:NEAR
-PUBLIC RC4_set_key
+PUBLIC private_RC4_set_key
 
 ALIGN  16
-RC4_set_key    PROC PUBLIC
+private_RC4_set_key    PROC PUBLIC
        mov     QWORD PTR[8+rsp],rdi    ;WIN64 prologue
        mov     QWORD PTR[16+rsp],rsi
        mov     rax,rsp
-$L$SEH_begin_RC4_set_key::
+$L$SEH_begin_private_RC4_set_key::
        mov     rdi,rcx
        mov     rsi,rdx
        mov     rdx,r8
@@ -370,11 +565,8 @@ $L$SEH_begin_RC4_set_key::
 
        mov     r8d,DWORD PTR[OPENSSL_ia32cap_P]
        bt      r8d,20
-       jnc     $L$w1stloop
-       bt      r8d,30
-       setc    r9b
-       mov     DWORD PTR[260+rdi],r9d
-       jmp     $L$c1stloop
+       jc      $L$c1stloop
+       jmp     $L$w1stloop
 
 ALIGN  16
 $L$w1stloop::
@@ -430,8 +622,8 @@ $L$exit_key::
        mov     rdi,QWORD PTR[8+rsp]    ;WIN64 epilogue
        mov     rsi,QWORD PTR[16+rsp]
        DB      0F3h,0C3h               ;repret
-$L$SEH_end_RC4_set_key::
-RC4_set_key    ENDP
+$L$SEH_end_private_RC4_set_key::
+private_RC4_set_key    ENDP
 
 PUBLIC RC4_options
 
@@ -440,18 +632,20 @@ RC4_options       PROC PUBLIC
        lea     rax,QWORD PTR[$L$opts]
        mov     edx,DWORD PTR[OPENSSL_ia32cap_P]
        bt      edx,20
-       jnc     $L$done
-       add     rax,12
+       jc      $L$8xchar
        bt      edx,30
        jnc     $L$done
-       add     rax,13
+       add     rax,25
+       DB      0F3h,0C3h               ;repret
+$L$8xchar::
+       add     rax,12
 $L$done::
        DB      0F3h,0C3h               ;repret
 ALIGN  64
 $L$opts::
 DB     114,99,52,40,56,120,44,105,110,116,41,0
 DB     114,99,52,40,56,120,44,99,104,97,114,41,0
-DB     114,99,52,40,49,120,44,99,104,97,114,41,0
+DB     114,99,52,40,49,54,120,44,105,110,116,41,0
 DB     82,67,52,32,102,111,114,32,120,56,54,95,54,52,44,32
 DB     67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97
 DB     112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103
@@ -568,9 +762,9 @@ ALIGN       4
        DD      imagerel $L$SEH_end_RC4
        DD      imagerel $L$SEH_info_RC4
 
-       DD      imagerel $L$SEH_begin_RC4_set_key
-       DD      imagerel $L$SEH_end_RC4_set_key
-       DD      imagerel $L$SEH_info_RC4_set_key
+       DD      imagerel $L$SEH_begin_private_RC4_set_key
+       DD      imagerel $L$SEH_end_private_RC4_set_key
+       DD      imagerel $L$SEH_info_private_RC4_set_key
 
 .pdata ENDS
 .xdata SEGMENT READONLY ALIGN(8)
@@ -578,7 +772,7 @@ ALIGN       8
 $L$SEH_info_RC4::
 DB     9,0,0,0
        DD      imagerel stream_se_handler
-$L$SEH_info_RC4_set_key::
+$L$SEH_info_private_RC4_set_key::
 DB     9,0,0,0
        DD      imagerel key_se_handler
 

diff --git a/deps/openssl/asm/x64-win32-masm/sha/sha1-x86_64.asm b/deps/openssl/asm/x64-win32-masm/sha/sha1-x86_64.asm
index 9323f2b..9589f7f 100644 (file)
--- a/deps/openssl/asm/x64-win32-masm/sha/sha1-x86_64.asm
+++ b/deps/openssl/asm/x64-win32-masm/sha/sha1-x86_64.asm
@@ -1,5 +1,7 @@
 OPTION DOTNAME
 .text$ SEGMENT ALIGN(64) 'CODE'
+EXTERN OPENSSL_ia32cap_P:NEAR
+
 PUBLIC sha1_block_data_order
 
 ALIGN  16
@@ -13,9 +15,18 @@ $L$SEH_begin_sha1_block_data_order::
        mov     rdx,r8
 
 
+       mov     r9d,DWORD PTR[((OPENSSL_ia32cap_P+0))]
+       mov     r8d,DWORD PTR[((OPENSSL_ia32cap_P+4))]
+       test    r8d,512
+       jz      $L$ialu
+       jmp     _ssse3_shortcut
+
+ALIGN  16
+$L$ialu::
        push    rbx
        push    rbp
        push    r12
+       push    r13
        mov     r11,rsp
        mov     r8,rdi
        sub     rsp,72
@@ -25,1278 +36,2499 @@ $L$SEH_begin_sha1_block_data_order::
        mov     QWORD PTR[64+rsp],r11
 $L$prologue::
 
-       mov     edx,DWORD PTR[r8]
-       mov     esi,DWORD PTR[4+r8]
-       mov     edi,DWORD PTR[8+r8]
-       mov     ebp,DWORD PTR[12+r8]
-       mov     r11d,DWORD PTR[16+r8]
-ALIGN  4
+       mov     esi,DWORD PTR[r8]
+       mov     edi,DWORD PTR[4+r8]
+       mov     r11d,DWORD PTR[8+r8]
+       mov     r12d,DWORD PTR[12+r8]
+       mov     r13d,DWORD PTR[16+r8]
+       jmp     $L$loop
+
+ALIGN  16
 $L$loop::
-       mov     eax,DWORD PTR[r9]
-       bswap   eax
-       mov     DWORD PTR[rsp],eax
-       lea     r12d,DWORD PTR[05a827999h+r11*1+rax]
-       mov     ebx,edi
-       mov     eax,DWORD PTR[4+r9]
-       mov     r11d,edx
-       xor     ebx,ebp
-       bswap   eax
-       rol     r11d,5
-       and     ebx,esi
-       mov     DWORD PTR[4+rsp],eax
-       add     r12d,r11d
-       xor     ebx,ebp
+       mov     edx,DWORD PTR[r9]
+       bswap   edx
+       mov     DWORD PTR[rsp],edx
+       mov     eax,r11d
+       mov     ebp,DWORD PTR[4+r9]
+       mov     ecx,esi
+       xor     eax,r12d
+       bswap   ebp
+       rol     ecx,5
+       lea     r13d,DWORD PTR[1518500249+r13*1+rdx]
+       and     eax,edi
+       mov     DWORD PTR[4+rsp],ebp
+       add     r13d,ecx
+       xor     eax,r12d
+       rol     edi,30
+       add     r13d,eax
+       mov     eax,edi
+       mov     edx,DWORD PTR[8+r9]
+       mov     ecx,r13d
+       xor     eax,r11d
+       bswap   edx
+       rol     ecx,5
+       lea     r12d,DWORD PTR[1518500249+r12*1+rbp]
+       and     eax,esi
+       mov     DWORD PTR[8+rsp],edx
+       add     r12d,ecx
+       xor     eax,r11d
        rol     esi,30
-       add     r12d,ebx
-       lea     r11d,DWORD PTR[05a827999h+rbp*1+rax]
-       mov     ebx,esi
-       mov     eax,DWORD PTR[8+r9]
-       mov     ebp,r12d
-       xor     ebx,edi
-       bswap   eax
-       rol     ebp,5
-       and     ebx,edx
-       mov     DWORD PTR[8+rsp],eax
-       add     r11d,ebp
-       xor     ebx,edi
-       rol     edx,30
-       add     r11d,ebx
-       lea     ebp,DWORD PTR[05a827999h+rdi*1+rax]
-       mov     ebx,edx
-       mov     eax,DWORD PTR[12+r9]
-       mov     edi,r11d
-       xor     ebx,esi
-       bswap   eax
-       rol     edi,5
-       and     ebx,r12d
-       mov     DWORD PTR[12+rsp],eax
-       add     ebp,edi
-       xor     ebx,esi
+       add     r12d,eax
+       mov     eax,esi
+       mov     ebp,DWORD PTR[12+r9]
+       mov     ecx,r12d
+       xor     eax,edi
+       bswap   ebp
+       rol     ecx,5
+       lea     r11d,DWORD PTR[1518500249+r11*1+rdx]
+       and     eax,r13d
+       mov     DWORD PTR[12+rsp],ebp
+       add     r11d,ecx
+       xor     eax,edi
+       rol     r13d,30
+       add     r11d,eax
+       mov     eax,r13d
+       mov     edx,DWORD PTR[16+r9]
+       mov     ecx,r11d
+       xor     eax,esi
+       bswap   edx
+       rol     ecx,5
+       lea     edi,DWORD PTR[1518500249+rdi*1+rbp]
+       and     eax,r12d
+       mov     DWORD PTR[16+rsp],edx
+       add     edi,ecx
+       xor     eax,esi
        rol     r12d,30
-       add     ebp,ebx
-       lea     edi,DWORD PTR[05a827999h+rsi*1+rax]
-       mov     ebx,r12d
-       mov     eax,DWORD PTR[16+r9]
-       mov     esi,ebp
-       xor     ebx,edx
-       bswap   eax
-       rol     esi,5
-       and     ebx,r11d
-       mov     DWORD PTR[16+rsp],eax
-       add     edi,esi
-       xor     ebx,edx
+       add     edi,eax
+       mov     eax,r12d
+       mov     ebp,DWORD PTR[20+r9]
+       mov     ecx,edi
+       xor     eax,r13d
+       bswap   ebp
+       rol     ecx,5
+       lea     esi,DWORD PTR[1518500249+rsi*1+rdx]
+       and     eax,r11d
+       mov     DWORD PTR[20+rsp],ebp
+       add     esi,ecx
+       xor     eax,r13d
        rol     r11d,30
-       add     edi,ebx
-       lea     esi,DWORD PTR[05a827999h+rdx*1+rax]
+       add     esi,eax
+       mov     eax,r11d
+       mov     edx,DWORD PTR[24+r9]
+       mov     ecx,esi
+       xor     eax,r12d
+       bswap   edx
+       rol     ecx,5
+       lea     r13d,DWORD PTR[1518500249+r13*1+rbp]
+       and     eax,edi
+       mov     DWORD PTR[24+rsp],edx
+       add     r13d,ecx
+       xor     eax,r12d
+       rol     edi,30
+       add     r13d,eax
+       mov     eax,edi
+       mov     ebp,DWORD PTR[28+r9]
+       mov     ecx,r13d
+       xor     eax,r11d
+       bswap   ebp
+       rol     ecx,5
+       lea     r12d,DWORD PTR[1518500249+r12*1+rdx]
+       and     eax,esi
+       mov     DWORD PTR[28+rsp],ebp
+       add     r12d,ecx
+       xor     eax,r11d
+       rol     esi,30
+       add     r12d,eax
+       mov     eax,esi
+       mov     edx,DWORD PTR[32+r9]
+       mov     ecx,r12d
+       xor     eax,edi
+       bswap   edx
+       rol     ecx,5
+       lea     r11d,DWORD PTR[1518500249+r11*1+rbp]
+       and     eax,r13d
+       mov     DWORD PTR[32+rsp],edx
+       add     r11d,ecx
+       xor     eax,edi
+       rol     r13d,30
+       add     r11d,eax
+       mov     eax,r13d
+       mov     ebp,DWORD PTR[36+r9]
+       mov     ecx,r11d
+       xor     eax,esi
+       bswap   ebp
+       rol     ecx,5
+       lea     edi,DWORD PTR[1518500249+rdi*1+rdx]
+       and     eax,r12d
+       mov     DWORD PTR[36+rsp],ebp
+       add     edi,ecx
+       xor     eax,esi
+       rol     r12d,30
+       add     edi,eax
+       mov     eax,r12d
+       mov     edx,DWORD PTR[40+r9]
+       mov     ecx,edi
+       xor     eax,r13d
+       bswap   edx
+       rol     ecx,5
+       lea     esi,DWORD PTR[1518500249+rsi*1+rbp]
+       and     eax,r11d
+       mov     DWORD PTR[40+rsp],edx
+       add     esi,ecx
+       xor     eax,r13d
+       rol     r11d,30
+       add     esi,eax
+       mov     eax,r11d
+       mov     ebp,DWORD PTR[44+r9]
+       mov     ecx,esi
+       xor     eax,r12d
+       bswap   ebp
+       rol     ecx,5
+       lea     r13d,DWORD PTR[1518500249+r13*1+rdx]
+       and     eax,edi
+       mov     DWORD PTR[44+rsp],ebp
+       add     r13d,ecx
+       xor     eax,r12d
+       rol     edi,30
+       add     r13d,eax
+       mov     eax,edi
+       mov     edx,DWORD PTR[48+r9]
+       mov     ecx,r13d
+       xor     eax,r11d
+       bswap   edx
+       rol     ecx,5
+       lea     r12d,DWORD PTR[1518500249+r12*1+rbp]
+       and     eax,esi
+       mov     DWORD PTR[48+rsp],edx
+       add     r12d,ecx
+       xor     eax,r11d
+       rol     esi,30
+       add     r12d,eax
+       mov     eax,esi
+       mov     ebp,DWORD PTR[52+r9]
+       mov     ecx,r12d
+       xor     eax,edi
+       bswap   ebp
+       rol     ecx,5
+       lea     r11d,DWORD PTR[1518500249+r11*1+rdx]
+       and     eax,r13d
+       mov     DWORD PTR[52+rsp],ebp
+       add     r11d,ecx
+       xor     eax,edi
+       rol     r13d,30
+       add     r11d,eax
+       mov     eax,r13d
+       mov     edx,DWORD PTR[56+r9]
+       mov     ecx,r11d
+       xor     eax,esi
+       bswap   edx
+       rol     ecx,5
+       lea     edi,DWORD PTR[1518500249+rdi*1+rbp]
+       and     eax,r12d
+       mov     DWORD PTR[56+rsp],edx
+       add     edi,ecx
+       xor     eax,esi
+       rol     r12d,30
+       add     edi,eax
+       mov     eax,r12d
+       mov     ebp,DWORD PTR[60+r9]
+       mov     ecx,edi
+       xor     eax,r13d
+       bswap   ebp
+       rol     ecx,5
+       lea     esi,DWORD PTR[1518500249+rsi*1+rdx]
+       and     eax,r11d
+       mov     DWORD PTR[60+rsp],ebp
+       add     esi,ecx
+       xor     eax,r13d
+       rol     r11d,30
+       add     esi,eax
+       mov     edx,DWORD PTR[rsp]
+       mov     eax,r11d
+       mov     ecx,esi
+       xor     edx,DWORD PTR[8+rsp]
+       xor     eax,r12d
+       rol     ecx,5
+       xor     edx,DWORD PTR[32+rsp]
+       and     eax,edi
+       lea     r13d,DWORD PTR[1518500249+r13*1+rbp]
+       xor     edx,DWORD PTR[52+rsp]
+       xor     eax,r12d
+       rol     edx,1
+       add     r13d,ecx
+       rol     edi,30
+       mov     DWORD PTR[rsp],edx
+       add     r13d,eax
+       mov     ebp,DWORD PTR[4+rsp]
+       mov     eax,edi
+       mov     ecx,r13d
+       xor     ebp,DWORD PTR[12+rsp]
+       xor     eax,r11d
+       rol     ecx,5
+       xor     ebp,DWORD PTR[36+rsp]
+       and     eax,esi
+       lea     r12d,DWORD PTR[1518500249+r12*1+rdx]
+       xor     ebp,DWORD PTR[56+rsp]
+       xor     eax,r11d
+       rol     ebp,1
+       add     r12d,ecx
+       rol     esi,30
+       mov     DWORD PTR[4+rsp],ebp
+       add     r12d,eax
+       mov     edx,DWORD PTR[8+rsp]
+       mov     eax,esi
+       mov     ecx,r12d
+       xor     edx,DWORD PTR[16+rsp]
+       xor     eax,edi
+       rol     ecx,5
+       xor     edx,DWORD PTR[40+rsp]
+       and     eax,r13d
+       lea     r11d,DWORD PTR[1518500249+r11*1+rbp]
+       xor     edx,DWORD PTR[60+rsp]
+       xor     eax,edi
+       rol     edx,1
+       add     r11d,ecx
+       rol     r13d,30
+       mov     DWORD PTR[8+rsp],edx
+       add     r11d,eax
+       mov     ebp,DWORD PTR[12+rsp]
+       mov     eax,r13d
+       mov     ecx,r11d
+       xor     ebp,DWORD PTR[20+rsp]
+       xor     eax,esi
+       rol     ecx,5
+       xor     ebp,DWORD PTR[44+rsp]
+       and     eax,r12d
+       lea     edi,DWORD PTR[1518500249+rdi*1+rdx]
+       xor     ebp,DWORD PTR[rsp]
+       xor     eax,esi
+       rol     ebp,1
+       add     edi,ecx
+       rol     r12d,30
+       mov     DWORD PTR[12+rsp],ebp
+       add     edi,eax
+       mov     edx,DWORD PTR[16+rsp]
+       mov     eax,r12d
+       mov     ecx,edi
+       xor     edx,DWORD PTR[24+rsp]
+       xor     eax,r13d
+       rol     ecx,5
+       xor     edx,DWORD PTR[48+rsp]
+       and     eax,r11d
+       lea     esi,DWORD PTR[1518500249+rsi*1+rbp]
+       xor     edx,DWORD PTR[4+rsp]
+       xor     eax,r13d
+       rol     edx,1
+       add     esi,ecx
+       rol     r11d,30
+       mov     DWORD PTR[16+rsp],edx
+       add     esi,eax
+       mov     ebp,DWORD PTR[20+rsp]
+       mov     eax,r11d
+       mov     ecx,esi
+       xor     ebp,DWORD PTR[28+rsp]
+       xor     eax,edi
+       rol     ecx,5
+       lea     r13d,DWORD PTR[1859775393+r13*1+rdx]
+       xor     ebp,DWORD PTR[52+rsp]
+       xor     eax,r12d
+       add     r13d,ecx
+       xor     ebp,DWORD PTR[8+rsp]
+       rol     edi,30
+       add     r13d,eax
+       rol     ebp,1
+       mov     DWORD PTR[20+rsp],ebp
+       mov     edx,DWORD PTR[24+rsp]
+       mov     eax,edi
+       mov     ecx,r13d
+       xor     edx,DWORD PTR[32+rsp]
+       xor     eax,esi
+       rol     ecx,5
+       lea     r12d,DWORD PTR[1859775393+r12*1+rbp]
+       xor     edx,DWORD PTR[56+rsp]
+       xor     eax,r11d
+       add     r12d,ecx
+       xor     edx,DWORD PTR[12+rsp]
+       rol     esi,30
+       add     r12d,eax
+       rol     edx,1
+       mov     DWORD PTR[24+rsp],edx
+       mov     ebp,DWORD PTR[28+rsp]
+       mov     eax,esi
+       mov     ecx,r12d
+       xor     ebp,DWORD PTR[36+rsp]
+       xor     eax,r13d
+       rol     ecx,5
+       lea     r11d,DWORD PTR[1859775393+r11*1+rdx]
+       xor     ebp,DWORD PTR[60+rsp]
+       xor     eax,edi
+       add     r11d,ecx
+       xor     ebp,DWORD PTR[16+rsp]
+       rol     r13d,30
+       add     r11d,eax
+       rol     ebp,1
+       mov     DWORD PTR[28+rsp],ebp
+       mov     edx,DWORD PTR[32+rsp]
+       mov     eax,r13d
+       mov     ecx,r11d
+       xor     edx,DWORD PTR[40+rsp]
+       xor     eax,r12d
+       rol     ecx,5
+       lea     edi,DWORD PTR[1859775393+rdi*1+rbp]
+       xor     edx,DWORD PTR[rsp]
+       xor     eax,esi
+       add     edi,ecx
+       xor     edx,DWORD PTR[20+rsp]
+       rol     r12d,30
+       add     edi,eax
+       rol     edx,1
+       mov     DWORD PTR[32+rsp],edx
+       mov     ebp,DWORD PTR[36+rsp]
+       mov     eax,r12d
+       mov     ecx,edi
+       xor     ebp,DWORD PTR[44+rsp]
+       xor     eax,r11d
+       rol     ecx,5
+       lea     esi,DWORD PTR[1859775393+rsi*1+rdx]
+       xor     ebp,DWORD PTR[4+rsp]
+       xor     eax,r13d
+       add     esi,ecx
+       xor     ebp,DWORD PTR[24+rsp]
+       rol     r11d,30
+       add     esi,eax
+       rol     ebp,1
+       mov     DWORD PTR[36+rsp],ebp
+       mov     edx,DWORD PTR[40+rsp]
+       mov     eax,r11d
+       mov     ecx,esi
+       xor     edx,DWORD PTR[48+rsp]
+       xor     eax,edi
+       rol     ecx,5
+       lea     r13d,DWORD PTR[1859775393+r13*1+rbp]
+       xor     edx,DWORD PTR[8+rsp]
+       xor     eax,r12d
+       add     r13d,ecx
+       xor     edx,DWORD PTR[28+rsp]
+       rol     edi,30
+       add     r13d,eax
+       rol     edx,1
+       mov     DWORD PTR[40+rsp],edx
+       mov     ebp,DWORD PTR[44+rsp]
+       mov     eax,edi
+       mov     ecx,r13d
+       xor     ebp,DWORD PTR[52+rsp]
+       xor     eax,esi
+       rol     ecx,5
+       lea     r12d,DWORD PTR[1859775393+r12*1+rdx]
+       xor     ebp,DWORD PTR[12+rsp]
+       xor     eax,r11d
+       add     r12d,ecx
+       xor     ebp,DWORD PTR[32+rsp]
+       rol     esi,30
+       add     r12d,eax
+       rol     ebp,1
+       mov     DWORD PTR[44+rsp],ebp
+       mov     edx,DWORD PTR[48+rsp]
+       mov     eax,esi
+       mov     ecx,r12d
+       xor     edx,DWORD PTR[56+rsp]
+       xor     eax,r13d
+       rol     ecx,5
+       lea     r11d,DWORD PTR[1859775393+r11*1+rbp]
+       xor     edx,DWORD PTR[16+rsp]
+       xor     eax,edi
+       add     r11d,ecx
+       xor     edx,DWORD PTR[36+rsp]
+       rol     r13d,30
+       add     r11d,eax
+       rol     edx,1
+       mov     DWORD PTR[48+rsp],edx
+       mov     ebp,DWORD PTR[52+rsp]
+       mov     eax,r13d
+       mov     ecx,r11d
+       xor     ebp,DWORD PTR[60+rsp]
+       xor     eax,r12d
+       rol     ecx,5
+       lea     edi,DWORD PTR[1859775393+rdi*1+rdx]
+       xor     ebp,DWORD PTR[20+rsp]
+       xor     eax,esi
+       add     edi,ecx
+       xor     ebp,DWORD PTR[40+rsp]
+       rol     r12d,30
+       add     edi,eax
+       rol     ebp,1
+       mov     DWORD PTR[52+rsp],ebp
+       mov     edx,DWORD PTR[56+rsp]
+       mov     eax,r12d
+       mov     ecx,edi
+       xor     edx,DWORD PTR[rsp]
+       xor     eax,r11d
+       rol     ecx,5
+       lea     esi,DWORD PTR[1859775393+rsi*1+rbp]
+       xor     edx,DWORD PTR[24+rsp]
+       xor     eax,r13d
+       add     esi,ecx
+       xor     edx,DWORD PTR[44+rsp]
+       rol     r11d,30
+       add     esi,eax
+       rol     edx,1
+       mov     DWORD PTR[56+rsp],edx
+       mov     ebp,DWORD PTR[60+rsp]
+       mov     eax,r11d
+       mov     ecx,esi
+       xor     ebp,DWORD PTR[4+rsp]
+       xor     eax,edi
+       rol     ecx,5
+       lea     r13d,DWORD PTR[1859775393+r13*1+rdx]
+       xor     ebp,DWORD PTR[28+rsp]
+       xor     eax,r12d
+       add     r13d,ecx
+       xor     ebp,DWORD PTR[48+rsp]
+       rol     edi,30
+       add     r13d,eax
+       rol     ebp,1
+       mov     DWORD PTR[60+rsp],ebp
+       mov     edx,DWORD PTR[rsp]
+       mov     eax,edi
+       mov     ecx,r13d
+       xor     edx,DWORD PTR[8+rsp]
+       xor     eax,esi
+       rol     ecx,5
+       lea     r12d,DWORD PTR[1859775393+r12*1+rbp]
+       xor     edx,DWORD PTR[32+rsp]
+       xor     eax,r11d
+       add     r12d,ecx
+       xor     edx,DWORD PTR[52+rsp]
+       rol     esi,30
+       add     r12d,eax
+       rol     edx,1
+       mov     DWORD PTR[rsp],edx
+       mov     ebp,DWORD PTR[4+rsp]
+       mov     eax,esi
+       mov     ecx,r12d
+       xor     ebp,DWORD PTR[12+rsp]
+       xor     eax,r13d
+       rol     ecx,5
+       lea     r11d,DWORD PTR[1859775393+r11*1+rdx]
+       xor     ebp,DWORD PTR[36+rsp]
+       xor     eax,edi
+       add     r11d,ecx
+       xor     ebp,DWORD PTR[56+rsp]
+       rol     r13d,30
+       add     r11d,eax
+       rol     ebp,1
+       mov     DWORD PTR[4+rsp],ebp
+       mov     edx,DWORD PTR[8+rsp]
+       mov     eax,r13d
+       mov     ecx,r11d
+       xor     edx,DWORD PTR[16+rsp]
+       xor     eax,r12d
+       rol     ecx,5
+       lea     edi,DWORD PTR[1859775393+rdi*1+rbp]
+       xor     edx,DWORD PTR[40+rsp]
+       xor     eax,esi
+       add     edi,ecx
+       xor     edx,DWORD PTR[60+rsp]
+       rol     r12d,30
+       add     edi,eax
+       rol     edx,1
+       mov     DWORD PTR[8+rsp],edx
+       mov     ebp,DWORD PTR[12+rsp]
+       mov     eax,r12d
+       mov     ecx,edi
+       xor     ebp,DWORD PTR[20+rsp]
+       xor     eax,r11d
+       rol     ecx,5
+       lea     esi,DWORD PTR[1859775393+rsi*1+rdx]
+       xor     ebp,DWORD PTR[44+rsp]
+       xor     eax,r13d
+       add     esi,ecx
+       xor     ebp,DWORD PTR[rsp]
+       rol     r11d,30
+       add     esi,eax
+       rol     ebp,1
+       mov     DWORD PTR[12+rsp],ebp
+       mov     edx,DWORD PTR[16+rsp]
+       mov     eax,r11d
+       mov     ecx,esi
+       xor     edx,DWORD PTR[24+rsp]
+       xor     eax,edi
+       rol     ecx,5
+       lea     r13d,DWORD PTR[1859775393+r13*1+rbp]
+       xor     edx,DWORD PTR[48+rsp]
+       xor     eax,r12d
+       add     r13d,ecx
+       xor     edx,DWORD PTR[4+rsp]
+       rol     edi,30
+       add     r13d,eax
+       rol     edx,1
+       mov     DWORD PTR[16+rsp],edx
+       mov     ebp,DWORD PTR[20+rsp]
+       mov     eax,edi
+       mov     ecx,r13d
+       xor     ebp,DWORD PTR[28+rsp]
+       xor     eax,esi
+       rol     ecx,5
+       lea     r12d,DWORD PTR[1859775393+r12*1+rdx]
+       xor     ebp,DWORD PTR[52+rsp]
+       xor     eax,r11d
+       add     r12d,ecx
+       xor     ebp,DWORD PTR[8+rsp]
+       rol     esi,30
+       add     r12d,eax
+       rol     ebp,1
+       mov     DWORD PTR[20+rsp],ebp
+       mov     edx,DWORD PTR[24+rsp]
+       mov     eax,esi
+       mov     ecx,r12d
+       xor     edx,DWORD PTR[32+rsp]
+       xor     eax,r13d
+       rol     ecx,5
+       lea     r11d,DWORD PTR[1859775393+r11*1+rbp]
+       xor     edx,DWORD PTR[56+rsp]
+       xor     eax,edi
+       add     r11d,ecx
+       xor     edx,DWORD PTR[12+rsp]
+       rol     r13d,30
+       add     r11d,eax
+       rol     edx,1
+       mov     DWORD PTR[24+rsp],edx
+       mov     ebp,DWORD PTR[28+rsp]
+       mov     eax,r13d
+       mov     ecx,r11d
+       xor     ebp,DWORD PTR[36+rsp]
+       xor     eax,r12d
+       rol     ecx,5
+       lea     edi,DWORD PTR[1859775393+rdi*1+rdx]
+       xor     ebp,DWORD PTR[60+rsp]
+       xor     eax,esi
+       add     edi,ecx
+       xor     ebp,DWORD PTR[16+rsp]
+       rol     r12d,30
+       add     edi,eax
+       rol     ebp,1
+       mov     DWORD PTR[28+rsp],ebp
+       mov     edx,DWORD PTR[32+rsp]
+       mov     eax,r12d
+       mov     ecx,edi
+       xor     edx,DWORD PTR[40+rsp]
+       xor     eax,r11d
+       rol     ecx,5
+       lea     esi,DWORD PTR[1859775393+rsi*1+rbp]
+       xor     edx,DWORD PTR[rsp]
+       xor     eax,r13d
+       add     esi,ecx
+       xor     edx,DWORD PTR[20+rsp]
+       rol     r11d,30
+       add     esi,eax
+       rol     edx,1
+       mov     DWORD PTR[32+rsp],edx
+       mov     ebp,DWORD PTR[36+rsp]
+       mov     eax,r11d
        mov     ebx,r11d
-       mov     eax,DWORD PTR[20+r9]
-       mov     edx,edi
-       xor     ebx,r12d
-       bswap   eax
-       rol     edx,5
-       and     ebx,ebp
-       mov     DWORD PTR[20+rsp],eax
-       add     esi,edx
+       xor     ebp,DWORD PTR[44+rsp]
+       and     eax,r12d
+       mov     ecx,esi
+       xor     ebp,DWORD PTR[4+rsp]
        xor     ebx,r12d
-       rol     ebp,30
-       add     esi,ebx
-       lea     edx,DWORD PTR[05a827999h+r12*1+rax]
-       mov     ebx,ebp
-       mov     eax,DWORD PTR[24+r9]
-       mov     r12d,esi
-       xor     ebx,r11d
-       bswap   eax
-       rol     r12d,5
+       lea     r13d,DWORD PTR[((-1894007588))+r13*1+rdx]
+       rol     ecx,5
+       xor     ebp,DWORD PTR[24+rsp]
+       add     r13d,eax
        and     ebx,edi
-       mov     DWORD PTR[24+rsp],eax
-       add     edx,r12d
-       xor     ebx,r11d
+       rol     ebp,1
+       add     r13d,ebx
        rol     edi,30
-       add     edx,ebx
-       lea     r12d,DWORD PTR[05a827999h+r11*1+rax]
+       mov     DWORD PTR[36+rsp],ebp
+       add     r13d,ecx
+       mov     edx,DWORD PTR[40+rsp]
+       mov     eax,edi
        mov     ebx,edi
-       mov     eax,DWORD PTR[28+r9]
-       mov     r11d,edx
-       xor     ebx,ebp
-       bswap   eax
-       rol     r11d,5
+       xor     edx,DWORD PTR[48+rsp]
+       and     eax,r11d
+       mov     ecx,r13d
+       xor     edx,DWORD PTR[8+rsp]
+       xor     ebx,r11d
+       lea     r12d,DWORD PTR[((-1894007588))+r12*1+rbp]
+       rol     ecx,5
+       xor     edx,DWORD PTR[28+rsp]
+       add     r12d,eax
        and     ebx,esi
-       mov     DWORD PTR[28+rsp],eax
-       add     r12d,r11d
-       xor     ebx,ebp
-       rol     esi,30
+       rol     edx,1
        add     r12d,ebx
-       lea     r11d,DWORD PTR[05a827999h+rbp*1+rax]
+       rol     esi,30
+       mov     DWORD PTR[40+rsp],edx
+       add     r12d,ecx
+       mov     ebp,DWORD PTR[44+rsp]
+       mov     eax,esi
        mov     ebx,esi
-       mov     eax,DWORD PTR[32+r9]
-       mov     ebp,r12d
-       xor     ebx,edi
-       bswap   eax
-       rol     ebp,5
-       and     ebx,edx
-       mov     DWORD PTR[32+rsp],eax
-       add     r11d,ebp
+       xor     ebp,DWORD PTR[52+rsp]
+       and     eax,edi
+       mov     ecx,r12d
+       xor     ebp,DWORD PTR[12+rsp]
        xor     ebx,edi
-       rol     edx,30
+       lea     r11d,DWORD PTR[((-1894007588))+r11*1+rdx]
+       rol     ecx,5
+       xor     ebp,DWORD PTR[32+rsp]
+       add     r11d,eax
+       and     ebx,r13d
+       rol     ebp,1
        add     r11d,ebx
-       lea     ebp,DWORD PTR[05a827999h+rdi*1+rax]
-       mov     ebx,edx
-       mov     eax,DWORD PTR[36+r9]
-       mov     edi,r11d
+       rol     r13d,30
+       mov     DWORD PTR[44+rsp],ebp
+       add     r11d,ecx
+       mov     edx,DWORD PTR[48+rsp]
+       mov     eax,r13d
+       mov     ebx,r13d
+       xor     edx,DWORD PTR[56+rsp]
+       and     eax,esi
+       mov     ecx,r11d
+       xor     edx,DWORD PTR[16+rsp]
        xor     ebx,esi
-       bswap   eax
-       rol     edi,5
+       lea     edi,DWORD PTR[((-1894007588))+rdi*1+rbp]
+       rol     ecx,5
+       xor     edx,DWORD PTR[36+rsp]
+       add     edi,eax
        and     ebx,r12d
-       mov     DWORD PTR[36+rsp],eax
-       add     ebp,edi
-       xor     ebx,esi
+       rol     edx,1
+       add     edi,ebx
        rol     r12d,30
-       add     ebp,ebx
-       lea     edi,DWORD PTR[05a827999h+rsi*1+rax]
+       mov     DWORD PTR[48+rsp],edx
+       add     edi,ecx
+       mov     ebp,DWORD PTR[52+rsp]
+       mov     eax,r12d
        mov     ebx,r12d
-       mov     eax,DWORD PTR[40+r9]
-       mov     esi,ebp
-       xor     ebx,edx
-       bswap   eax
-       rol     esi,5
+       xor     ebp,DWORD PTR[60+rsp]
+       and     eax,r13d
+       mov     ecx,edi
+       xor     ebp,DWORD PTR[20+rsp]
+       xor     ebx,r13d
+       lea     esi,DWORD PTR[((-1894007588))+rsi*1+rdx]
+       rol     ecx,5
+       xor     ebp,DWORD PTR[40+rsp]
+       add     esi,eax
        and     ebx,r11d
-       mov     DWORD PTR[40+rsp],eax
-       add     edi,esi
-       xor     ebx,edx
+       rol     ebp,1
+       add     esi,ebx
        rol     r11d,30
-       add     edi,ebx
-       lea     esi,DWORD PTR[05a827999h+rdx*1+rax]
+       mov     DWORD PTR[52+rsp],ebp
+       add     esi,ecx
+       mov     edx,DWORD PTR[56+rsp]
+       mov     eax,r11d
        mov     ebx,r11d
-       mov     eax,DWORD PTR[44+r9]
-       mov     edx,edi
-       xor     ebx,r12d
-       bswap   eax
-       rol     edx,5
-       and     ebx,ebp
-       mov     DWORD PTR[44+rsp],eax
-       add     esi,edx
+       xor     edx,DWORD PTR[rsp]
+       and     eax,r12d
+       mov     ecx,esi
+       xor     edx,DWORD PTR[24+rsp]
        xor     ebx,r12d
-       rol     ebp,30
-       add     esi,ebx
-       lea     edx,DWORD PTR[05a827999h+r12*1+rax]
-       mov     ebx,ebp
-       mov     eax,DWORD PTR[48+r9]
-       mov     r12d,esi
-       xor     ebx,r11d
-       bswap   eax
-       rol     r12d,5
+       lea     r13d,DWORD PTR[((-1894007588))+r13*1+rbp]
+       rol     ecx,5
+       xor     edx,DWORD PTR[44+rsp]
+       add     r13d,eax
        and     ebx,edi
-       mov     DWORD PTR[48+rsp],eax
-       add     edx,r12d
-       xor     ebx,r11d
+       rol     edx,1
+       add     r13d,ebx
        rol     edi,30
-       add     edx,ebx
-       lea     r12d,DWORD PTR[05a827999h+r11*1+rax]
+       mov     DWORD PTR[56+rsp],edx
+       add     r13d,ecx
+       mov     ebp,DWORD PTR[60+rsp]
+       mov     eax,edi
        mov     ebx,edi
-       mov     eax,DWORD PTR[52+r9]
-       mov     r11d,edx
-       xor     ebx,ebp
-       bswap   eax
-       rol     r11d,5
+       xor     ebp,DWORD PTR[4+rsp]
+       and     eax,r11d
+       mov     ecx,r13d
+       xor     ebp,DWORD PTR[28+rsp]
+       xor     ebx,r11d
+       lea     r12d,DWORD PTR[((-1894007588))+r12*1+rdx]
+       rol     ecx,5
+       xor     ebp,DWORD PTR[48+rsp]
+       add     r12d,eax
        and     ebx,esi
-       mov     DWORD PTR[52+rsp],eax
-       add     r12d,r11d
-       xor     ebx,ebp
-       rol     esi,30
+       rol     ebp,1
        add     r12d,ebx
-       lea     r11d,DWORD PTR[05a827999h+rbp*1+rax]
+       rol     esi,30
+       mov     DWORD PTR[60+rsp],ebp
+       add     r12d,ecx
+       mov     edx,DWORD PTR[rsp]
+       mov     eax,esi
        mov     ebx,esi
-       mov     eax,DWORD PTR[56+r9]
-       mov     ebp,r12d
-       xor     ebx,edi
-       bswap   eax
-       rol     ebp,5
-       and     ebx,edx
-       mov     DWORD PTR[56+rsp],eax
-       add     r11d,ebp
+       xor     edx,DWORD PTR[8+rsp]
+       and     eax,edi
+       mov     ecx,r12d
+       xor     edx,DWORD PTR[32+rsp]
        xor     ebx,edi
-       rol     edx,30
+       lea     r11d,DWORD PTR[((-1894007588))+r11*1+rbp]
+       rol     ecx,5
+       xor     edx,DWORD PTR[52+rsp]
+       add     r11d,eax
+       and     ebx,r13d
+       rol     edx,1
        add     r11d,ebx
-       lea     ebp,DWORD PTR[05a827999h+rdi*1+rax]
-       mov     ebx,edx
-       mov     eax,DWORD PTR[60+r9]
-       mov     edi,r11d
+       rol     r13d,30
+       mov     DWORD PTR[rsp],edx
+       add     r11d,ecx
+       mov     ebp,DWORD PTR[4+rsp]
+       mov     eax,r13d
+       mov     ebx,r13d
+       xor     ebp,DWORD PTR[12+rsp]
+       and     eax,esi
+       mov     ecx,r11d
+       xor     ebp,DWORD PTR[36+rsp]
        xor     ebx,esi
-       bswap   eax
-       rol     edi,5
+       lea     edi,DWORD PTR[((-1894007588))+rdi*1+rdx]
+       rol     ecx,5
+       xor     ebp,DWORD PTR[56+rsp]
+       add     edi,eax
        and     ebx,r12d
-       mov     DWORD PTR[60+rsp],eax
-       add     ebp,edi
-       xor     ebx,esi
+       rol     ebp,1
+       add     edi,ebx
        rol     r12d,30
-       add     ebp,ebx
-       lea     edi,DWORD PTR[05a827999h+rsi*1+rax]
-       mov     eax,DWORD PTR[rsp]
+       mov     DWORD PTR[4+rsp],ebp
+       add     edi,ecx
+       mov     edx,DWORD PTR[8+rsp]
+       mov     eax,r12d
        mov     ebx,r12d
-       mov     esi,ebp
-       xor     eax,DWORD PTR[8+rsp]
-       xor     ebx,edx
-       rol     esi,5
-       xor     eax,DWORD PTR[32+rsp]
+       xor     edx,DWORD PTR[16+rsp]
+       and     eax,r13d
+       mov     ecx,edi
+       xor     edx,DWORD PTR[40+rsp]
+       xor     ebx,r13d
+       lea     esi,DWORD PTR[((-1894007588))+rsi*1+rbp]
+       rol     ecx,5
+       xor     edx,DWORD PTR[60+rsp]
+       add     esi,eax
        and     ebx,r11d
-       add     edi,esi
-       xor     eax,DWORD PTR[52+rsp]
-       xor     ebx,edx
+       rol     edx,1
+       add     esi,ebx
        rol     r11d,30
-       add     edi,ebx
-       rol     eax,1
-       mov     DWORD PTR[rsp],eax
-       lea     esi,DWORD PTR[05a827999h+rdx*1+rax]
-       mov     eax,DWORD PTR[4+rsp]
+       mov     DWORD PTR[8+rsp],edx
+       add     esi,ecx
+       mov     ebp,DWORD PTR[12+rsp]
+       mov     eax,r11d
        mov     ebx,r11d
-       mov     edx,edi
-       xor     eax,DWORD PTR[12+rsp]
-       xor     ebx,r12d
-       rol     edx,5
-       xor     eax,DWORD PTR[36+rsp]
-       and     ebx,ebp
-       add     esi,edx
-       xor     eax,DWORD PTR[56+rsp]
+       xor     ebp,DWORD PTR[20+rsp]
+       and     eax,r12d
+       mov     ecx,esi
+       xor     ebp,DWORD PTR[44+rsp]
        xor     ebx,r12d
-       rol     ebp,30
-       add     esi,ebx
-       rol     eax,1
-       mov     DWORD PTR[4+rsp],eax
-       lea     edx,DWORD PTR[05a827999h+r12*1+rax]
-       mov     eax,DWORD PTR[8+rsp]
-       mov     ebx,ebp
-       mov     r12d,esi
-       xor     eax,DWORD PTR[16+rsp]
-       xor     ebx,r11d
-       rol     r12d,5
-       xor     eax,DWORD PTR[40+rsp]
+       lea     r13d,DWORD PTR[((-1894007588))+r13*1+rdx]
+       rol     ecx,5
+       xor     ebp,DWORD PTR[rsp]
+       add     r13d,eax
        and     ebx,edi
-       add     edx,r12d
-       xor     eax,DWORD PTR[60+rsp]
-       xor     ebx,r11d
+       rol     ebp,1
+       add     r13d,ebx
        rol     edi,30
-       add     edx,ebx
-       rol     eax,1
-       mov     DWORD PTR[8+rsp],eax
-       lea     r12d,DWORD PTR[05a827999h+r11*1+rax]
-       mov     eax,DWORD PTR[12+rsp]
+       mov     DWORD PTR[12+rsp],ebp
+       add     r13d,ecx
+       mov     edx,DWORD PTR[16+rsp]
+       mov     eax,edi
        mov     ebx,edi
-       mov     r11d,edx
-       xor     eax,DWORD PTR[20+rsp]
-       xor     ebx,ebp
-       rol     r11d,5
-       xor     eax,DWORD PTR[44+rsp]
+       xor     edx,DWORD PTR[24+rsp]
+       and     eax,r11d
+       mov     ecx,r13d
+       xor     edx,DWORD PTR[48+rsp]
+       xor     ebx,r11d
+       lea     r12d,DWORD PTR[((-1894007588))+r12*1+rbp]
+       rol     ecx,5
+       xor     edx,DWORD PTR[4+rsp]
+       add     r12d,eax
        and     ebx,esi
-       add     r12d,r11d
-       xor     eax,DWORD PTR[rsp]
-       xor     ebx,ebp
-       rol     esi,30
+       rol     edx,1
        add     r12d,ebx
-       rol     eax,1
-       mov     DWORD PTR[12+rsp],eax
-       lea     r11d,DWORD PTR[05a827999h+rbp*1+rax]
-       mov     eax,DWORD PTR[16+rsp]
+       rol     esi,30
+       mov     DWORD PTR[16+rsp],edx
+       add     r12d,ecx
+       mov     ebp,DWORD PTR[20+rsp]
+       mov     eax,esi
        mov     ebx,esi
-       mov     ebp,r12d
-       xor     eax,DWORD PTR[24+rsp]
-       xor     ebx,edi
-       rol     ebp,5
-       xor     eax,DWORD PTR[48+rsp]
-       and     ebx,edx
-       add     r11d,ebp
-       xor     eax,DWORD PTR[4+rsp]
+       xor     ebp,DWORD PTR[28+rsp]
+       and     eax,edi
+       mov     ecx,r12d
+       xor     ebp,DWORD PTR[52+rsp]
        xor     ebx,edi
-       rol     edx,30
+       lea     r11d,DWORD PTR[((-1894007588))+r11*1+rdx]
+       rol     ecx,5
+       xor     ebp,DWORD PTR[8+rsp]
+       add     r11d,eax
+       and     ebx,r13d
+       rol     ebp,1
        add     r11d,ebx
-       rol     eax,1
-       mov     DWORD PTR[16+rsp],eax
-       lea     ebp,DWORD PTR[1859775393+rdi*1+rax]
-       mov     eax,DWORD PTR[20+rsp]
-       mov     ebx,edx
-       mov     edi,r11d
-       xor     eax,DWORD PTR[28+rsp]
-       xor     ebx,r12d
-       rol     edi,5
-       xor     eax,DWORD PTR[52+rsp]
+       rol     r13d,30
+       mov     DWORD PTR[20+rsp],ebp
+       add     r11d,ecx
+       mov     edx,DWORD PTR[24+rsp]
+       mov     eax,r13d
+       mov     ebx,r13d
+       xor     edx,DWORD PTR[32+rsp]
+       and     eax,esi
+       mov     ecx,r11d
+       xor     edx,DWORD PTR[56+rsp]
        xor     ebx,esi
-       add     ebp,edi
-       xor     eax,DWORD PTR[8+rsp]
+       lea     edi,DWORD PTR[((-1894007588))+rdi*1+rbp]
+       rol     ecx,5
+       xor     edx,DWORD PTR[12+rsp]
+       add     edi,eax
+       and     ebx,r12d
+       rol     edx,1
+       add     edi,ebx
        rol     r12d,30
-       add     ebp,ebx
-       rol     eax,1
-       mov     DWORD PTR[20+rsp],eax
-       lea     edi,DWORD PTR[1859775393+rsi*1+rax]
-       mov     eax,DWORD PTR[24+rsp]
+       mov     DWORD PTR[24+rsp],edx
+       add     edi,ecx
+       mov     ebp,DWORD PTR[28+rsp]
+       mov     eax,r12d
        mov     ebx,r12d
-       mov     esi,ebp
-       xor     eax,DWORD PTR[32+rsp]
-       xor     ebx,r11d
-       rol     esi,5
-       xor     eax,DWORD PTR[56+rsp]
-       xor     ebx,edx
-       add     edi,esi
-       xor     eax,DWORD PTR[12+rsp]
+       xor     ebp,DWORD PTR[36+rsp]
+       and     eax,r13d
+       mov     ecx,edi
+       xor     ebp,DWORD PTR[60+rsp]
+       xor     ebx,r13d
+       lea     esi,DWORD PTR[((-1894007588))+rsi*1+rdx]
+       rol     ecx,5
+       xor     ebp,DWORD PTR[16+rsp]
+       add     esi,eax
+       and     ebx,r11d
+       rol     ebp,1
+       add     esi,ebx
        rol     r11d,30
-       add     edi,ebx
-       rol     eax,1
-       mov     DWORD PTR[24+rsp],eax
-       lea     esi,DWORD PTR[1859775393+rdx*1+rax]
-       mov     eax,DWORD PTR[28+rsp]
+       mov     DWORD PTR[28+rsp],ebp
+       add     esi,ecx
+       mov     edx,DWORD PTR[32+rsp]
+       mov     eax,r11d
        mov     ebx,r11d
-       mov     edx,edi
-       xor     eax,DWORD PTR[36+rsp]
-       xor     ebx,ebp
-       rol     edx,5
-       xor     eax,DWORD PTR[60+rsp]
+       xor     edx,DWORD PTR[40+rsp]
+       and     eax,r12d
+       mov     ecx,esi
+       xor     edx,DWORD PTR[rsp]
        xor     ebx,r12d
-       add     esi,edx
-       xor     eax,DWORD PTR[16+rsp]
-       rol     ebp,30
-       add     esi,ebx
-       rol     eax,1
-       mov     DWORD PTR[28+rsp],eax
-       lea     edx,DWORD PTR[1859775393+r12*1+rax]
-       mov     eax,DWORD PTR[32+rsp]
-       mov     ebx,ebp
-       mov     r12d,esi
-       xor     eax,DWORD PTR[40+rsp]
-       xor     ebx,edi
-       rol     r12d,5
-       xor     eax,DWORD PTR[rsp]
-       xor     ebx,r11d
-       add     edx,r12d
-       xor     eax,DWORD PTR[20+rsp]
+       lea     r13d,DWORD PTR[((-1894007588))+r13*1+rbp]
+       rol     ecx,5
+       xor     edx,DWORD PTR[20+rsp]
+       add     r13d,eax
+       and     ebx,edi
+       rol     edx,1
+       add     r13d,ebx
        rol     edi,30
-       add     edx,ebx
-       rol     eax,1
-       mov     DWORD PTR[32+rsp],eax
-       lea     r12d,DWORD PTR[1859775393+r11*1+rax]
-       mov     eax,DWORD PTR[36+rsp]
+       mov     DWORD PTR[32+rsp],edx
+       add     r13d,ecx
+       mov     ebp,DWORD PTR[36+rsp]
+       mov     eax,edi
        mov     ebx,edi
-       mov     r11d,edx
-       xor     eax,DWORD PTR[44+rsp]
-       xor     ebx,esi
-       rol     r11d,5
-       xor     eax,DWORD PTR[4+rsp]
-       xor     ebx,ebp
-       add     r12d,r11d
-       xor     eax,DWORD PTR[24+rsp]
-       rol     esi,30
+       xor     ebp,DWORD PTR[44+rsp]
+       and     eax,r11d
+       mov     ecx,r13d
+       xor     ebp,DWORD PTR[4+rsp]
+       xor     ebx,r11d
+       lea     r12d,DWORD PTR[((-1894007588))+r12*1+rdx]
+       rol     ecx,5
+       xor     ebp,DWORD PTR[24+rsp]
+       add     r12d,eax
+       and     ebx,esi
+       rol     ebp,1
        add     r12d,ebx
-       rol     eax,1
-       mov     DWORD PTR[36+rsp],eax
-       lea     r11d,DWORD PTR[1859775393+rbp*1+rax]
-       mov     eax,DWORD PTR[40+rsp]
+       rol     esi,30
+       mov     DWORD PTR[36+rsp],ebp
+       add     r12d,ecx
+       mov     edx,DWORD PTR[40+rsp]
+       mov     eax,esi
        mov     ebx,esi
-       mov     ebp,r12d
-       xor     eax,DWORD PTR[48+rsp]
-       xor     ebx,edx
-       rol     ebp,5
-       xor     eax,DWORD PTR[8+rsp]
+       xor     edx,DWORD PTR[48+rsp]
+       and     eax,edi
+       mov     ecx,r12d
+       xor     edx,DWORD PTR[8+rsp]
        xor     ebx,edi
-       add     r11d,ebp
-       xor     eax,DWORD PTR[28+rsp]
-       rol     edx,30
+       lea     r11d,DWORD PTR[((-1894007588))+r11*1+rbp]
+       rol     ecx,5
+       xor     edx,DWORD PTR[28+rsp]
+       add     r11d,eax
+       and     ebx,r13d
+       rol     edx,1
        add     r11d,ebx
-       rol     eax,1
-       mov     DWORD PTR[40+rsp],eax
-       lea     ebp,DWORD PTR[1859775393+rdi*1+rax]
-       mov     eax,DWORD PTR[44+rsp]
-       mov     ebx,edx
-       mov     edi,r11d
-       xor     eax,DWORD PTR[52+rsp]
-       xor     ebx,r12d
-       rol     edi,5
-       xor     eax,DWORD PTR[12+rsp]
+       rol     r13d,30
+       mov     DWORD PTR[40+rsp],edx
+       add     r11d,ecx
+       mov     ebp,DWORD PTR[44+rsp]
+       mov     eax,r13d
+       mov     ebx,r13d
+       xor     ebp,DWORD PTR[52+rsp]
+       and     eax,esi
+       mov     ecx,r11d
+       xor     ebp,DWORD PTR[12+rsp]
        xor     ebx,esi
-       add     ebp,edi
-       xor     eax,DWORD PTR[32+rsp]
+       lea     edi,DWORD PTR[((-1894007588))+rdi*1+rdx]
+       rol     ecx,5
+       xor     ebp,DWORD PTR[32+rsp]
+       add     edi,eax
+       and     ebx,r12d
+       rol     ebp,1
+       add     edi,ebx
        rol     r12d,30
-       add     ebp,ebx
-       rol     eax,1
-       mov     DWORD PTR[44+rsp],eax
-       lea     edi,DWORD PTR[1859775393+rsi*1+rax]
-       mov     eax,DWORD PTR[48+rsp]
+       mov     DWORD PTR[44+rsp],ebp
+       add     edi,ecx
+       mov     edx,DWORD PTR[48+rsp]
+       mov     eax,r12d
        mov     ebx,r12d
-       mov     esi,ebp
-       xor     eax,DWORD PTR[56+rsp]
-       xor     ebx,r11d
-       rol     esi,5
-       xor     eax,DWORD PTR[16+rsp]
-       xor     ebx,edx
-       add     edi,esi
-       xor     eax,DWORD PTR[36+rsp]
-       rol     r11d,30
-       add     edi,ebx
-       rol     eax,1
-       mov     DWORD PTR[48+rsp],eax
-       lea     esi,DWORD PTR[1859775393+rdx*1+rax]
-       mov     eax,DWORD PTR[52+rsp]
-       mov     ebx,r11d
-       mov     edx,edi
-       xor     eax,DWORD PTR[60+rsp]
-       xor     ebx,ebp
-       rol     edx,5
-       xor     eax,DWORD PTR[20+rsp]
-       xor     ebx,r12d
-       add     esi,edx
-       xor     eax,DWORD PTR[40+rsp]
-       rol     ebp,30
+       xor     edx,DWORD PTR[56+rsp]
+       and     eax,r13d
+       mov     ecx,edi
+       xor     edx,DWORD PTR[16+rsp]
+       xor     ebx,r13d
+       lea     esi,DWORD PTR[((-1894007588))+rsi*1+rbp]
+       rol     ecx,5
+       xor     edx,DWORD PTR[36+rsp]
+       add     esi,eax
+       and     ebx,r11d
+       rol     edx,1
        add     esi,ebx
-       rol     eax,1
-       mov     DWORD PTR[52+rsp],eax
-       lea     edx,DWORD PTR[1859775393+r12*1+rax]
-       mov     eax,DWORD PTR[56+rsp]
-       mov     ebx,ebp
-       mov     r12d,esi
-       xor     eax,DWORD PTR[rsp]
-       xor     ebx,edi
-       rol     r12d,5
-       xor     eax,DWORD PTR[24+rsp]
-       xor     ebx,r11d
-       add     edx,r12d
-       xor     eax,DWORD PTR[44+rsp]
+       rol     r11d,30
+       mov     DWORD PTR[48+rsp],edx
+       add     esi,ecx
+       mov     ebp,DWORD PTR[52+rsp]
+       mov     eax,r11d
+       mov     ecx,esi
+       xor     ebp,DWORD PTR[60+rsp]
+       xor     eax,edi
+       rol     ecx,5
+       lea     r13d,DWORD PTR[((-899497514))+r13*1+rdx]
+       xor     ebp,DWORD PTR[20+rsp]
+       xor     eax,r12d
+       add     r13d,ecx
+       xor     ebp,DWORD PTR[40+rsp]
        rol     edi,30
-       add     edx,ebx
-       rol     eax,1
-       mov     DWORD PTR[56+rsp],eax
-       lea     r12d,DWORD PTR[1859775393+r11*1+rax]
-       mov     eax,DWORD PTR[60+rsp]
-       mov     ebx,edi
-       mov     r11d,edx
-       xor     eax,DWORD PTR[4+rsp]
-       xor     ebx,esi
-       rol     r11d,5
-       xor     eax,DWORD PTR[28+rsp]
-       xor     ebx,ebp
-       add     r12d,r11d
-       xor     eax,DWORD PTR[48+rsp]
+       add     r13d,eax
+       rol     ebp,1
+       mov     DWORD PTR[52+rsp],ebp
+       mov     edx,DWORD PTR[56+rsp]
+       mov     eax,edi
+       mov     ecx,r13d
+       xor     edx,DWORD PTR[rsp]
+       xor     eax,esi
+       rol     ecx,5
+       lea     r12d,DWORD PTR[((-899497514))+r12*1+rbp]
+       xor     edx,DWORD PTR[24+rsp]
+       xor     eax,r11d
+       add     r12d,ecx
+       xor     edx,DWORD PTR[44+rsp]
        rol     esi,30
-       add     r12d,ebx
-       rol     eax,1
-       mov     DWORD PTR[60+rsp],eax
-       lea     r11d,DWORD PTR[1859775393+rbp*1+rax]
-       mov     eax,DWORD PTR[rsp]
-       mov     ebx,esi
-       mov     ebp,r12d
-       xor     eax,DWORD PTR[8+rsp]
-       xor     ebx,edx
-       rol     ebp,5
-       xor     eax,DWORD PTR[32+rsp]
-       xor     ebx,edi
-       add     r11d,ebp
-       xor     eax,DWORD PTR[52+rsp]
-       rol     edx,30
-       add     r11d,ebx
-       rol     eax,1
-       mov     DWORD PTR[rsp],eax
-       lea     ebp,DWORD PTR[1859775393+rdi*1+rax]
-       mov     eax,DWORD PTR[4+rsp]
-       mov     ebx,edx
-       mov     edi,r11d
-       xor     eax,DWORD PTR[12+rsp]
-       xor     ebx,r12d
-       rol     edi,5
-       xor     eax,DWORD PTR[36+rsp]
-       xor     ebx,esi
-       add     ebp,edi
-       xor     eax,DWORD PTR[56+rsp]
+       add     r12d,eax
+       rol     edx,1
+       mov     DWORD PTR[56+rsp],edx
+       mov     ebp,DWORD PTR[60+rsp]
+       mov     eax,esi
+       mov     ecx,r12d
+       xor     ebp,DWORD PTR[4+rsp]
+       xor     eax,r13d
+       rol     ecx,5
+       lea     r11d,DWORD PTR[((-899497514))+r11*1+rdx]
+       xor     ebp,DWORD PTR[28+rsp]
+       xor     eax,edi
+       add     r11d,ecx
+       xor     ebp,DWORD PTR[48+rsp]
+       rol     r13d,30
+       add     r11d,eax
+       rol     ebp,1
+       mov     DWORD PTR[60+rsp],ebp
+       mov     edx,DWORD PTR[rsp]
+       mov     eax,r13d
+       mov     ecx,r11d
+       xor     edx,DWORD PTR[8+rsp]
+       xor     eax,r12d
+       rol     ecx,5
+       lea     edi,DWORD PTR[((-899497514))+rdi*1+rbp]
+       xor     edx,DWORD PTR[32+rsp]
+       xor     eax,esi
+       add     edi,ecx
+       xor     edx,DWORD PTR[52+rsp]
        rol     r12d,30
-       add     ebp,ebx
-       rol     eax,1
-       mov     DWORD PTR[4+rsp],eax
-       lea     edi,DWORD PTR[1859775393+rsi*1+rax]
-       mov     eax,DWORD PTR[8+rsp]
-       mov     ebx,r12d
-       mov     esi,ebp
-       xor     eax,DWORD PTR[16+rsp]
-       xor     ebx,r11d
-       rol     esi,5
-       xor     eax,DWORD PTR[40+rsp]
-       xor     ebx,edx
-       add     edi,esi
-       xor     eax,DWORD PTR[60+rsp]
+       add     edi,eax
+       rol     edx,1
+       mov     DWORD PTR[rsp],edx
+       mov     ebp,DWORD PTR[4+rsp]
+       mov     eax,r12d
+       mov     ecx,edi
+       xor     ebp,DWORD PTR[12+rsp]
+       xor     eax,r11d
+       rol     ecx,5
+       lea     esi,DWORD PTR[((-899497514))+rsi*1+rdx]
+       xor     ebp,DWORD PTR[36+rsp]
+       xor     eax,r13d
+       add     esi,ecx
+       xor     ebp,DWORD PTR[56+rsp]
        rol     r11d,30
-       add     edi,ebx
-       rol     eax,1
-       mov     DWORD PTR[8+rsp],eax
-       lea     esi,DWORD PTR[1859775393+rdx*1+rax]
-       mov     eax,DWORD PTR[12+rsp]
-       mov     ebx,r11d
-       mov     edx,edi
-       xor     eax,DWORD PTR[20+rsp]
-       xor     ebx,ebp
-       rol     edx,5
-       xor     eax,DWORD PTR[44+rsp]
-       xor     ebx,r12d
-       add     esi,edx
-       xor     eax,DWORD PTR[rsp]
-       rol     ebp,30
-       add     esi,ebx
-       rol     eax,1
-       mov     DWORD PTR[12+rsp],eax
-       lea     edx,DWORD PTR[1859775393+r12*1+rax]
-       mov     eax,DWORD PTR[16+rsp]
-       mov     ebx,ebp
-       mov     r12d,esi
-       xor     eax,DWORD PTR[24+rsp]
-       xor     ebx,edi
-       rol     r12d,5
-       xor     eax,DWORD PTR[48+rsp]
-       xor     ebx,r11d
-       add     edx,r12d
-       xor     eax,DWORD PTR[4+rsp]
+       add     esi,eax
+       rol     ebp,1
+       mov     DWORD PTR[4+rsp],ebp
+       mov     edx,DWORD PTR[8+rsp]
+       mov     eax,r11d
+       mov     ecx,esi
+       xor     edx,DWORD PTR[16+rsp]
+       xor     eax,edi
+       rol     ecx,5
+       lea     r13d,DWORD PTR[((-899497514))+r13*1+rbp]
+       xor     edx,DWORD PTR[40+rsp]
+       xor     eax,r12d
+       add     r13d,ecx
+       xor     edx,DWORD PTR[60+rsp]
        rol     edi,30
-       add     edx,ebx
-       rol     eax,1
-       mov     DWORD PTR[16+rsp],eax
-       lea     r12d,DWORD PTR[1859775393+r11*1+rax]
-       mov     eax,DWORD PTR[20+rsp]
-       mov     ebx,edi
-       mov     r11d,edx
-       xor     eax,DWORD PTR[28+rsp]
-       xor     ebx,esi
-       rol     r11d,5
-       xor     eax,DWORD PTR[52+rsp]
-       xor     ebx,ebp
-       add     r12d,r11d
-       xor     eax,DWORD PTR[8+rsp]
+       add     r13d,eax
+       rol     edx,1
+       mov     DWORD PTR[8+rsp],edx
+       mov     ebp,DWORD PTR[12+rsp]
+       mov     eax,edi
+       mov     ecx,r13d
+       xor     ebp,DWORD PTR[20+rsp]
+       xor     eax,esi
+       rol     ecx,5
+       lea     r12d,DWORD PTR[((-899497514))+r12*1+rdx]
+       xor     ebp,DWORD PTR[44+rsp]
+       xor     eax,r11d
+       add     r12d,ecx
+       xor     ebp,DWORD PTR[rsp]
        rol     esi,30
-       add     r12d,ebx
-       rol     eax,1
-       mov     DWORD PTR[20+rsp],eax
-       lea     r11d,DWORD PTR[1859775393+rbp*1+rax]
-       mov     eax,DWORD PTR[24+rsp]
-       mov     ebx,esi
-       mov     ebp,r12d
-       xor     eax,DWORD PTR[32+rsp]
-       xor     ebx,edx
-       rol     ebp,5
-       xor     eax,DWORD PTR[56+rsp]
-       xor     ebx,edi
-       add     r11d,ebp
-       xor     eax,DWORD PTR[12+rsp]
-       rol     edx,30
-       add     r11d,ebx
-       rol     eax,1
-       mov     DWORD PTR[24+rsp],eax
-       lea     ebp,DWORD PTR[1859775393+rdi*1+rax]
-       mov     eax,DWORD PTR[28+rsp]
-       mov     ebx,edx
-       mov     edi,r11d
-       xor     eax,DWORD PTR[36+rsp]
-       xor     ebx,r12d
-       rol     edi,5
-       xor     eax,DWORD PTR[60+rsp]
-       xor     ebx,esi
-       add     ebp,edi
-       xor     eax,DWORD PTR[16+rsp]
+       add     r12d,eax
+       rol     ebp,1
+       mov     DWORD PTR[12+rsp],ebp
+       mov     edx,DWORD PTR[16+rsp]
+       mov     eax,esi
+       mov     ecx,r12d
+       xor     edx,DWORD PTR[24+rsp]
+       xor     eax,r13d
+       rol     ecx,5
+       lea     r11d,DWORD PTR[((-899497514))+r11*1+rbp]
+       xor     edx,DWORD PTR[48+rsp]
+       xor     eax,edi
+       add     r11d,ecx
+       xor     edx,DWORD PTR[4+rsp]
+       rol     r13d,30
+       add     r11d,eax
+       rol     edx,1
+       mov     DWORD PTR[16+rsp],edx
+       mov     ebp,DWORD PTR[20+rsp]
+       mov     eax,r13d
+       mov     ecx,r11d
+       xor     ebp,DWORD PTR[28+rsp]
+       xor     eax,r12d
+       rol     ecx,5
+       lea     edi,DWORD PTR[((-899497514))+rdi*1+rdx]
+       xor     ebp,DWORD PTR[52+rsp]
+       xor     eax,esi
+       add     edi,ecx
+       xor     ebp,DWORD PTR[8+rsp]
        rol     r12d,30
-       add     ebp,ebx
-       rol     eax,1
-       mov     DWORD PTR[28+rsp],eax
-       lea     edi,DWORD PTR[1859775393+rsi*1+rax]
-       mov     eax,DWORD PTR[32+rsp]
-       mov     ebx,r12d
-       mov     esi,ebp
-       xor     eax,DWORD PTR[40+rsp]
-       xor     ebx,r11d
-       rol     esi,5
-       xor     eax,DWORD PTR[rsp]
-       xor     ebx,edx
-       add     edi,esi
-       xor     eax,DWORD PTR[20+rsp]
-       rol     r11d,30
-       add     edi,ebx
-       rol     eax,1
-       mov     DWORD PTR[32+rsp],eax
-       lea     esi,DWORD PTR[08f1bbcdch+rdx*1+rax]
-       mov     eax,DWORD PTR[36+rsp]
-       mov     ebx,ebp
-       mov     ecx,ebp
-       xor     eax,DWORD PTR[44+rsp]
-       mov     edx,edi
-       and     ebx,r11d
-       xor     eax,DWORD PTR[4+rsp]
-       or      ecx,r11d
-       rol     edx,5
-       xor     eax,DWORD PTR[24+rsp]
-       and     ecx,r12d
-       add     esi,edx
-       rol     eax,1
-       or      ebx,ecx
-       rol     ebp,30
-       mov     DWORD PTR[36+rsp],eax
-       add     esi,ebx
-       lea     edx,DWORD PTR[08f1bbcdch+r12*1+rax]
-       mov     eax,DWORD PTR[40+rsp]
-       mov     ebx,edi
+       add     edi,eax
+       rol     ebp,1
+       mov     DWORD PTR[20+rsp],ebp
+       mov     edx,DWORD PTR[24+rsp]
+       mov     eax,r12d
        mov     ecx,edi
-       xor     eax,DWORD PTR[48+rsp]
-       mov     r12d,esi
-       and     ebx,ebp
-       xor     eax,DWORD PTR[8+rsp]
-       or      ecx,ebp
-       rol     r12d,5
-       xor     eax,DWORD PTR[28+rsp]
-       and     ecx,r11d
-       add     edx,r12d
-       rol     eax,1
-       or      ebx,ecx
-       rol     edi,30
-       mov     DWORD PTR[40+rsp],eax
-       add     edx,ebx
-       lea     r12d,DWORD PTR[08f1bbcdch+r11*1+rax]
-       mov     eax,DWORD PTR[44+rsp]
-       mov     ebx,esi
+       xor     edx,DWORD PTR[32+rsp]
+       xor     eax,r11d
+       rol     ecx,5
+       lea     esi,DWORD PTR[((-899497514))+rsi*1+rbp]
+       xor     edx,DWORD PTR[56+rsp]
+       xor     eax,r13d
+       add     esi,ecx
+       xor     edx,DWORD PTR[12+rsp]
+       rol     r11d,30
+       add     esi,eax
+       rol     edx,1
+       mov     DWORD PTR[24+rsp],edx
+       mov     ebp,DWORD PTR[28+rsp]
+       mov     eax,r11d
        mov     ecx,esi
-       xor     eax,DWORD PTR[52+rsp]
-       mov     r11d,edx
-       and     ebx,edi
-       xor     eax,DWORD PTR[12+rsp]
-       or      ecx,edi
-       rol     r11d,5
-       xor     eax,DWORD PTR[32+rsp]
-       and     ecx,ebp
-       add     r12d,r11d
-       rol     eax,1
-       or      ebx,ecx
+       xor     ebp,DWORD PTR[36+rsp]
+       xor     eax,edi
+       rol     ecx,5
+       lea     r13d,DWORD PTR[((-899497514))+r13*1+rdx]
+       xor     ebp,DWORD PTR[60+rsp]
+       xor     eax,r12d
+       add     r13d,ecx
+       xor     ebp,DWORD PTR[16+rsp]
+       rol     edi,30
+       add     r13d,eax
+       rol     ebp,1
+       mov     DWORD PTR[28+rsp],ebp
+       mov     edx,DWORD PTR[32+rsp]
+       mov     eax,edi
+       mov     ecx,r13d
+       xor     edx,DWORD PTR[40+rsp]
+       xor     eax,esi
+       rol     ecx,5
+       lea     r12d,DWORD PTR[((-899497514))+r12*1+rbp]
+       xor     edx,DWORD PTR[rsp]
+       xor     eax,r11d
+       add     r12d,ecx
+       xor     edx,DWORD PTR[20+rsp]
        rol     esi,30
-       mov     DWORD PTR[44+rsp],eax
-       add     r12d,ebx
-       lea     r11d,DWORD PTR[08f1bbcdch+rbp*1+rax]
-       mov     eax,DWORD PTR[48+rsp]
-       mov     ebx,edx
-       mov     ecx,edx
-       xor     eax,DWORD PTR[56+rsp]
-       mov     ebp,r12d
-       and     ebx,esi
-       xor     eax,DWORD PTR[16+rsp]
-       or      ecx,esi
-       rol     ebp,5
-       xor     eax,DWORD PTR[36+rsp]
-       and     ecx,edi
-       add     r11d,ebp
-       rol     eax,1
-       or      ebx,ecx
-       rol     edx,30
-       mov     DWORD PTR[48+rsp],eax
-       add     r11d,ebx
-       lea     ebp,DWORD PTR[08f1bbcdch+rdi*1+rax]
-       mov     eax,DWORD PTR[52+rsp]
-       mov     ebx,r12d
+       add     r12d,eax
+       rol     edx,1
+       mov     DWORD PTR[32+rsp],edx
+       mov     ebp,DWORD PTR[36+rsp]
+       mov     eax,esi
        mov     ecx,r12d
-       xor     eax,DWORD PTR[60+rsp]
-       mov     edi,r11d
-       and     ebx,edx
-       xor     eax,DWORD PTR[20+rsp]
-       or      ecx,edx
-       rol     edi,5
-       xor     eax,DWORD PTR[40+rsp]
-       and     ecx,esi
-       add     ebp,edi
-       rol     eax,1
-       or      ebx,ecx
-       rol     r12d,30
-       mov     DWORD PTR[52+rsp],eax
-       add     ebp,ebx
-       lea     edi,DWORD PTR[08f1bbcdch+rsi*1+rax]
-       mov     eax,DWORD PTR[56+rsp]
-       mov     ebx,r11d
+       xor     ebp,DWORD PTR[44+rsp]
+       xor     eax,r13d
+       rol     ecx,5
+       lea     r11d,DWORD PTR[((-899497514))+r11*1+rdx]
+       xor     ebp,DWORD PTR[4+rsp]
+       xor     eax,edi
+       add     r11d,ecx
+       xor     ebp,DWORD PTR[24+rsp]
+       rol     r13d,30
+       add     r11d,eax
+       rol     ebp,1
+       mov     DWORD PTR[36+rsp],ebp
+       mov     edx,DWORD PTR[40+rsp]
+       mov     eax,r13d
        mov     ecx,r11d
-       xor     eax,DWORD PTR[rsp]
-       mov     esi,ebp
-       and     ebx,r12d
-       xor     eax,DWORD PTR[24+rsp]
-       or      ecx,r12d
-       rol     esi,5
-       xor     eax,DWORD PTR[44+rsp]
-       and     ecx,edx
-       add     edi,esi
-       rol     eax,1
-       or      ebx,ecx
-       rol     r11d,30
-       mov     DWORD PTR[56+rsp],eax
-       add     edi,ebx
-       lea     esi,DWORD PTR[08f1bbcdch+rdx*1+rax]
-       mov     eax,DWORD PTR[60+rsp]
-       mov     ebx,ebp
-       mov     ecx,ebp
-       xor     eax,DWORD PTR[4+rsp]
-       mov     edx,edi
-       and     ebx,r11d
-       xor     eax,DWORD PTR[28+rsp]
-       or      ecx,r11d
-       rol     edx,5
-       xor     eax,DWORD PTR[48+rsp]
-       and     ecx,r12d
-       add     esi,edx
-       rol     eax,1
-       or      ebx,ecx
-       rol     ebp,30
-       mov     DWORD PTR[60+rsp],eax
-       add     esi,ebx
-       lea     edx,DWORD PTR[08f1bbcdch+r12*1+rax]
-       mov     eax,DWORD PTR[rsp]
-       mov     ebx,edi
+       xor     edx,DWORD PTR[48+rsp]
+       xor     eax,r12d
+       rol     ecx,5
+       lea     edi,DWORD PTR[((-899497514))+rdi*1+rbp]
+       xor     edx,DWORD PTR[8+rsp]
+       xor     eax,esi
+       add     edi,ecx
+       xor     edx,DWORD PTR[28+rsp]
+       rol     r12d,30
+       add     edi,eax
+       rol     edx,1
+       mov     DWORD PTR[40+rsp],edx
+       mov     ebp,DWORD PTR[44+rsp]
+       mov     eax,r12d
        mov     ecx,edi
-       xor     eax,DWORD PTR[8+rsp]
-       mov     r12d,esi
-       and     ebx,ebp
-       xor     eax,DWORD PTR[32+rsp]
-       or      ecx,ebp
-       rol     r12d,5
-       xor     eax,DWORD PTR[52+rsp]
-       and     ecx,r11d
-       add     edx,r12d
-       rol     eax,1
-       or      ebx,ecx
-       rol     edi,30
-       mov     DWORD PTR[rsp],eax
-       add     edx,ebx
-       lea     r12d,DWORD PTR[08f1bbcdch+r11*1+rax]
-       mov     eax,DWORD PTR[4+rsp]
-       mov     ebx,esi
+       xor     ebp,DWORD PTR[52+rsp]
+       xor     eax,r11d
+       rol     ecx,5
+       lea     esi,DWORD PTR[((-899497514))+rsi*1+rdx]
+       xor     ebp,DWORD PTR[12+rsp]
+       xor     eax,r13d
+       add     esi,ecx
+       xor     ebp,DWORD PTR[32+rsp]
+       rol     r11d,30
+       add     esi,eax
+       rol     ebp,1
+       mov     DWORD PTR[44+rsp],ebp
+       mov     edx,DWORD PTR[48+rsp]
+       mov     eax,r11d
        mov     ecx,esi
-       xor     eax,DWORD PTR[12+rsp]
-       mov     r11d,edx
-       and     ebx,edi
-       xor     eax,DWORD PTR[36+rsp]
-       or      ecx,edi
-       rol     r11d,5
-       xor     eax,DWORD PTR[56+rsp]
-       and     ecx,ebp
-       add     r12d,r11d
-       rol     eax,1
-       or      ebx,ecx
+       xor     edx,DWORD PTR[56+rsp]
+       xor     eax,edi
+       rol     ecx,5
+       lea     r13d,DWORD PTR[((-899497514))+r13*1+rbp]
+       xor     edx,DWORD PTR[16+rsp]
+       xor     eax,r12d
+       add     r13d,ecx
+       xor     edx,DWORD PTR[36+rsp]
+       rol     edi,30
+       add     r13d,eax
+       rol     edx,1
+       mov     DWORD PTR[48+rsp],edx
+       mov     ebp,DWORD PTR[52+rsp]
+       mov     eax,edi
+       mov     ecx,r13d
+       xor     ebp,DWORD PTR[60+rsp]
+       xor     eax,esi
+       rol     ecx,5
+       lea     r12d,DWORD PTR[((-899497514))+r12*1+rdx]
+       xor     ebp,DWORD PTR[20+rsp]
+       xor     eax,r11d
+       add     r12d,ecx
+       xor     ebp,DWORD PTR[40+rsp]
        rol     esi,30
-       mov     DWORD PTR[4+rsp],eax
-       add     r12d,ebx
-       lea     r11d,DWORD PTR[08f1bbcdch+rbp*1+rax]
-       mov     eax,DWORD PTR[8+rsp]
-       mov     ebx,edx
-       mov     ecx,edx
-       xor     eax,DWORD PTR[16+rsp]
-       mov     ebp,r12d
-       and     ebx,esi
-       xor     eax,DWORD PTR[40+rsp]
-       or      ecx,esi
-       rol     ebp,5
-       xor     eax,DWORD PTR[60+rsp]
-       and     ecx,edi
-       add     r11d,ebp
-       rol     eax,1
-       or      ebx,ecx
-       rol     edx,30
-       mov     DWORD PTR[8+rsp],eax
-       add     r11d,ebx
-       lea     ebp,DWORD PTR[08f1bbcdch+rdi*1+rax]
-       mov     eax,DWORD PTR[12+rsp]
-       mov     ebx,r12d
+       add     r12d,eax
+       rol     ebp,1
+       mov     edx,DWORD PTR[56+rsp]
+       mov     eax,esi
        mov     ecx,r12d
-       xor     eax,DWORD PTR[20+rsp]
-       mov     edi,r11d
-       and     ebx,edx
-       xor     eax,DWORD PTR[44+rsp]
-       or      ecx,edx
-       rol     edi,5
-       xor     eax,DWORD PTR[rsp]
-       and     ecx,esi
-       add     ebp,edi
-       rol     eax,1
-       or      ebx,ecx
-       rol     r12d,30
-       mov     DWORD PTR[12+rsp],eax
-       add     ebp,ebx
-       lea     edi,DWORD PTR[08f1bbcdch+rsi*1+rax]
-       mov     eax,DWORD PTR[16+rsp]
-       mov     ebx,r11d
+       xor     edx,DWORD PTR[rsp]
+       xor     eax,r13d
+       rol     ecx,5
+       lea     r11d,DWORD PTR[((-899497514))+r11*1+rbp]
+       xor     edx,DWORD PTR[24+rsp]
+       xor     eax,edi
+       add     r11d,ecx
+       xor     edx,DWORD PTR[44+rsp]
+       rol     r13d,30
+       add     r11d,eax
+       rol     edx,1
+       mov     ebp,DWORD PTR[60+rsp]
+       mov     eax,r13d
        mov     ecx,r11d
-       xor     eax,DWORD PTR[24+rsp]
-       mov     esi,ebp
-       and     ebx,r12d
-       xor     eax,DWORD PTR[48+rsp]
-       or      ecx,r12d
-       rol     esi,5
-       xor     eax,DWORD PTR[4+rsp]
-       and     ecx,edx
-       add     edi,esi
-       rol     eax,1
-       or      ebx,ecx
+       xor     ebp,DWORD PTR[4+rsp]
+       xor     eax,r12d
+       rol     ecx,5
+       lea     edi,DWORD PTR[((-899497514))+rdi*1+rdx]
+       xor     ebp,DWORD PTR[28+rsp]
+       xor     eax,esi
+       add     edi,ecx
+       xor     ebp,DWORD PTR[48+rsp]
+       rol     r12d,30
+       add     edi,eax
+       rol     ebp,1
+       mov     eax,r12d
+       mov     ecx,edi
+       xor     eax,r11d
+       lea     esi,DWORD PTR[((-899497514))+rsi*1+rbp]
+       rol     ecx,5
+       xor     eax,r13d
+       add     esi,ecx
        rol     r11d,30
-       mov     DWORD PTR[16+rsp],eax
-       add     edi,ebx
-       lea     esi,DWORD PTR[08f1bbcdch+rdx*1+rax]
-       mov     eax,DWORD PTR[20+rsp]
-       mov     ebx,ebp
-       mov     ecx,ebp
-       xor     eax,DWORD PTR[28+rsp]
-       mov     edx,edi
-       and     ebx,r11d
-       xor     eax,DWORD PTR[52+rsp]
-       or      ecx,r11d
+       add     esi,eax
+       add     esi,DWORD PTR[r8]
+       add     edi,DWORD PTR[4+r8]
+       add     r11d,DWORD PTR[8+r8]
+       add     r12d,DWORD PTR[12+r8]
+       add     r13d,DWORD PTR[16+r8]
+       mov     DWORD PTR[r8],esi
+       mov     DWORD PTR[4+r8],edi
+       mov     DWORD PTR[8+r8],r11d
+       mov     DWORD PTR[12+r8],r12d
+       mov     DWORD PTR[16+r8],r13d
+
+       sub     r10,1
+       lea     r9,QWORD PTR[64+r9]
+       jnz     $L$loop
+
+       mov     rsi,QWORD PTR[64+rsp]
+       mov     r13,QWORD PTR[rsi]
+       mov     r12,QWORD PTR[8+rsi]
+       mov     rbp,QWORD PTR[16+rsi]
+       mov     rbx,QWORD PTR[24+rsi]
+       lea     rsp,QWORD PTR[32+rsi]
+$L$epilogue::
+       mov     rdi,QWORD PTR[8+rsp]    ;WIN64 epilogue
+       mov     rsi,QWORD PTR[16+rsp]
+       DB      0F3h,0C3h               ;repret
+$L$SEH_end_sha1_block_data_order::
+sha1_block_data_order  ENDP
+
+ALIGN  16
+sha1_block_data_order_ssse3    PROC PRIVATE
+       mov     QWORD PTR[8+rsp],rdi    ;WIN64 prologue
+       mov     QWORD PTR[16+rsp],rsi
+       mov     rax,rsp
+$L$SEH_begin_sha1_block_data_order_ssse3::
+       mov     rdi,rcx
+       mov     rsi,rdx
+       mov     rdx,r8
+
+
+_ssse3_shortcut::
+       push    rbx
+       push    rbp
+       push    r12
+       lea     rsp,QWORD PTR[((-144))+rsp]
+       movaps  XMMWORD PTR[(64+0)+rsp],xmm6
+       movaps  XMMWORD PTR[(64+16)+rsp],xmm7
+       movaps  XMMWORD PTR[(64+32)+rsp],xmm8
+       movaps  XMMWORD PTR[(64+48)+rsp],xmm9
+       movaps  XMMWORD PTR[(64+64)+rsp],xmm10
+$L$prologue_ssse3::
+       mov     r8,rdi
+       mov     r9,rsi
+       mov     r10,rdx
+
+       shl     r10,6
+       add     r10,r9
+       lea     r11,QWORD PTR[K_XX_XX]
+
+       mov     eax,DWORD PTR[r8]
+       mov     ebx,DWORD PTR[4+r8]
+       mov     ecx,DWORD PTR[8+r8]
+       mov     edx,DWORD PTR[12+r8]
+       mov     esi,ebx
+       mov     ebp,DWORD PTR[16+r8]
+
+       movdqa  xmm6,XMMWORD PTR[64+r11]
+       movdqa  xmm9,XMMWORD PTR[r11]
+       movdqu  xmm0,XMMWORD PTR[r9]
+       movdqu  xmm1,XMMWORD PTR[16+r9]
+       movdqu  xmm2,XMMWORD PTR[32+r9]
+       movdqu  xmm3,XMMWORD PTR[48+r9]
+DB     102,15,56,0,198
+       add     r9,64
+DB     102,15,56,0,206
+DB     102,15,56,0,214
+DB     102,15,56,0,222
+       paddd   xmm0,xmm9
+       paddd   xmm1,xmm9
+       paddd   xmm2,xmm9
+       movdqa  XMMWORD PTR[rsp],xmm0
+       psubd   xmm0,xmm9
+       movdqa  XMMWORD PTR[16+rsp],xmm1
+       psubd   xmm1,xmm9
+       movdqa  XMMWORD PTR[32+rsp],xmm2
+       psubd   xmm2,xmm9
+       jmp     $L$oop_ssse3
+ALIGN  16
+$L$oop_ssse3::
+       movdqa  xmm4,xmm1
+       add     ebp,DWORD PTR[rsp]
+       xor     ecx,edx
+       movdqa  xmm8,xmm3
+DB     102,15,58,15,224,8
+       mov     edi,eax
+       rol     eax,5
+       paddd   xmm9,xmm3
+       and     esi,ecx
+       xor     ecx,edx
+       psrldq  xmm8,4
+       xor     esi,edx
+       add     ebp,eax
+       pxor    xmm4,xmm0
+       ror     ebx,2
+       add     ebp,esi
+       pxor    xmm8,xmm2
+       add     edx,DWORD PTR[4+rsp]
+       xor     ebx,ecx
+       mov     esi,ebp
+       rol     ebp,5
+       pxor    xmm4,xmm8
+       and     edi,ebx
+       xor     ebx,ecx
+       movdqa  XMMWORD PTR[48+rsp],xmm9
+       xor     edi,ecx
+       add     edx,ebp
+       movdqa  xmm10,xmm4
+       movdqa  xmm8,xmm4
+       ror     eax,7
+       add     edx,edi
+       add     ecx,DWORD PTR[8+rsp]
+       xor     eax,ebx
+       pslldq  xmm10,12
+       paddd   xmm4,xmm4
+       mov     edi,edx
        rol     edx,5
-       xor     eax,DWORD PTR[8+rsp]
-       and     ecx,r12d
-       add     esi,edx
-       rol     eax,1
-       or      ebx,ecx
-       rol     ebp,30
-       mov     DWORD PTR[20+rsp],eax
-       add     esi,ebx
-       lea     edx,DWORD PTR[08f1bbcdch+r12*1+rax]
-       mov     eax,DWORD PTR[24+rsp]
-       mov     ebx,edi
-       mov     ecx,edi
-       xor     eax,DWORD PTR[32+rsp]
-       mov     r12d,esi
-       and     ebx,ebp
-       xor     eax,DWORD PTR[56+rsp]
-       or      ecx,ebp
-       rol     r12d,5
-       xor     eax,DWORD PTR[12+rsp]
-       and     ecx,r11d
-       add     edx,r12d
-       rol     eax,1
-       or      ebx,ecx
-       rol     edi,30
-       mov     DWORD PTR[24+rsp],eax
-       add     edx,ebx
-       lea     r12d,DWORD PTR[08f1bbcdch+r11*1+rax]
-       mov     eax,DWORD PTR[28+rsp]
-       mov     ebx,esi
-       mov     ecx,esi
-       xor     eax,DWORD PTR[36+rsp]
-       mov     r11d,edx
-       and     ebx,edi
-       xor     eax,DWORD PTR[60+rsp]
-       or      ecx,edi
-       rol     r11d,5
-       xor     eax,DWORD PTR[16+rsp]
-       and     ecx,ebp
-       add     r12d,r11d
-       rol     eax,1
-       or      ebx,ecx
-       rol     esi,30
-       mov     DWORD PTR[28+rsp],eax
-       add     r12d,ebx
-       lea     r11d,DWORD PTR[08f1bbcdch+rbp*1+rax]
-       mov     eax,DWORD PTR[32+rsp]
-       mov     ebx,edx
-       mov     ecx,edx
-       xor     eax,DWORD PTR[40+rsp]
-       mov     ebp,r12d
-       and     ebx,esi
-       xor     eax,DWORD PTR[rsp]
-       or      ecx,esi
+       and     esi,eax
+       xor     eax,ebx
+       psrld   xmm8,31
+       xor     esi,ebx
+       add     ecx,edx
+       movdqa  xmm9,xmm10
+       ror     ebp,7
+       add     ecx,esi
+       psrld   xmm10,30
+       por     xmm4,xmm8
+       add     ebx,DWORD PTR[12+rsp]
+       xor     ebp,eax
+       mov     esi,ecx
+       rol     ecx,5
+       pslld   xmm9,2
+       pxor    xmm4,xmm10
+       and     edi,ebp
+       xor     ebp,eax
+       movdqa  xmm10,XMMWORD PTR[r11]
+       xor     edi,eax
+       add     ebx,ecx
+       pxor    xmm4,xmm9
+       ror     edx,7
+       add     ebx,edi
+       movdqa  xmm5,xmm2
+       add     eax,DWORD PTR[16+rsp]
+       xor     edx,ebp
+       movdqa  xmm9,xmm4
+DB     102,15,58,15,233,8
+       mov     edi,ebx
+       rol     ebx,5
+       paddd   xmm10,xmm4
+       and     esi,edx
+       xor     edx,ebp
+       psrldq  xmm9,4
+       xor     esi,ebp
+       add     eax,ebx
+       pxor    xmm5,xmm1
+       ror     ecx,7
+       add     eax,esi
+       pxor    xmm9,xmm3
+       add     ebp,DWORD PTR[20+rsp]
+       xor     ecx,edx
+       mov     esi,eax
+       rol     eax,5
+       pxor    xmm5,xmm9
+       and     edi,ecx
+       xor     ecx,edx
+       movdqa  XMMWORD PTR[rsp],xmm10
+       xor     edi,edx
+       add     ebp,eax
+       movdqa  xmm8,xmm5
+       movdqa  xmm9,xmm5
+       ror     ebx,7
+       add     ebp,edi
+       add     edx,DWORD PTR[24+rsp]
+       xor     ebx,ecx
+       pslldq  xmm8,12
+       paddd   xmm5,xmm5
+       mov     edi,ebp
        rol     ebp,5
-       xor     eax,DWORD PTR[20+rsp]
-       and     ecx,edi
-       add     r11d,ebp
-       rol     eax,1
-       or      ebx,ecx
-       rol     edx,30
-       mov     DWORD PTR[32+rsp],eax
-       add     r11d,ebx
-       lea     ebp,DWORD PTR[08f1bbcdch+rdi*1+rax]
-       mov     eax,DWORD PTR[36+rsp]
-       mov     ebx,r12d
-       mov     ecx,r12d
-       xor     eax,DWORD PTR[44+rsp]
-       mov     edi,r11d
-       and     ebx,edx
-       xor     eax,DWORD PTR[4+rsp]
-       or      ecx,edx
-       rol     edi,5
-       xor     eax,DWORD PTR[24+rsp]
-       and     ecx,esi
+       and     esi,ebx
+       xor     ebx,ecx
+       psrld   xmm9,31
+       xor     esi,ecx
+       add     edx,ebp
+       movdqa  xmm10,xmm8
+       ror     eax,7
+       add     edx,esi
+       psrld   xmm8,30
+       por     xmm5,xmm9
+       add     ecx,DWORD PTR[28+rsp]
+       xor     eax,ebx
+       mov     esi,edx
+       rol     edx,5
+       pslld   xmm10,2
+       pxor    xmm5,xmm8
+       and     edi,eax
+       xor     eax,ebx
+       movdqa  xmm8,XMMWORD PTR[16+r11]
+       xor     edi,ebx
+       add     ecx,edx
+       pxor    xmm5,xmm10
+       ror     ebp,7
+       add     ecx,edi
+       movdqa  xmm6,xmm3
+       add     ebx,DWORD PTR[32+rsp]
+       xor     ebp,eax
+       movdqa  xmm10,xmm5
+DB     102,15,58,15,242,8
+       mov     edi,ecx
+       rol     ecx,5
+       paddd   xmm8,xmm5
+       and     esi,ebp
+       xor     ebp,eax
+       psrldq  xmm10,4
+       xor     esi,eax
+       add     ebx,ecx
+       pxor    xmm6,xmm2
+       ror     edx,7
+       add     ebx,esi
+       pxor    xmm10,xmm4
+       add     eax,DWORD PTR[36+rsp]
+       xor     edx,ebp
+       mov     esi,ebx
+       rol     ebx,5
+       pxor    xmm6,xmm10
+       and     edi,edx
+       xor     edx,ebp
+       movdqa  XMMWORD PTR[16+rsp],xmm8
+       xor     edi,ebp
+       add     eax,ebx
+       movdqa  xmm9,xmm6
+       movdqa  xmm10,xmm6
+       ror     ecx,7
+       add     eax,edi
+       add     ebp,DWORD PTR[40+rsp]
+       xor     ecx,edx
+       pslldq  xmm9,12
+       paddd   xmm6,xmm6
+       mov     edi,eax
+       rol     eax,5
+       and     esi,ecx
+       xor     ecx,edx
+       psrld   xmm10,31
+       xor     esi,edx
+       add     ebp,eax
+       movdqa  xmm8,xmm9
+       ror     ebx,7
+       add     ebp,esi
+       psrld   xmm9,30
+       por     xmm6,xmm10
+       add     edx,DWORD PTR[44+rsp]
+       xor     ebx,ecx
+       mov     esi,ebp
+       rol     ebp,5
+       pslld   xmm8,2
+       pxor    xmm6,xmm9
+       and     edi,ebx
+       xor     ebx,ecx
+       movdqa  xmm9,XMMWORD PTR[16+r11]
+       xor     edi,ecx
+       add     edx,ebp
+       pxor    xmm6,xmm8
+       ror     eax,7
+       add     edx,edi
+       movdqa  xmm7,xmm4
+       add     ecx,DWORD PTR[48+rsp]
+       xor     eax,ebx
+       movdqa  xmm8,xmm6
+DB     102,15,58,15,251,8
+       mov     edi,edx
+       rol     edx,5
+       paddd   xmm9,xmm6
+       and     esi,eax
+       xor     eax,ebx
+       psrldq  xmm8,4
+       xor     esi,ebx
+       add     ecx,edx
+       pxor    xmm7,xmm3
+       ror     ebp,7
+       add     ecx,esi
+       pxor    xmm8,xmm5
+       add     ebx,DWORD PTR[52+rsp]
+       xor     ebp,eax
+       mov     esi,ecx
+       rol     ecx,5
+       pxor    xmm7,xmm8
+       and     edi,ebp
+       xor     ebp,eax
+       movdqa  XMMWORD PTR[32+rsp],xmm9
+       xor     edi,eax
+       add     ebx,ecx
+       movdqa  xmm10,xmm7
+       movdqa  xmm8,xmm7
+       ror     edx,7
+       add     ebx,edi
+       add     eax,DWORD PTR[56+rsp]
+       xor     edx,ebp
+       pslldq  xmm10,12
+       paddd   xmm7,xmm7
+       mov     edi,ebx
+       rol     ebx,5
+       and     esi,edx
+       xor     edx,ebp
+       psrld   xmm8,31
+       xor     esi,ebp
+       add     eax,ebx
+       movdqa  xmm9,xmm10
+       ror     ecx,7
+       add     eax,esi
+       psrld   xmm10,30
+       por     xmm7,xmm8
+       add     ebp,DWORD PTR[60+rsp]
+       xor     ecx,edx
+       mov     esi,eax
+       rol     eax,5
+       pslld   xmm9,2
+       pxor    xmm7,xmm10
+       and     edi,ecx
+       xor     ecx,edx
+       movdqa  xmm10,XMMWORD PTR[16+r11]
+       xor     edi,edx
+       add     ebp,eax
+       pxor    xmm7,xmm9
+       ror     ebx,7
        add     ebp,edi
-       rol     eax,1
-       or      ebx,ecx
-       rol     r12d,30
-       mov     DWORD PTR[36+rsp],eax
-       add     ebp,ebx
-       lea     edi,DWORD PTR[08f1bbcdch+rsi*1+rax]
-       mov     eax,DWORD PTR[40+rsp]
-       mov     ebx,r11d
-       mov     ecx,r11d
-       xor     eax,DWORD PTR[48+rsp]
+       movdqa  xmm9,xmm7
+       add     edx,DWORD PTR[rsp]
+       pxor    xmm0,xmm4
+DB     102,68,15,58,15,206,8
+       xor     ebx,ecx
+       mov     edi,ebp
+       rol     ebp,5
+       pxor    xmm0,xmm1
+       and     esi,ebx
+       xor     ebx,ecx
+       movdqa  xmm8,xmm10
+       paddd   xmm10,xmm7
+       xor     esi,ecx
+       add     edx,ebp
+       pxor    xmm0,xmm9
+       ror     eax,7
+       add     edx,esi
+       add     ecx,DWORD PTR[4+rsp]
+       xor     eax,ebx
+       movdqa  xmm9,xmm0
+       movdqa  XMMWORD PTR[48+rsp],xmm10
+       mov     esi,edx
+       rol     edx,5
+       and     edi,eax
+       xor     eax,ebx
+       pslld   xmm0,2
+       xor     edi,ebx
+       add     ecx,edx
+       psrld   xmm9,30
+       ror     ebp,7
+       add     ecx,edi
+       add     ebx,DWORD PTR[8+rsp]
+       xor     ebp,eax
+       mov     edi,ecx
+       rol     ecx,5
+       por     xmm0,xmm9
+       and     esi,ebp
+       xor     ebp,eax
+       movdqa  xmm10,xmm0
+       xor     esi,eax
+       add     ebx,ecx
+       ror     edx,7
+       add     ebx,esi
+       add     eax,DWORD PTR[12+rsp]
+       xor     edx,ebp
+       mov     esi,ebx
+       rol     ebx,5
+       and     edi,edx
+       xor     edx,ebp
+       xor     edi,ebp
+       add     eax,ebx
+       ror     ecx,7
+       add     eax,edi
+       add     ebp,DWORD PTR[16+rsp]
+       pxor    xmm1,xmm5
+DB     102,68,15,58,15,215,8
+       xor     esi,edx
+       mov     edi,eax
+       rol     eax,5
+       pxor    xmm1,xmm2
+       xor     esi,ecx
+       add     ebp,eax
+       movdqa  xmm9,xmm8
+       paddd   xmm8,xmm0
+       ror     ebx,7
+       add     ebp,esi
+       pxor    xmm1,xmm10
+       add     edx,DWORD PTR[20+rsp]
+       xor     edi,ecx
        mov     esi,ebp
-       and     ebx,r12d
-       xor     eax,DWORD PTR[8+rsp]
-       or      ecx,r12d
-       rol     esi,5
-       xor     eax,DWORD PTR[28+rsp]
-       and     ecx,edx
-       add     edi,esi
-       rol     eax,1
-       or      ebx,ecx
-       rol     r11d,30
-       mov     DWORD PTR[40+rsp],eax
-       add     edi,ebx
-       lea     esi,DWORD PTR[08f1bbcdch+rdx*1+rax]
-       mov     eax,DWORD PTR[44+rsp]
-       mov     ebx,ebp
-       mov     ecx,ebp
-       xor     eax,DWORD PTR[52+rsp]
-       mov     edx,edi
-       and     ebx,r11d
-       xor     eax,DWORD PTR[12+rsp]
-       or      ecx,r11d
+       rol     ebp,5
+       movdqa  xmm10,xmm1
+       movdqa  XMMWORD PTR[rsp],xmm8
+       xor     edi,ebx
+       add     edx,ebp
+       ror     eax,7
+       add     edx,edi
+       pslld   xmm1,2
+       add     ecx,DWORD PTR[24+rsp]
+       xor     esi,ebx
+       psrld   xmm10,30
+       mov     edi,edx
        rol     edx,5
-       xor     eax,DWORD PTR[32+rsp]
-       and     ecx,r12d
-       add     esi,edx
-       rol     eax,1
-       or      ebx,ecx
-       rol     ebp,30
-       mov     DWORD PTR[44+rsp],eax
-       add     esi,ebx
-       lea     edx,DWORD PTR[08f1bbcdch+r12*1+rax]
-       mov     eax,DWORD PTR[48+rsp]
-       mov     ebx,edi
-       mov     ecx,edi
-       xor     eax,DWORD PTR[56+rsp]
-       mov     r12d,esi
-       and     ebx,ebp
-       xor     eax,DWORD PTR[16+rsp]
-       or      ecx,ebp
-       rol     r12d,5
-       xor     eax,DWORD PTR[36+rsp]
-       and     ecx,r11d
-       add     edx,r12d
-       rol     eax,1
-       or      ebx,ecx
-       rol     edi,30
-       mov     DWORD PTR[48+rsp],eax
-       add     edx,ebx
-       lea     r12d,DWORD PTR[3395469782+r11*1+rax]
-       mov     eax,DWORD PTR[52+rsp]
-       mov     ebx,edi
-       mov     r11d,edx
-       xor     eax,DWORD PTR[60+rsp]
-       xor     ebx,esi
-       rol     r11d,5
-       xor     eax,DWORD PTR[20+rsp]
-       xor     ebx,ebp
-       add     r12d,r11d
-       xor     eax,DWORD PTR[40+rsp]
-       rol     esi,30
-       add     r12d,ebx
-       rol     eax,1
-       mov     DWORD PTR[52+rsp],eax
-       lea     r11d,DWORD PTR[3395469782+rbp*1+rax]
-       mov     eax,DWORD PTR[56+rsp]
-       mov     ebx,esi
-       mov     ebp,r12d
-       xor     eax,DWORD PTR[rsp]
-       xor     ebx,edx
+       xor     esi,eax
+       add     ecx,edx
+       ror     ebp,7
+       add     ecx,esi
+       por     xmm1,xmm10
+       add     ebx,DWORD PTR[28+rsp]
+       xor     edi,eax
+       movdqa  xmm8,xmm1
+       mov     esi,ecx
+       rol     ecx,5
+       xor     edi,ebp
+       add     ebx,ecx
+       ror     edx,7
+       add     ebx,edi
+       add     eax,DWORD PTR[32+rsp]
+       pxor    xmm2,xmm6
+DB     102,68,15,58,15,192,8
+       xor     esi,ebp
+       mov     edi,ebx
+       rol     ebx,5
+       pxor    xmm2,xmm3
+       xor     esi,edx
+       add     eax,ebx
+       movdqa  xmm10,XMMWORD PTR[32+r11]
+       paddd   xmm9,xmm1
+       ror     ecx,7
+       add     eax,esi
+       pxor    xmm2,xmm8
+       add     ebp,DWORD PTR[36+rsp]
+       xor     edi,edx
+       mov     esi,eax
+       rol     eax,5
+       movdqa  xmm8,xmm2
+       movdqa  XMMWORD PTR[16+rsp],xmm9
+       xor     edi,ecx
+       add     ebp,eax
+       ror     ebx,7
+       add     ebp,edi
+       pslld   xmm2,2
+       add     edx,DWORD PTR[40+rsp]
+       xor     esi,ecx
+       psrld   xmm8,30
+       mov     edi,ebp
        rol     ebp,5
-       xor     eax,DWORD PTR[24+rsp]
-       xor     ebx,edi
-       add     r11d,ebp
-       xor     eax,DWORD PTR[44+rsp]
-       rol     edx,30
-       add     r11d,ebx
-       rol     eax,1
-       mov     DWORD PTR[56+rsp],eax
-       lea     ebp,DWORD PTR[3395469782+rdi*1+rax]
-       mov     eax,DWORD PTR[60+rsp]
-       mov     ebx,edx
-       mov     edi,r11d
-       xor     eax,DWORD PTR[4+rsp]
-       xor     ebx,r12d
-       rol     edi,5
-       xor     eax,DWORD PTR[28+rsp]
-       xor     ebx,esi
+       xor     esi,ebx
+       add     edx,ebp
+       ror     eax,7
+       add     edx,esi
+       por     xmm2,xmm8
+       add     ecx,DWORD PTR[44+rsp]
+       xor     edi,ebx
+       movdqa  xmm9,xmm2
+       mov     esi,edx
+       rol     edx,5
+       xor     edi,eax
+       add     ecx,edx
+       ror     ebp,7
+       add     ecx,edi
+       add     ebx,DWORD PTR[48+rsp]
+       pxor    xmm3,xmm7
+DB     102,68,15,58,15,201,8
+       xor     esi,eax
+       mov     edi,ecx
+       rol     ecx,5
+       pxor    xmm3,xmm4
+       xor     esi,ebp
+       add     ebx,ecx
+       movdqa  xmm8,xmm10
+       paddd   xmm10,xmm2
+       ror     edx,7
+       add     ebx,esi
+       pxor    xmm3,xmm9
+       add     eax,DWORD PTR[52+rsp]
+       xor     edi,ebp
+       mov     esi,ebx
+       rol     ebx,5
+       movdqa  xmm9,xmm3
+       movdqa  XMMWORD PTR[32+rsp],xmm10
+       xor     edi,edx
+       add     eax,ebx
+       ror     ecx,7
+       add     eax,edi
+       pslld   xmm3,2
+       add     ebp,DWORD PTR[56+rsp]
+       xor     esi,edx
+       psrld   xmm9,30
+       mov     edi,eax
+       rol     eax,5
+       xor     esi,ecx
+       add     ebp,eax
+       ror     ebx,7
+       add     ebp,esi
+       por     xmm3,xmm9
+       add     edx,DWORD PTR[60+rsp]
+       xor     edi,ecx
+       movdqa  xmm10,xmm3
+       mov     esi,ebp
+       rol     ebp,5
+       xor     edi,ebx
+       add     edx,ebp
+       ror     eax,7
+       add     edx,edi
+       add     ecx,DWORD PTR[rsp]
+       pxor    xmm4,xmm0
+DB     102,68,15,58,15,210,8
+       xor     esi,ebx
+       mov     edi,edx
+       rol     edx,5
+       pxor    xmm4,xmm5
+       xor     esi,eax
+       add     ecx,edx
+       movdqa  xmm9,xmm8
+       paddd   xmm8,xmm3
+       ror     ebp,7
+       add     ecx,esi
+       pxor    xmm4,xmm10
+       add     ebx,DWORD PTR[4+rsp]
+       xor     edi,eax
+       mov     esi,ecx
+       rol     ecx,5
+       movdqa  xmm10,xmm4
+       movdqa  XMMWORD PTR[48+rsp],xmm8
+       xor     edi,ebp
+       add     ebx,ecx
+       ror     edx,7
+       add     ebx,edi
+       pslld   xmm4,2
+       add     eax,DWORD PTR[8+rsp]
+       xor     esi,ebp
+       psrld   xmm10,30
+       mov     edi,ebx
+       rol     ebx,5
+       xor     esi,edx
+       add     eax,ebx
+       ror     ecx,7
+       add     eax,esi
+       por     xmm4,xmm10
+       add     ebp,DWORD PTR[12+rsp]
+       xor     edi,edx
+       movdqa  xmm8,xmm4
+       mov     esi,eax
+       rol     eax,5
+       xor     edi,ecx
+       add     ebp,eax
+       ror     ebx,7
        add     ebp,edi
-       xor     eax,DWORD PTR[48+rsp]
-       rol     r12d,30
-       add     ebp,ebx
-       rol     eax,1
-       mov     DWORD PTR[60+rsp],eax
-       lea     edi,DWORD PTR[3395469782+rsi*1+rax]
-       mov     eax,DWORD PTR[rsp]
-       mov     ebx,r12d
+       add     edx,DWORD PTR[16+rsp]
+       pxor    xmm5,xmm1
+DB     102,68,15,58,15,195,8
+       xor     esi,ecx
+       mov     edi,ebp
+       rol     ebp,5
+       pxor    xmm5,xmm6
+       xor     esi,ebx
+       add     edx,ebp
+       movdqa  xmm10,xmm9
+       paddd   xmm9,xmm4
+       ror     eax,7
+       add     edx,esi
+       pxor    xmm5,xmm8
+       add     ecx,DWORD PTR[20+rsp]
+       xor     edi,ebx
+       mov     esi,edx
+       rol     edx,5
+       movdqa  xmm8,xmm5
+       movdqa  XMMWORD PTR[rsp],xmm9
+       xor     edi,eax
+       add     ecx,edx
+       ror     ebp,7
+       add     ecx,edi
+       pslld   xmm5,2
+       add     ebx,DWORD PTR[24+rsp]
+       xor     esi,eax
+       psrld   xmm8,30
+       mov     edi,ecx
+       rol     ecx,5
+       xor     esi,ebp
+       add     ebx,ecx
+       ror     edx,7
+       add     ebx,esi
+       por     xmm5,xmm8
+       add     eax,DWORD PTR[28+rsp]
+       xor     edi,ebp
+       movdqa  xmm9,xmm5
+       mov     esi,ebx
+       rol     ebx,5
+       xor     edi,edx
+       add     eax,ebx
+       ror     ecx,7
+       add     eax,edi
+       mov     edi,ecx
+       pxor    xmm6,xmm2
+DB     102,68,15,58,15,204,8
+       xor     ecx,edx
+       add     ebp,DWORD PTR[32+rsp]
+       and     edi,edx
+       pxor    xmm6,xmm7
+       and     esi,ecx
+       ror     ebx,7
+       movdqa  xmm8,xmm10
+       paddd   xmm10,xmm5
+       add     ebp,edi
+       mov     edi,eax
+       pxor    xmm6,xmm9
+       rol     eax,5
+       add     ebp,esi
+       xor     ecx,edx
+       add     ebp,eax
+       movdqa  xmm9,xmm6
+       movdqa  XMMWORD PTR[16+rsp],xmm10
+       mov     esi,ebx
+       xor     ebx,ecx
+       add     edx,DWORD PTR[36+rsp]
+       and     esi,ecx
+       pslld   xmm6,2
+       and     edi,ebx
+       ror     eax,7
+       psrld   xmm9,30
+       add     edx,esi
        mov     esi,ebp
-       xor     eax,DWORD PTR[8+rsp]
-       xor     ebx,r11d
-       rol     esi,5
-       xor     eax,DWORD PTR[32+rsp]
-       xor     ebx,edx
-       add     edi,esi
-       xor     eax,DWORD PTR[52+rsp]
-       rol     r11d,30
-       add     edi,ebx
-       rol     eax,1
-       mov     DWORD PTR[rsp],eax
-       lea     esi,DWORD PTR[3395469782+rdx*1+rax]
-       mov     eax,DWORD PTR[4+rsp]
-       mov     ebx,r11d
-       mov     edx,edi
-       xor     eax,DWORD PTR[12+rsp]
-       xor     ebx,ebp
+       rol     ebp,5
+       add     edx,edi
+       xor     ebx,ecx
+       add     edx,ebp
+       por     xmm6,xmm9
+       mov     edi,eax
+       xor     eax,ebx
+       movdqa  xmm10,xmm6
+       add     ecx,DWORD PTR[40+rsp]
+       and     edi,ebx
+       and     esi,eax
+       ror     ebp,7
+       add     ecx,edi
+       mov     edi,edx
        rol     edx,5
-       xor     eax,DWORD PTR[36+rsp]
-       xor     ebx,r12d
-       add     esi,edx
-       xor     eax,DWORD PTR[56+rsp]
-       rol     ebp,30
-       add     esi,ebx
-       rol     eax,1
-       mov     DWORD PTR[4+rsp],eax
-       lea     edx,DWORD PTR[3395469782+r12*1+rax]
-       mov     eax,DWORD PTR[8+rsp]
-       mov     ebx,ebp
-       mov     r12d,esi
-       xor     eax,DWORD PTR[16+rsp]
-       xor     ebx,edi
-       rol     r12d,5
-       xor     eax,DWORD PTR[40+rsp]
-       xor     ebx,r11d
-       add     edx,r12d
-       xor     eax,DWORD PTR[60+rsp]
-       rol     edi,30
-       add     edx,ebx
-       rol     eax,1
-       mov     DWORD PTR[8+rsp],eax
-       lea     r12d,DWORD PTR[3395469782+r11*1+rax]
-       mov     eax,DWORD PTR[12+rsp]
-       mov     ebx,edi
-       mov     r11d,edx
-       xor     eax,DWORD PTR[20+rsp]
-       xor     ebx,esi
-       rol     r11d,5
-       xor     eax,DWORD PTR[44+rsp]
-       xor     ebx,ebp
-       add     r12d,r11d
-       xor     eax,DWORD PTR[rsp]
-       rol     esi,30
-       add     r12d,ebx
-       rol     eax,1
-       mov     DWORD PTR[12+rsp],eax
-       lea     r11d,DWORD PTR[3395469782+rbp*1+rax]
-       mov     eax,DWORD PTR[16+rsp]
-       mov     ebx,esi
-       mov     ebp,r12d
-       xor     eax,DWORD PTR[24+rsp]
-       xor     ebx,edx
+       add     ecx,esi
+       xor     eax,ebx
+       add     ecx,edx
+       mov     esi,ebp
+       xor     ebp,eax
+       add     ebx,DWORD PTR[44+rsp]
+       and     esi,eax
+       and     edi,ebp
+       ror     edx,7
+       add     ebx,esi
+       mov     esi,ecx
+       rol     ecx,5
+       add     ebx,edi
+       xor     ebp,eax
+       add     ebx,ecx
+       mov     edi,edx
+       pxor    xmm7,xmm3
+DB     102,68,15,58,15,213,8
+       xor     edx,ebp
+       add     eax,DWORD PTR[48+rsp]
+       and     edi,ebp
+       pxor    xmm7,xmm0
+       and     esi,edx
+       ror     ecx,7
+       movdqa  xmm9,XMMWORD PTR[48+r11]
+       paddd   xmm8,xmm6
+       add     eax,edi
+       mov     edi,ebx
+       pxor    xmm7,xmm10
+       rol     ebx,5
+       add     eax,esi
+       xor     edx,ebp
+       add     eax,ebx
+       movdqa  xmm10,xmm7
+       movdqa  XMMWORD PTR[32+rsp],xmm8
+       mov     esi,ecx
+       xor     ecx,edx
+       add     ebp,DWORD PTR[52+rsp]
+       and     esi,edx
+       pslld   xmm7,2
+       and     edi,ecx
+       ror     ebx,7
+       psrld   xmm10,30
+       add     ebp,esi
+       mov     esi,eax
+       rol     eax,5
+       add     ebp,edi
+       xor     ecx,edx
+       add     ebp,eax
+       por     xmm7,xmm10
+       mov     edi,ebx
+       xor     ebx,ecx
+       movdqa  xmm8,xmm7
+       add     edx,DWORD PTR[56+rsp]
+       and     edi,ecx
+       and     esi,ebx
+       ror     eax,7
+       add     edx,edi
+       mov     edi,ebp
        rol     ebp,5
-       xor     eax,DWORD PTR[48+rsp]
-       xor     ebx,edi
-       add     r11d,ebp
-       xor     eax,DWORD PTR[4+rsp]
-       rol     edx,30
-       add     r11d,ebx
-       rol     eax,1
-       mov     DWORD PTR[16+rsp],eax
-       lea     ebp,DWORD PTR[3395469782+rdi*1+rax]
-       mov     eax,DWORD PTR[20+rsp]
-       mov     ebx,edx
-       mov     edi,r11d
-       xor     eax,DWORD PTR[28+rsp]
-       xor     ebx,r12d
-       rol     edi,5
-       xor     eax,DWORD PTR[52+rsp]
-       xor     ebx,esi
+       add     edx,esi
+       xor     ebx,ecx
+       add     edx,ebp
+       mov     esi,eax
+       xor     eax,ebx
+       add     ecx,DWORD PTR[60+rsp]
+       and     esi,ebx
+       and     edi,eax
+       ror     ebp,7
+       add     ecx,esi
+       mov     esi,edx
+       rol     edx,5
+       add     ecx,edi
+       xor     eax,ebx
+       add     ecx,edx
+       mov     edi,ebp
+       pxor    xmm0,xmm4
+DB     102,68,15,58,15,198,8
+       xor     ebp,eax
+       add     ebx,DWORD PTR[rsp]
+       and     edi,eax
+       pxor    xmm0,xmm1
+       and     esi,ebp
+       ror     edx,7
+       movdqa  xmm10,xmm9
+       paddd   xmm9,xmm7
+       add     ebx,edi
+       mov     edi,ecx
+       pxor    xmm0,xmm8
+       rol     ecx,5
+       add     ebx,esi
+       xor     ebp,eax
+       add     ebx,ecx
+       movdqa  xmm8,xmm0
+       movdqa  XMMWORD PTR[48+rsp],xmm9
+       mov     esi,edx
+       xor     edx,ebp
+       add     eax,DWORD PTR[4+rsp]
+       and     esi,ebp
+       pslld   xmm0,2
+       and     edi,edx
+       ror     ecx,7
+       psrld   xmm8,30
+       add     eax,esi
+       mov     esi,ebx
+       rol     ebx,5
+       add     eax,edi
+       xor     edx,ebp
+       add     eax,ebx
+       por     xmm0,xmm8
+       mov     edi,ecx
+       xor     ecx,edx
+       movdqa  xmm9,xmm0
+       add     ebp,DWORD PTR[8+rsp]
+       and     edi,edx
+       and     esi,ecx
+       ror     ebx,7
        add     ebp,edi
-       xor     eax,DWORD PTR[8+rsp]
-       rol     r12d,30
-       add     ebp,ebx
-       rol     eax,1
-       mov     DWORD PTR[20+rsp],eax
-       lea     edi,DWORD PTR[3395469782+rsi*1+rax]
-       mov     eax,DWORD PTR[24+rsp]
-       mov     ebx,r12d
+       mov     edi,eax
+       rol     eax,5
+       add     ebp,esi
+       xor     ecx,edx
+       add     ebp,eax
+       mov     esi,ebx
+       xor     ebx,ecx
+       add     edx,DWORD PTR[12+rsp]
+       and     esi,ecx
+       and     edi,ebx
+       ror     eax,7
+       add     edx,esi
        mov     esi,ebp
-       xor     eax,DWORD PTR[32+rsp]
-       xor     ebx,r11d
-       rol     esi,5
-       xor     eax,DWORD PTR[56+rsp]
-       xor     ebx,edx
-       add     edi,esi
-       xor     eax,DWORD PTR[12+rsp]
-       rol     r11d,30
-       add     edi,ebx
-       rol     eax,1
-       mov     DWORD PTR[24+rsp],eax
-       lea     esi,DWORD PTR[3395469782+rdx*1+rax]
-       mov     eax,DWORD PTR[28+rsp]
-       mov     ebx,r11d
-       mov     edx,edi
-       xor     eax,DWORD PTR[36+rsp]
-       xor     ebx,ebp
+       rol     ebp,5
+       add     edx,edi
+       xor     ebx,ecx
+       add     edx,ebp
+       mov     edi,eax
+       pxor    xmm1,xmm5
+DB     102,68,15,58,15,207,8
+       xor     eax,ebx
+       add     ecx,DWORD PTR[16+rsp]
+       and     edi,ebx
+       pxor    xmm1,xmm2
+       and     esi,eax
+       ror     ebp,7
+       movdqa  xmm8,xmm10
+       paddd   xmm10,xmm0
+       add     ecx,edi
+       mov     edi,edx
+       pxor    xmm1,xmm9
        rol     edx,5
-       xor     eax,DWORD PTR[60+rsp]
-       xor     ebx,r12d
-       add     esi,edx
-       xor     eax,DWORD PTR[16+rsp]
-       rol     ebp,30
-       add     esi,ebx
-       rol     eax,1
-       mov     DWORD PTR[28+rsp],eax
-       lea     edx,DWORD PTR[3395469782+r12*1+rax]
-       mov     eax,DWORD PTR[32+rsp]
-       mov     ebx,ebp
-       mov     r12d,esi
-       xor     eax,DWORD PTR[40+rsp]
-       xor     ebx,edi
-       rol     r12d,5
-       xor     eax,DWORD PTR[rsp]
-       xor     ebx,r11d
-       add     edx,r12d
-       xor     eax,DWORD PTR[20+rsp]
-       rol     edi,30
-       add     edx,ebx
-       rol     eax,1
-       mov     DWORD PTR[32+rsp],eax
-       lea     r12d,DWORD PTR[3395469782+r11*1+rax]
-       mov     eax,DWORD PTR[36+rsp]
-       mov     ebx,edi
-       mov     r11d,edx
-       xor     eax,DWORD PTR[44+rsp]
-       xor     ebx,esi
-       rol     r11d,5
-       xor     eax,DWORD PTR[4+rsp]
-       xor     ebx,ebp
-       add     r12d,r11d
-       xor     eax,DWORD PTR[24+rsp]
-       rol     esi,30
-       add     r12d,ebx
-       rol     eax,1
-       mov     DWORD PTR[36+rsp],eax
-       lea     r11d,DWORD PTR[3395469782+rbp*1+rax]
-       mov     eax,DWORD PTR[40+rsp]
-       mov     ebx,esi
-       mov     ebp,r12d
-       xor     eax,DWORD PTR[48+rsp]
-       xor     ebx,edx
+       add     ecx,esi
+       xor     eax,ebx
+       add     ecx,edx
+       movdqa  xmm9,xmm1
+       movdqa  XMMWORD PTR[rsp],xmm10
+       mov     esi,ebp
+       xor     ebp,eax
+       add     ebx,DWORD PTR[20+rsp]
+       and     esi,eax
+       pslld   xmm1,2
+       and     edi,ebp
+       ror     edx,7
+       psrld   xmm9,30
+       add     ebx,esi
+       mov     esi,ecx
+       rol     ecx,5
+       add     ebx,edi
+       xor     ebp,eax
+       add     ebx,ecx
+       por     xmm1,xmm9
+       mov     edi,edx
+       xor     edx,ebp
+       movdqa  xmm10,xmm1
+       add     eax,DWORD PTR[24+rsp]
+       and     edi,ebp
+       and     esi,edx
+       ror     ecx,7
+       add     eax,edi
+       mov     edi,ebx
+       rol     ebx,5
+       add     eax,esi
+       xor     edx,ebp
+       add     eax,ebx
+       mov     esi,ecx
+       xor     ecx,edx
+       add     ebp,DWORD PTR[28+rsp]
+       and     esi,edx
+       and     edi,ecx
+       ror     ebx,7
+       add     ebp,esi
+       mov     esi,eax
+       rol     eax,5
+       add     ebp,edi
+       xor     ecx,edx
+       add     ebp,eax
+       mov     edi,ebx
+       pxor    xmm2,xmm6
+DB     102,68,15,58,15,208,8
+       xor     ebx,ecx
+       add     edx,DWORD PTR[32+rsp]
+       and     edi,ecx
+       pxor    xmm2,xmm3
+       and     esi,ebx
+       ror     eax,7
+       movdqa  xmm9,xmm8
+       paddd   xmm8,xmm1
+       add     edx,edi
+       mov     edi,ebp
+       pxor    xmm2,xmm10
        rol     ebp,5
-       xor     eax,DWORD PTR[8+rsp]
-       xor     ebx,edi
-       add     r11d,ebp
-       xor     eax,DWORD PTR[28+rsp]
-       rol     edx,30
-       add     r11d,ebx
-       rol     eax,1
-       mov     DWORD PTR[40+rsp],eax
-       lea     ebp,DWORD PTR[3395469782+rdi*1+rax]
-       mov     eax,DWORD PTR[44+rsp]
-       mov     ebx,edx
-       mov     edi,r11d
-       xor     eax,DWORD PTR[52+rsp]
-       xor     ebx,r12d
-       rol     edi,5
-       xor     eax,DWORD PTR[12+rsp]
-       xor     ebx,esi
+       add     edx,esi
+       xor     ebx,ecx
+       add     edx,ebp
+       movdqa  xmm10,xmm2
+       movdqa  XMMWORD PTR[16+rsp],xmm8
+       mov     esi,eax
+       xor     eax,ebx
+       add     ecx,DWORD PTR[36+rsp]
+       and     esi,ebx
+       pslld   xmm2,2
+       and     edi,eax
+       ror     ebp,7
+       psrld   xmm10,30
+       add     ecx,esi
+       mov     esi,edx
+       rol     edx,5
+       add     ecx,edi
+       xor     eax,ebx
+       add     ecx,edx
+       por     xmm2,xmm10
+       mov     edi,ebp
+       xor     ebp,eax
+       movdqa  xmm8,xmm2
+       add     ebx,DWORD PTR[40+rsp]
+       and     edi,eax
+       and     esi,ebp
+       ror     edx,7
+       add     ebx,edi
+       mov     edi,ecx
+       rol     ecx,5
+       add     ebx,esi
+       xor     ebp,eax
+       add     ebx,ecx
+       mov     esi,edx
+       xor     edx,ebp
+       add     eax,DWORD PTR[44+rsp]
+       and     esi,ebp
+       and     edi,edx
+       ror     ecx,7
+       add     eax,esi
+       mov     esi,ebx
+       rol     ebx,5
+       add     eax,edi
+       xor     edx,ebp
+       add     eax,ebx
+       add     ebp,DWORD PTR[48+rsp]
+       pxor    xmm3,xmm7
+DB     102,68,15,58,15,193,8
+       xor     esi,edx
+       mov     edi,eax
+       rol     eax,5
+       pxor    xmm3,xmm4
+       xor     esi,ecx
+       add     ebp,eax
+       movdqa  xmm10,xmm9
+       paddd   xmm9,xmm2
+       ror     ebx,7
+       add     ebp,esi
+       pxor    xmm3,xmm8
+       add     edx,DWORD PTR[52+rsp]
+       xor     edi,ecx
+       mov     esi,ebp
+       rol     ebp,5
+       movdqa  xmm8,xmm3
+       movdqa  XMMWORD PTR[32+rsp],xmm9
+       xor     edi,ebx
+       add     edx,ebp
+       ror     eax,7
+       add     edx,edi
+       pslld   xmm3,2
+       add     ecx,DWORD PTR[56+rsp]
+       xor     esi,ebx
+       psrld   xmm8,30
+       mov     edi,edx
+       rol     edx,5
+       xor     esi,eax
+       add     ecx,edx
+       ror     ebp,7
+       add     ecx,esi
+       por     xmm3,xmm8
+       add     ebx,DWORD PTR[60+rsp]
+       xor     edi,eax
+       mov     esi,ecx
+       rol     ecx,5
+       xor     edi,ebp
+       add     ebx,ecx
+       ror     edx,7
+       add     ebx,edi
+       add     eax,DWORD PTR[rsp]
+       paddd   xmm10,xmm3
+       xor     esi,ebp
+       mov     edi,ebx
+       rol     ebx,5
+       xor     esi,edx
+       movdqa  XMMWORD PTR[48+rsp],xmm10
+       add     eax,ebx
+       ror     ecx,7
+       add     eax,esi
+       add     ebp,DWORD PTR[4+rsp]
+       xor     edi,edx
+       mov     esi,eax
+       rol     eax,5
+       xor     edi,ecx
+       add     ebp,eax
+       ror     ebx,7
        add     ebp,edi
-       xor     eax,DWORD PTR[32+rsp]
-       rol     r12d,30
-       add     ebp,ebx
-       rol     eax,1
-       mov     DWORD PTR[44+rsp],eax
-       lea     edi,DWORD PTR[3395469782+rsi*1+rax]
-       mov     eax,DWORD PTR[48+rsp]
-       mov     ebx,r12d
+       add     edx,DWORD PTR[8+rsp]
+       xor     esi,ecx
+       mov     edi,ebp
+       rol     ebp,5
+       xor     esi,ebx
+       add     edx,ebp
+       ror     eax,7
+       add     edx,esi
+       add     ecx,DWORD PTR[12+rsp]
+       xor     edi,ebx
+       mov     esi,edx
+       rol     edx,5
+       xor     edi,eax
+       add     ecx,edx
+       ror     ebp,7
+       add     ecx,edi
+       cmp     r9,r10
+       je      $L$done_ssse3
+       movdqa  xmm6,XMMWORD PTR[64+r11]
+       movdqa  xmm9,XMMWORD PTR[r11]
+       movdqu  xmm0,XMMWORD PTR[r9]
+       movdqu  xmm1,XMMWORD PTR[16+r9]
+       movdqu  xmm2,XMMWORD PTR[32+r9]
+       movdqu  xmm3,XMMWORD PTR[48+r9]
+DB     102,15,56,0,198
+       add     r9,64
+       add     ebx,DWORD PTR[16+rsp]
+       xor     esi,eax
+DB     102,15,56,0,206
+       mov     edi,ecx
+       rol     ecx,5
+       paddd   xmm0,xmm9
+       xor     esi,ebp
+       add     ebx,ecx
+       ror     edx,7
+       add     ebx,esi
+       movdqa  XMMWORD PTR[rsp],xmm0
+       add     eax,DWORD PTR[20+rsp]
+       xor     edi,ebp
+       psubd   xmm0,xmm9
+       mov     esi,ebx
+       rol     ebx,5
+       xor     edi,edx
+       add     eax,ebx
+       ror     ecx,7
+       add     eax,edi
+       add     ebp,DWORD PTR[24+rsp]
+       xor     esi,edx
+       mov     edi,eax
+       rol     eax,5
+       xor     esi,ecx
+       add     ebp,eax
+       ror     ebx,7
+       add     ebp,esi
+       add     edx,DWORD PTR[28+rsp]
+       xor     edi,ecx
        mov     esi,ebp
-       xor     eax,DWORD PTR[56+rsp]
-       xor     ebx,r11d
-       rol     esi,5
-       xor     eax,DWORD PTR[16+rsp]
-       xor     ebx,edx
-       add     edi,esi
-       xor     eax,DWORD PTR[36+rsp]
-       rol     r11d,30
-       add     edi,ebx
-       rol     eax,1
-       mov     DWORD PTR[48+rsp],eax
-       lea     esi,DWORD PTR[3395469782+rdx*1+rax]
-       mov     eax,DWORD PTR[52+rsp]
-       mov     ebx,r11d
-       mov     edx,edi
-       xor     eax,DWORD PTR[60+rsp]
-       xor     ebx,ebp
+       rol     ebp,5
+       xor     edi,ebx
+       add     edx,ebp
+       ror     eax,7
+       add     edx,edi
+       add     ecx,DWORD PTR[32+rsp]
+       xor     esi,ebx
+DB     102,15,56,0,214
+       mov     edi,edx
        rol     edx,5
-       xor     eax,DWORD PTR[20+rsp]
-       xor     ebx,r12d
-       add     esi,edx
-       xor     eax,DWORD PTR[40+rsp]
-       rol     ebp,30
-       add     esi,ebx
-       rol     eax,1
-       lea     edx,DWORD PTR[3395469782+r12*1+rax]
-       mov     eax,DWORD PTR[56+rsp]
-       mov     ebx,ebp
-       mov     r12d,esi
-       xor     eax,DWORD PTR[rsp]
-       xor     ebx,edi
-       rol     r12d,5
-       xor     eax,DWORD PTR[24+rsp]
-       xor     ebx,r11d
-       add     edx,r12d
-       xor     eax,DWORD PTR[44+rsp]
-       rol     edi,30
-       add     edx,ebx
-       rol     eax,1
-       lea     r12d,DWORD PTR[3395469782+r11*1+rax]
-       mov     eax,DWORD PTR[60+rsp]
-       mov     ebx,edi
-       mov     r11d,edx
-       xor     eax,DWORD PTR[4+rsp]
-       xor     ebx,esi
-       rol     r11d,5
-       xor     eax,DWORD PTR[28+rsp]
-       xor     ebx,ebp
-       add     r12d,r11d
-       xor     eax,DWORD PTR[48+rsp]
-       rol     esi,30
-       add     r12d,ebx
-       rol     eax,1
-       lea     r11d,DWORD PTR[3395469782+rbp*1+rax]
-       mov     ebx,esi
-       mov     ebp,r12d
-       xor     ebx,edx
+       paddd   xmm1,xmm9
+       xor     esi,eax
+       add     ecx,edx
+       ror     ebp,7
+       add     ecx,esi
+       movdqa  XMMWORD PTR[16+rsp],xmm1
+       add     ebx,DWORD PTR[36+rsp]
+       xor     edi,eax
+       psubd   xmm1,xmm9
+       mov     esi,ecx
+       rol     ecx,5
+       xor     edi,ebp
+       add     ebx,ecx
+       ror     edx,7
+       add     ebx,edi
+       add     eax,DWORD PTR[40+rsp]
+       xor     esi,ebp
+       mov     edi,ebx
+       rol     ebx,5
+       xor     esi,edx
+       add     eax,ebx
+       ror     ecx,7
+       add     eax,esi
+       add     ebp,DWORD PTR[44+rsp]
+       xor     edi,edx
+       mov     esi,eax
+       rol     eax,5
+       xor     edi,ecx
+       add     ebp,eax
+       ror     ebx,7
+       add     ebp,edi
+       add     edx,DWORD PTR[48+rsp]
+       xor     esi,ecx
+DB     102,15,56,0,222
+       mov     edi,ebp
        rol     ebp,5
-       xor     ebx,edi
-       add     r11d,ebp
-       rol     edx,30
-       add     r11d,ebx
-       add     r11d,DWORD PTR[r8]
-       add     r12d,DWORD PTR[4+r8]
-       add     edx,DWORD PTR[8+r8]
-       add     esi,DWORD PTR[12+r8]
-       add     edi,DWORD PTR[16+r8]
-       mov     DWORD PTR[r8],r11d
-       mov     DWORD PTR[4+r8],r12d
-       mov     DWORD PTR[8+r8],edx
-       mov     DWORD PTR[12+r8],esi
-       mov     DWORD PTR[16+r8],edi
-
-       xchg    edx,r11d
-       xchg    esi,r12d
-       xchg    edi,r11d
-       xchg    ebp,r12d
+       paddd   xmm2,xmm9
+       xor     esi,ebx
+       add     edx,ebp
+       ror     eax,7
+       add     edx,esi
+       movdqa  XMMWORD PTR[32+rsp],xmm2
+       add     ecx,DWORD PTR[52+rsp]
+       xor     edi,ebx
+       psubd   xmm2,xmm9
+       mov     esi,edx
+       rol     edx,5
+       xor     edi,eax
+       add     ecx,edx
+       ror     ebp,7
+       add     ecx,edi
+       add     ebx,DWORD PTR[56+rsp]
+       xor     esi,eax
+       mov     edi,ecx
+       rol     ecx,5
+       xor     esi,ebp
+       add     ebx,ecx
+       ror     edx,7
+       add     ebx,esi
+       add     eax,DWORD PTR[60+rsp]
+       xor     edi,ebp
+       mov     esi,ebx
+       rol     ebx,5
+       xor     edi,edx
+       add     eax,ebx
+       ror     ecx,7
+       add     eax,edi
+       add     eax,DWORD PTR[r8]
+       add     esi,DWORD PTR[4+r8]
+       add     ecx,DWORD PTR[8+r8]
+       add     edx,DWORD PTR[12+r8]
+       mov     DWORD PTR[r8],eax
+       add     ebp,DWORD PTR[16+r8]
+       mov     DWORD PTR[4+r8],esi
+       mov     ebx,esi
+       mov     DWORD PTR[8+r8],ecx
+       mov     DWORD PTR[12+r8],edx
+       mov     DWORD PTR[16+r8],ebp
+       jmp     $L$oop_ssse3
 
-       lea     r9,QWORD PTR[64+r9]
-       sub     r10,1
-       jnz     $L$loop
-       mov     rsi,QWORD PTR[64+rsp]
+ALIGN  16
+$L$done_ssse3::
+       add     ebx,DWORD PTR[16+rsp]
+       xor     esi,eax
+       mov     edi,ecx
+       rol     ecx,5
+       xor     esi,ebp
+       add     ebx,ecx
+       ror     edx,7
+       add     ebx,esi
+       add     eax,DWORD PTR[20+rsp]
+       xor     edi,ebp
+       mov     esi,ebx
+       rol     ebx,5
+       xor     edi,edx
+       add     eax,ebx
+       ror     ecx,7
+       add     eax,edi
+       add     ebp,DWORD PTR[24+rsp]
+       xor     esi,edx
+       mov     edi,eax
+       rol     eax,5
+       xor     esi,ecx
+       add     ebp,eax
+       ror     ebx,7
+       add     ebp,esi
+       add     edx,DWORD PTR[28+rsp]
+       xor     edi,ecx
+       mov     esi,ebp
+       rol     ebp,5
+       xor     edi,ebx
+       add     edx,ebp
+       ror     eax,7
+       add     edx,edi
+       add     ecx,DWORD PTR[32+rsp]
+       xor     esi,ebx
+       mov     edi,edx
+       rol     edx,5
+       xor     esi,eax
+       add     ecx,edx
+       ror     ebp,7
+       add     ecx,esi
+       add     ebx,DWORD PTR[36+rsp]
+       xor     edi,eax
+       mov     esi,ecx
+       rol     ecx,5
+       xor     edi,ebp
+       add     ebx,ecx
+       ror     edx,7
+       add     ebx,edi
+       add     eax,DWORD PTR[40+rsp]
+       xor     esi,ebp
+       mov     edi,ebx
+       rol     ebx,5
+       xor     esi,edx
+       add     eax,ebx
+       ror     ecx,7
+       add     eax,esi
+       add     ebp,DWORD PTR[44+rsp]
+       xor     edi,edx
+       mov     esi,eax
+       rol     eax,5
+       xor     edi,ecx
+       add     ebp,eax
+       ror     ebx,7
+       add     ebp,edi
+       add     edx,DWORD PTR[48+rsp]
+       xor     esi,ecx
+       mov     edi,ebp
+       rol     ebp,5
+       xor     esi,ebx
+       add     edx,ebp
+       ror     eax,7
+       add     edx,esi
+       add     ecx,DWORD PTR[52+rsp]
+       xor     edi,ebx
+       mov     esi,edx
+       rol     edx,5
+       xor     edi,eax
+       add     ecx,edx
+       ror     ebp,7
+       add     ecx,edi
+       add     ebx,DWORD PTR[56+rsp]
+       xor     esi,eax
+       mov     edi,ecx
+       rol     ecx,5
+       xor     esi,ebp
+       add     ebx,ecx
+       ror     edx,7
+       add     ebx,esi
+       add     eax,DWORD PTR[60+rsp]
+       xor     edi,ebp
+       mov     esi,ebx
+       rol     ebx,5
+       xor     edi,edx
+       add     eax,ebx
+       ror     ecx,7
+       add     eax,edi
+       add     eax,DWORD PTR[r8]
+       add     esi,DWORD PTR[4+r8]
+       add     ecx,DWORD PTR[8+r8]
+       mov     DWORD PTR[r8],eax
+       add     edx,DWORD PTR[12+r8]
+       mov     DWORD PTR[4+r8],esi
+       add     ebp,DWORD PTR[16+r8]
+       mov     DWORD PTR[8+r8],ecx
+       mov     DWORD PTR[12+r8],edx
+       mov     DWORD PTR[16+r8],ebp
+       movaps  xmm6,XMMWORD PTR[((64+0))+rsp]
+       movaps  xmm7,XMMWORD PTR[((64+16))+rsp]
+       movaps  xmm8,XMMWORD PTR[((64+32))+rsp]
+       movaps  xmm9,XMMWORD PTR[((64+48))+rsp]
+       movaps  xmm10,XMMWORD PTR[((64+64))+rsp]
+       lea     rsi,QWORD PTR[144+rsp]
        mov     r12,QWORD PTR[rsi]
        mov     rbp,QWORD PTR[8+rsi]
        mov     rbx,QWORD PTR[16+rsi]
        lea     rsp,QWORD PTR[24+rsi]
-$L$epilogue::
+$L$epilogue_ssse3::
        mov     rdi,QWORD PTR[8+rsp]    ;WIN64 epilogue
        mov     rsi,QWORD PTR[16+rsp]
        DB      0F3h,0C3h               ;repret
-$L$SEH_end_sha1_block_data_order::
-sha1_block_data_order  ENDP
+$L$SEH_end_sha1_block_data_order_ssse3::
+sha1_block_data_order_ssse3    ENDP
+ALIGN  64
+K_XX_XX::
+       DD      05a827999h,05a827999h,05a827999h,05a827999h
+
+       DD      06ed9eba1h,06ed9eba1h,06ed9eba1h,06ed9eba1h
+
+       DD      08f1bbcdch,08f1bbcdch,08f1bbcdch,08f1bbcdch
+
+       DD      0ca62c1d6h,0ca62c1d6h,0ca62c1d6h,0ca62c1d6h
+
+       DD      000010203h,004050607h,008090a0bh,00c0d0e0fh
+
 DB     83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115
 DB     102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44
 DB     32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60
 DB     97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114
 DB     103,62,0
-ALIGN  16
+ALIGN  64
 EXTERN __imp_RtlVirtualUnwind:NEAR
 
 ALIGN  16
@@ -1317,16 +2549,67 @@ se_handler      PROC PRIVATE
 
        lea     r10,QWORD PTR[$L$prologue]
        cmp     rbx,r10
-       jb      $L$in_prologue
+       jb      $L$common_seh_tail
 
        mov     rax,QWORD PTR[152+r8]
 
        lea     r10,QWORD PTR[$L$epilogue]
        cmp     rbx,r10
-       jae     $L$in_prologue
+       jae     $L$common_seh_tail
 
        mov     rax,QWORD PTR[64+rax]
-       lea     rax,QWORD PTR[24+rax]
+       lea     rax,QWORD PTR[32+rax]
+
+       mov     rbx,QWORD PTR[((-8))+rax]
+       mov     rbp,QWORD PTR[((-16))+rax]
+       mov     r12,QWORD PTR[((-24))+rax]
+       mov     r13,QWORD PTR[((-32))+rax]
+       mov     QWORD PTR[144+r8],rbx
+       mov     QWORD PTR[160+r8],rbp
+       mov     QWORD PTR[216+r8],r12
+       mov     QWORD PTR[224+r8],r13
+
+       jmp     $L$common_seh_tail
+se_handler     ENDP
+
+
+ALIGN  16
+ssse3_handler  PROC PRIVATE
+       push    rsi
+       push    rdi
+       push    rbx
+       push    rbp
+       push    r12
+       push    r13
+       push    r14
+       push    r15
+       pushfq
+       sub     rsp,64
+
+       mov     rax,QWORD PTR[120+r8]
+       mov     rbx,QWORD PTR[248+r8]
+
+       mov     rsi,QWORD PTR[8+r9]
+       mov     r11,QWORD PTR[56+r9]
+
+       mov     r10d,DWORD PTR[r11]
+       lea     r10,QWORD PTR[r10*1+rsi]
+       cmp     rbx,r10
+       jb      $L$common_seh_tail
+
+       mov     rax,QWORD PTR[152+r8]
+
+       mov     r10d,DWORD PTR[4+r11]
+       lea     r10,QWORD PTR[r10*1+rsi]
+       cmp     rbx,r10
+       jae     $L$common_seh_tail
+
+       lea     rsi,QWORD PTR[64+rax]
+       lea     rdi,QWORD PTR[512+r8]
+       mov     ecx,10
+       DD      0a548f3fch
+
+       lea     rax,QWORD PTR[168+rax]
 
        mov     rbx,QWORD PTR[((-8))+rax]
        mov     rbp,QWORD PTR[((-16))+rax]
@@ -1335,7 +2618,7 @@ se_handler        PROC PRIVATE
        mov     QWORD PTR[160+r8],rbp
        mov     QWORD PTR[216+r8],r12
 
-$L$in_prologue::
+$L$common_seh_tail::
        mov     rdi,QWORD PTR[8+rax]
        mov     rsi,QWORD PTR[16+rax]
        mov     QWORD PTR[152+r8],rax
@@ -1374,7 +2657,7 @@ $L$in_prologue::
        pop     rdi
        pop     rsi
        DB      0F3h,0C3h               ;repret
-se_handler     ENDP
+ssse3_handler  ENDP
 
 .text$ ENDS
 .pdata SEGMENT READONLY ALIGN(4)
@@ -1382,13 +2665,20 @@ ALIGN   4
        DD      imagerel $L$SEH_begin_sha1_block_data_order
        DD      imagerel $L$SEH_end_sha1_block_data_order
        DD      imagerel $L$SEH_info_sha1_block_data_order
-
+       DD      imagerel $L$SEH_begin_sha1_block_data_order_ssse3
+       DD      imagerel $L$SEH_end_sha1_block_data_order_ssse3
+       DD      imagerel $L$SEH_info_sha1_block_data_order_ssse3
 .pdata ENDS
 .xdata SEGMENT READONLY ALIGN(8)
 ALIGN  8
 $L$SEH_info_sha1_block_data_order::
 DB     9,0,0,0
        DD      imagerel se_handler
+$L$SEH_info_sha1_block_data_order_ssse3::
+DB     9,0,0,0
+       DD      imagerel ssse3_handler
+       DD      imagerel $L$prologue_ssse3,imagerel $L$epilogue_ssse3
+
 
 .xdata ENDS
 END

diff --git a/deps/openssl/asm/x64-win32-masm/sha/sha512-x86_64.asm b/deps/openssl/asm/x64-win32-masm/sha/sha512-x86_64.asm
index 5ea4a63..f685c2f 100644 (file)
--- a/deps/openssl/asm/x64-win32-masm/sha/sha512-x86_64.asm
+++ b/deps/openssl/asm/x64-win32-masm/sha/sha512-x86_64.asm
@@ -26,1930 +26,1738 @@ $L$SEH_begin_sha256_block_data_order::
        sub     rsp,16*4+4*8
        lea     rdx,QWORD PTR[rdx*4+rsi]
        and     rsp,-64
-       mov     QWORD PTR[((16*4+0*8))+rsp],rdi
-       mov     QWORD PTR[((16*4+1*8))+rsp],rsi
-       mov     QWORD PTR[((16*4+2*8))+rsp],rdx
-       mov     QWORD PTR[((16*4+3*8))+rsp],r11
+       mov     QWORD PTR[((64+0))+rsp],rdi
+       mov     QWORD PTR[((64+8))+rsp],rsi
+       mov     QWORD PTR[((64+16))+rsp],rdx
+       mov     QWORD PTR[((64+24))+rsp],r11
 $L$prologue::
 
        lea     rbp,QWORD PTR[K256]
 
-       mov     eax,DWORD PTR[((4*0))+rdi]
-       mov     ebx,DWORD PTR[((4*1))+rdi]
-       mov     ecx,DWORD PTR[((4*2))+rdi]
-       mov     edx,DWORD PTR[((4*3))+rdi]
-       mov     r8d,DWORD PTR[((4*4))+rdi]
-       mov     r9d,DWORD PTR[((4*5))+rdi]
-       mov     r10d,DWORD PTR[((4*6))+rdi]
-       mov     r11d,DWORD PTR[((4*7))+rdi]
+       mov     eax,DWORD PTR[rdi]
+       mov     ebx,DWORD PTR[4+rdi]
+       mov     ecx,DWORD PTR[8+rdi]
+       mov     edx,DWORD PTR[12+rdi]
+       mov     r8d,DWORD PTR[16+rdi]
+       mov     r9d,DWORD PTR[20+rdi]
+       mov     r10d,DWORD PTR[24+rdi]
+       mov     r11d,DWORD PTR[28+rdi]
        jmp     $L$loop
 
 ALIGN  16
 $L$loop::
        xor     rdi,rdi
-       mov     r12d,DWORD PTR[((4*0))+rsi]
-       bswap   r12d
+       mov     r12d,DWORD PTR[rsi]
        mov     r13d,r8d
-       mov     r14d,r8d
+       mov     r14d,eax
+       bswap   r12d
+       ror     r13d,14
        mov     r15d,r9d
+       mov     DWORD PTR[rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,r8d
        xor     r15d,r10d
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,r11d
+       xor     r14d,eax
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,r8d
-       mov     DWORD PTR[rsp],r12d
+       mov     r11d,ebx
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,r8d
        xor     r15d,r10d
-       add     r12d,r11d
-
-       mov     r11d,eax
-       add     r12d,r13d
 
+       xor     r11d,ecx
+       xor     r14d,eax
        add     r12d,r15d
-       mov     r13d,eax
-       mov     r14d,eax
+       mov     r15d,ebx
 
-       ror     r11d,2
-       ror     r13d,13
-       mov     r15d,eax
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     r11d,eax
+       and     r15d,ecx
 
-       xor     r11d,r13d
-       ror     r13d,9
-       or      r14d,ecx
+       ror     r14d,2
+       add     r12d,r13d
+       add     r11d,r15d
 
-       xor     r11d,r13d
-       and     r15d,ecx
        add     edx,r12d
-
-       and     r14d,ebx
        add     r11d,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     r11d,r14d
-       mov     r12d,DWORD PTR[((4*1))+rsi]
-       bswap   r12d
+
+       mov     r12d,DWORD PTR[4+rsi]
        mov     r13d,edx
-       mov     r14d,edx
+       mov     r14d,r11d
+       bswap   r12d
+       ror     r13d,14
        mov     r15d,r8d
+       mov     DWORD PTR[4+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,edx
        xor     r15d,r9d
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,r10d
+       xor     r14d,r11d
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,edx
-       mov     DWORD PTR[4+rsp],r12d
+       mov     r10d,eax
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,edx
        xor     r15d,r9d
-       add     r12d,r10d
-
-       mov     r10d,r11d
-       add     r12d,r13d
 
+       xor     r10d,ebx
+       xor     r14d,r11d
        add     r12d,r15d
-       mov     r13d,r11d
-       mov     r14d,r11d
+       mov     r15d,eax
 
-       ror     r10d,2
-       ror     r13d,13
-       mov     r15d,r11d
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     r10d,r11d
+       and     r15d,ebx
 
-       xor     r10d,r13d
-       ror     r13d,9
-       or      r14d,ebx
+       ror     r14d,2
+       add     r12d,r13d
+       add     r10d,r15d
 
-       xor     r10d,r13d
-       and     r15d,ebx
        add     ecx,r12d
-
-       and     r14d,eax
        add     r10d,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     r10d,r14d
-       mov     r12d,DWORD PTR[((4*2))+rsi]
-       bswap   r12d
+
+       mov     r12d,DWORD PTR[8+rsi]
        mov     r13d,ecx
-       mov     r14d,ecx
+       mov     r14d,r10d
+       bswap   r12d
+       ror     r13d,14
        mov     r15d,edx
+       mov     DWORD PTR[8+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,ecx
        xor     r15d,r8d
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,r9d
+       xor     r14d,r10d
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,ecx
-       mov     DWORD PTR[8+rsp],r12d
+       mov     r9d,r11d
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,ecx
        xor     r15d,r8d
-       add     r12d,r9d
-
-       mov     r9d,r10d
-       add     r12d,r13d
 
+       xor     r9d,eax
+       xor     r14d,r10d
        add     r12d,r15d
-       mov     r13d,r10d
-       mov     r14d,r10d
+       mov     r15d,r11d
 
-       ror     r9d,2
-       ror     r13d,13
-       mov     r15d,r10d
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     r9d,r10d
+       and     r15d,eax
 
-       xor     r9d,r13d
-       ror     r13d,9
-       or      r14d,eax
+       ror     r14d,2
+       add     r12d,r13d
+       add     r9d,r15d
 
-       xor     r9d,r13d
-       and     r15d,eax
        add     ebx,r12d
-
-       and     r14d,r11d
        add     r9d,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     r9d,r14d
-       mov     r12d,DWORD PTR[((4*3))+rsi]
-       bswap   r12d
+
+       mov     r12d,DWORD PTR[12+rsi]
        mov     r13d,ebx
-       mov     r14d,ebx
+       mov     r14d,r9d
+       bswap   r12d
+       ror     r13d,14
        mov     r15d,ecx
+       mov     DWORD PTR[12+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,ebx
        xor     r15d,edx
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,r8d
+       xor     r14d,r9d
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,ebx
-       mov     DWORD PTR[12+rsp],r12d
+       mov     r8d,r10d
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,ebx
        xor     r15d,edx
-       add     r12d,r8d
-
-       mov     r8d,r9d
-       add     r12d,r13d
 
+       xor     r8d,r11d
+       xor     r14d,r9d
        add     r12d,r15d
-       mov     r13d,r9d
-       mov     r14d,r9d
+       mov     r15d,r10d
 
-       ror     r8d,2
-       ror     r13d,13
-       mov     r15d,r9d
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     r8d,r9d
+       and     r15d,r11d
 
-       xor     r8d,r13d
-       ror     r13d,9
-       or      r14d,r11d
+       ror     r14d,2
+       add     r12d,r13d
+       add     r8d,r15d
 
-       xor     r8d,r13d
-       and     r15d,r11d
        add     eax,r12d
-
-       and     r14d,r10d
        add     r8d,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     r8d,r14d
-       mov     r12d,DWORD PTR[((4*4))+rsi]
-       bswap   r12d
+
+       mov     r12d,DWORD PTR[16+rsi]
        mov     r13d,eax
-       mov     r14d,eax
+       mov     r14d,r8d
+       bswap   r12d
+       ror     r13d,14
        mov     r15d,ebx
+       mov     DWORD PTR[16+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,eax
        xor     r15d,ecx
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,edx
+       xor     r14d,r8d
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,eax
-       mov     DWORD PTR[16+rsp],r12d
+       mov     edx,r9d
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,eax
        xor     r15d,ecx
-       add     r12d,edx
-
-       mov     edx,r8d
-       add     r12d,r13d
 
+       xor     edx,r10d
+       xor     r14d,r8d
        add     r12d,r15d
-       mov     r13d,r8d
-       mov     r14d,r8d
+       mov     r15d,r9d
 
-       ror     edx,2
-       ror     r13d,13
-       mov     r15d,r8d
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     edx,r8d
+       and     r15d,r10d
 
-       xor     edx,r13d
-       ror     r13d,9
-       or      r14d,r10d
+       ror     r14d,2
+       add     r12d,r13d
+       add     edx,r15d
 
-       xor     edx,r13d
-       and     r15d,r10d
        add     r11d,r12d
-
-       and     r14d,r9d
        add     edx,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     edx,r14d
-       mov     r12d,DWORD PTR[((4*5))+rsi]
-       bswap   r12d
+
+       mov     r12d,DWORD PTR[20+rsi]
        mov     r13d,r11d
-       mov     r14d,r11d
+       mov     r14d,edx
+       bswap   r12d
+       ror     r13d,14
        mov     r15d,eax
+       mov     DWORD PTR[20+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,r11d
        xor     r15d,ebx
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,ecx
+       xor     r14d,edx
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,r11d
-       mov     DWORD PTR[20+rsp],r12d
+       mov     ecx,r8d
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,r11d
        xor     r15d,ebx
-       add     r12d,ecx
-
-       mov     ecx,edx
-       add     r12d,r13d
 
+       xor     ecx,r9d
+       xor     r14d,edx
        add     r12d,r15d
-       mov     r13d,edx
-       mov     r14d,edx
+       mov     r15d,r8d
 
-       ror     ecx,2
-       ror     r13d,13
-       mov     r15d,edx
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     ecx,edx
+       and     r15d,r9d
 
-       xor     ecx,r13d
-       ror     r13d,9
-       or      r14d,r9d
+       ror     r14d,2
+       add     r12d,r13d
+       add     ecx,r15d
 
-       xor     ecx,r13d
-       and     r15d,r9d
        add     r10d,r12d
-
-       and     r14d,r8d
        add     ecx,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     ecx,r14d
-       mov     r12d,DWORD PTR[((4*6))+rsi]
-       bswap   r12d
+
+       mov     r12d,DWORD PTR[24+rsi]
        mov     r13d,r10d
-       mov     r14d,r10d
+       mov     r14d,ecx
+       bswap   r12d
+       ror     r13d,14
        mov     r15d,r11d
+       mov     DWORD PTR[24+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,r10d
        xor     r15d,eax
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,ebx
+       xor     r14d,ecx
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,r10d
-       mov     DWORD PTR[24+rsp],r12d
+       mov     ebx,edx
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,r10d
        xor     r15d,eax
-       add     r12d,ebx
-
-       mov     ebx,ecx
-       add     r12d,r13d
 
+       xor     ebx,r8d
+       xor     r14d,ecx
        add     r12d,r15d
-       mov     r13d,ecx
-       mov     r14d,ecx
+       mov     r15d,edx
 
-       ror     ebx,2
-       ror     r13d,13
-       mov     r15d,ecx
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     ebx,ecx
+       and     r15d,r8d
 
-       xor     ebx,r13d
-       ror     r13d,9
-       or      r14d,r8d
+       ror     r14d,2
+       add     r12d,r13d
+       add     ebx,r15d
 
-       xor     ebx,r13d
-       and     r15d,r8d
        add     r9d,r12d
-
-       and     r14d,edx
        add     ebx,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     ebx,r14d
-       mov     r12d,DWORD PTR[((4*7))+rsi]
-       bswap   r12d
+
+       mov     r12d,DWORD PTR[28+rsi]
        mov     r13d,r9d
-       mov     r14d,r9d
+       mov     r14d,ebx
+       bswap   r12d
+       ror     r13d,14
        mov     r15d,r10d
+       mov     DWORD PTR[28+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,r9d
        xor     r15d,r11d
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,eax
+       xor     r14d,ebx
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,r9d
-       mov     DWORD PTR[28+rsp],r12d
+       mov     eax,ecx
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,r9d
        xor     r15d,r11d
-       add     r12d,eax
-
-       mov     eax,ebx
-       add     r12d,r13d
 
+       xor     eax,edx
+       xor     r14d,ebx
        add     r12d,r15d
-       mov     r13d,ebx
-       mov     r14d,ebx
+       mov     r15d,ecx
 
-       ror     eax,2
-       ror     r13d,13
-       mov     r15d,ebx
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     eax,ebx
+       and     r15d,edx
 
-       xor     eax,r13d
-       ror     r13d,9
-       or      r14d,edx
+       ror     r14d,2
+       add     r12d,r13d
+       add     eax,r15d
 
-       xor     eax,r13d
-       and     r15d,edx
        add     r8d,r12d
-
-       and     r14d,ecx
        add     eax,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     eax,r14d
-       mov     r12d,DWORD PTR[((4*8))+rsi]
-       bswap   r12d
+
+       mov     r12d,DWORD PTR[32+rsi]
        mov     r13d,r8d
-       mov     r14d,r8d
+       mov     r14d,eax
+       bswap   r12d
+       ror     r13d,14
        mov     r15d,r9d
+       mov     DWORD PTR[32+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,r8d
        xor     r15d,r10d
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,r11d
+       xor     r14d,eax
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,r8d
-       mov     DWORD PTR[32+rsp],r12d
+       mov     r11d,ebx
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,r8d
        xor     r15d,r10d
-       add     r12d,r11d
-
-       mov     r11d,eax
-       add     r12d,r13d
 
+       xor     r11d,ecx
+       xor     r14d,eax
        add     r12d,r15d
-       mov     r13d,eax
-       mov     r14d,eax
+       mov     r15d,ebx
 
-       ror     r11d,2
-       ror     r13d,13
-       mov     r15d,eax
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     r11d,eax
+       and     r15d,ecx
 
-       xor     r11d,r13d
-       ror     r13d,9
-       or      r14d,ecx
+       ror     r14d,2
+       add     r12d,r13d
+       add     r11d,r15d
 
-       xor     r11d,r13d
-       and     r15d,ecx
        add     edx,r12d
-
-       and     r14d,ebx
        add     r11d,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     r11d,r14d
-       mov     r12d,DWORD PTR[((4*9))+rsi]
-       bswap   r12d
+
+       mov     r12d,DWORD PTR[36+rsi]
        mov     r13d,edx
-       mov     r14d,edx
+       mov     r14d,r11d
+       bswap   r12d
+       ror     r13d,14
        mov     r15d,r8d
-
-       ror     r13d,6
-       ror     r14d,11
-       xor     r15d,r9d
-
-       xor     r13d,r14d
-       ror     r14d,14
-       and     r15d,edx
        mov     DWORD PTR[36+rsp],r12d
 
-       xor     r13d,r14d
+       ror     r14d,9
+       xor     r13d,edx
        xor     r15d,r9d
-       add     r12d,r10d
-
-       mov     r10d,r11d
-       add     r12d,r13d
 
-       add     r12d,r15d
-       mov     r13d,r11d
-       mov     r14d,r11d
+       ror     r13d,5
+       add     r12d,r10d
+       xor     r14d,r11d
 
-       ror     r10d,2
-       ror     r13d,13
-       mov     r15d,r11d
        add     r12d,DWORD PTR[rdi*4+rbp]
+       and     r15d,edx
+       mov     r10d,eax
+
+       ror     r14d,11
+       xor     r13d,edx
+       xor     r15d,r9d
 
-       xor     r10d,r13d
-       ror     r13d,9
-       or      r14d,ebx
+       xor     r10d,ebx
+       xor     r14d,r11d
+       add     r12d,r15d
+       mov     r15d,eax
 
-       xor     r10d,r13d
+       ror     r13d,6
+       and     r10d,r11d
        and     r15d,ebx
-       add     ecx,r12d
 
-       and     r14d,eax
-       add     r10d,r12d
+       ror     r14d,2
+       add     r12d,r13d
+       add     r10d,r15d
 
-       or      r14d,r15d
+       add     ecx,r12d
+       add     r10d,r12d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     r10d,r14d
-       mov     r12d,DWORD PTR[((4*10))+rsi]
-       bswap   r12d
+
+       mov     r12d,DWORD PTR[40+rsi]
        mov     r13d,ecx
-       mov     r14d,ecx
+       mov     r14d,r10d
+       bswap   r12d
+       ror     r13d,14
        mov     r15d,edx
+       mov     DWORD PTR[40+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,ecx
        xor     r15d,r8d
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,r9d
+       xor     r14d,r10d
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,ecx
-       mov     DWORD PTR[40+rsp],r12d
+       mov     r9d,r11d
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,ecx
        xor     r15d,r8d
-       add     r12d,r9d
-
-       mov     r9d,r10d
-       add     r12d,r13d
 
+       xor     r9d,eax
+       xor     r14d,r10d
        add     r12d,r15d
-       mov     r13d,r10d
-       mov     r14d,r10d
+       mov     r15d,r11d
 
-       ror     r9d,2
-       ror     r13d,13
-       mov     r15d,r10d
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     r9d,r10d
+       and     r15d,eax
 
-       xor     r9d,r13d
-       ror     r13d,9
-       or      r14d,eax
+       ror     r14d,2
+       add     r12d,r13d
+       add     r9d,r15d
 
-       xor     r9d,r13d
-       and     r15d,eax
        add     ebx,r12d
-
-       and     r14d,r11d
        add     r9d,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     r9d,r14d
-       mov     r12d,DWORD PTR[((4*11))+rsi]
-       bswap   r12d
+
+       mov     r12d,DWORD PTR[44+rsi]
        mov     r13d,ebx
-       mov     r14d,ebx
+       mov     r14d,r9d
+       bswap   r12d
+       ror     r13d,14
        mov     r15d,ecx
+       mov     DWORD PTR[44+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,ebx
        xor     r15d,edx
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,r8d
+       xor     r14d,r9d
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,ebx
-       mov     DWORD PTR[44+rsp],r12d
+       mov     r8d,r10d
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,ebx
        xor     r15d,edx
-       add     r12d,r8d
-
-       mov     r8d,r9d
-       add     r12d,r13d
 
+       xor     r8d,r11d
+       xor     r14d,r9d
        add     r12d,r15d
-       mov     r13d,r9d
-       mov     r14d,r9d
+       mov     r15d,r10d
 
-       ror     r8d,2
-       ror     r13d,13
-       mov     r15d,r9d
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     r8d,r9d
+       and     r15d,r11d
 
-       xor     r8d,r13d
-       ror     r13d,9
-       or      r14d,r11d
+       ror     r14d,2
+       add     r12d,r13d
+       add     r8d,r15d
 
-       xor     r8d,r13d
-       and     r15d,r11d
        add     eax,r12d
-
-       and     r14d,r10d
        add     r8d,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     r8d,r14d
-       mov     r12d,DWORD PTR[((4*12))+rsi]
-       bswap   r12d
+
+       mov     r12d,DWORD PTR[48+rsi]
        mov     r13d,eax
-       mov     r14d,eax
+       mov     r14d,r8d
+       bswap   r12d
+       ror     r13d,14
        mov     r15d,ebx
+       mov     DWORD PTR[48+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,eax
        xor     r15d,ecx
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,edx
+       xor     r14d,r8d
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,eax
-       mov     DWORD PTR[48+rsp],r12d
+       mov     edx,r9d
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,eax
        xor     r15d,ecx
-       add     r12d,edx
-
-       mov     edx,r8d
-       add     r12d,r13d
 
+       xor     edx,r10d
+       xor     r14d,r8d
        add     r12d,r15d
-       mov     r13d,r8d
-       mov     r14d,r8d
+       mov     r15d,r9d
 
-       ror     edx,2
-       ror     r13d,13
-       mov     r15d,r8d
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     edx,r8d
+       and     r15d,r10d
 
-       xor     edx,r13d
-       ror     r13d,9
-       or      r14d,r10d
+       ror     r14d,2
+       add     r12d,r13d
+       add     edx,r15d
 
-       xor     edx,r13d
-       and     r15d,r10d
        add     r11d,r12d
-
-       and     r14d,r9d
        add     edx,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     edx,r14d
-       mov     r12d,DWORD PTR[((4*13))+rsi]
-       bswap   r12d
+
+       mov     r12d,DWORD PTR[52+rsi]
        mov     r13d,r11d
-       mov     r14d,r11d
+       mov     r14d,edx
+       bswap   r12d
+       ror     r13d,14
        mov     r15d,eax
+       mov     DWORD PTR[52+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,r11d
        xor     r15d,ebx
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,ecx
+       xor     r14d,edx
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,r11d
-       mov     DWORD PTR[52+rsp],r12d
+       mov     ecx,r8d
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,r11d
        xor     r15d,ebx
-       add     r12d,ecx
-
-       mov     ecx,edx
-       add     r12d,r13d
 
+       xor     ecx,r9d
+       xor     r14d,edx
        add     r12d,r15d
-       mov     r13d,edx
-       mov     r14d,edx
+       mov     r15d,r8d
 
-       ror     ecx,2
-       ror     r13d,13
-       mov     r15d,edx
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     ecx,edx
+       and     r15d,r9d
 
-       xor     ecx,r13d
-       ror     r13d,9
-       or      r14d,r9d
+       ror     r14d,2
+       add     r12d,r13d
+       add     ecx,r15d
 
-       xor     ecx,r13d
-       and     r15d,r9d
        add     r10d,r12d
-
-       and     r14d,r8d
        add     ecx,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     ecx,r14d
-       mov     r12d,DWORD PTR[((4*14))+rsi]
-       bswap   r12d
+
+       mov     r12d,DWORD PTR[56+rsi]
        mov     r13d,r10d
-       mov     r14d,r10d
+       mov     r14d,ecx
+       bswap   r12d
+       ror     r13d,14
        mov     r15d,r11d
+       mov     DWORD PTR[56+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,r10d
        xor     r15d,eax
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,ebx
+       xor     r14d,ecx
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,r10d
-       mov     DWORD PTR[56+rsp],r12d
+       mov     ebx,edx
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,r10d
        xor     r15d,eax
-       add     r12d,ebx
-
-       mov     ebx,ecx
-       add     r12d,r13d
 
+       xor     ebx,r8d
+       xor     r14d,ecx
        add     r12d,r15d
-       mov     r13d,ecx
-       mov     r14d,ecx
+       mov     r15d,edx
 
-       ror     ebx,2
-       ror     r13d,13
-       mov     r15d,ecx
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     ebx,ecx
+       and     r15d,r8d
 
-       xor     ebx,r13d
-       ror     r13d,9
-       or      r14d,r8d
+       ror     r14d,2
+       add     r12d,r13d
+       add     ebx,r15d
 
-       xor     ebx,r13d
-       and     r15d,r8d
        add     r9d,r12d
-
-       and     r14d,edx
        add     ebx,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     ebx,r14d
-       mov     r12d,DWORD PTR[((4*15))+rsi]
-       bswap   r12d
+
+       mov     r12d,DWORD PTR[60+rsi]
        mov     r13d,r9d
-       mov     r14d,r9d
+       mov     r14d,ebx
+       bswap   r12d
+       ror     r13d,14
        mov     r15d,r10d
+       mov     DWORD PTR[60+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,r9d
        xor     r15d,r11d
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,eax
+       xor     r14d,ebx
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,r9d
-       mov     DWORD PTR[60+rsp],r12d
+       mov     eax,ecx
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,r9d
        xor     r15d,r11d
-       add     r12d,eax
-
-       mov     eax,ebx
-       add     r12d,r13d
 
+       xor     eax,edx
+       xor     r14d,ebx
        add     r12d,r15d
-       mov     r13d,ebx
-       mov     r14d,ebx
+       mov     r15d,ecx
 
-       ror     eax,2
-       ror     r13d,13
-       mov     r15d,ebx
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     eax,ebx
+       and     r15d,edx
 
-       xor     eax,r13d
-       ror     r13d,9
-       or      r14d,edx
+       ror     r14d,2
+       add     r12d,r13d
+       add     eax,r15d
 
-       xor     eax,r13d
-       and     r15d,edx
        add     r8d,r12d
-
-       and     r14d,ecx
        add     eax,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     eax,r14d
+
        jmp     $L$rounds_16_xx
 ALIGN  16
 $L$rounds_16_xx::
        mov     r13d,DWORD PTR[4+rsp]
-       mov     r12d,DWORD PTR[56+rsp]
-
-       mov     r15d,r13d
+       mov     r14d,DWORD PTR[56+rsp]
+       mov     r12d,r13d
+       mov     r15d,r14d
 
+       ror     r12d,11
+       xor     r12d,r13d
        shr     r13d,3
-       ror     r15d,7
 
-       xor     r13d,r15d
-       ror     r15d,11
-
-       xor     r13d,r15d
-       mov     r14d,r12d
-
-       shr     r12d,10
-       ror     r14d,17
-
-       xor     r12d,r14d
-       ror     r14d,2
+       ror     r12d,7
+       xor     r13d,r12d
+       mov     r12d,DWORD PTR[36+rsp]
 
-       xor     r12d,r14d
+       ror     r15d,2
+       xor     r15d,r14d
+       shr     r14d,10
 
+       ror     r15d,17
        add     r12d,r13d
-
-       add     r12d,DWORD PTR[36+rsp]
+       xor     r14d,r15d
 
        add     r12d,DWORD PTR[rsp]
        mov     r13d,r8d
-       mov     r14d,r8d
+       add     r12d,r14d
+       mov     r14d,eax
+       ror     r13d,14
        mov     r15d,r9d
+       mov     DWORD PTR[rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,r8d
        xor     r15d,r10d
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,r11d
+       xor     r14d,eax
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,r8d
-       mov     DWORD PTR[rsp],r12d
+       mov     r11d,ebx
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,r8d
        xor     r15d,r10d
-       add     r12d,r11d
-
-       mov     r11d,eax
-       add     r12d,r13d
 
+       xor     r11d,ecx
+       xor     r14d,eax
        add     r12d,r15d
-       mov     r13d,eax
-       mov     r14d,eax
+       mov     r15d,ebx
 
-       ror     r11d,2
-       ror     r13d,13
-       mov     r15d,eax
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     r11d,eax
+       and     r15d,ecx
 
-       xor     r11d,r13d
-       ror     r13d,9
-       or      r14d,ecx
+       ror     r14d,2
+       add     r12d,r13d
+       add     r11d,r15d
 
-       xor     r11d,r13d
-       and     r15d,ecx
        add     edx,r12d
-
-       and     r14d,ebx
        add     r11d,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     r11d,r14d
-       mov     r13d,DWORD PTR[8+rsp]
-       mov     r12d,DWORD PTR[60+rsp]
 
-       mov     r15d,r13d
+       mov     r13d,DWORD PTR[8+rsp]
+       mov     r14d,DWORD PTR[60+rsp]
+       mov     r12d,r13d
+       mov     r15d,r14d
 
+       ror     r12d,11
+       xor     r12d,r13d
        shr     r13d,3
-       ror     r15d,7
 
-       xor     r13d,r15d
-       ror     r15d,11
-
-       xor     r13d,r15d
-       mov     r14d,r12d
-
-       shr     r12d,10
-       ror     r14d,17
-
-       xor     r12d,r14d
-       ror     r14d,2
+       ror     r12d,7
+       xor     r13d,r12d
+       mov     r12d,DWORD PTR[40+rsp]
 
-       xor     r12d,r14d
+       ror     r15d,2
+       xor     r15d,r14d
+       shr     r14d,10
 
+       ror     r15d,17
        add     r12d,r13d
-
-       add     r12d,DWORD PTR[40+rsp]
+       xor     r14d,r15d
 
        add     r12d,DWORD PTR[4+rsp]
        mov     r13d,edx
-       mov     r14d,edx
+       add     r12d,r14d
+       mov     r14d,r11d
+       ror     r13d,14
        mov     r15d,r8d
+       mov     DWORD PTR[4+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,edx
        xor     r15d,r9d
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,r10d
+       xor     r14d,r11d
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,edx
-       mov     DWORD PTR[4+rsp],r12d
+       mov     r10d,eax
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,edx
        xor     r15d,r9d
-       add     r12d,r10d
-
-       mov     r10d,r11d
-       add     r12d,r13d
 
+       xor     r10d,ebx
+       xor     r14d,r11d
        add     r12d,r15d
-       mov     r13d,r11d
-       mov     r14d,r11d
+       mov     r15d,eax
 
-       ror     r10d,2
-       ror     r13d,13
-       mov     r15d,r11d
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     r10d,r11d
+       and     r15d,ebx
 
-       xor     r10d,r13d
-       ror     r13d,9
-       or      r14d,ebx
+       ror     r14d,2
+       add     r12d,r13d
+       add     r10d,r15d
 
-       xor     r10d,r13d
-       and     r15d,ebx
        add     ecx,r12d
-
-       and     r14d,eax
        add     r10d,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     r10d,r14d
-       mov     r13d,DWORD PTR[12+rsp]
-       mov     r12d,DWORD PTR[rsp]
 
-       mov     r15d,r13d
+       mov     r13d,DWORD PTR[12+rsp]
+       mov     r14d,DWORD PTR[rsp]
+       mov     r12d,r13d
+       mov     r15d,r14d
 
+       ror     r12d,11
+       xor     r12d,r13d
        shr     r13d,3
-       ror     r15d,7
 
-       xor     r13d,r15d
-       ror     r15d,11
-
-       xor     r13d,r15d
-       mov     r14d,r12d
-
-       shr     r12d,10
-       ror     r14d,17
-
-       xor     r12d,r14d
-       ror     r14d,2
+       ror     r12d,7
+       xor     r13d,r12d
+       mov     r12d,DWORD PTR[44+rsp]
 
-       xor     r12d,r14d
+       ror     r15d,2
+       xor     r15d,r14d
+       shr     r14d,10
 
+       ror     r15d,17
        add     r12d,r13d
-
-       add     r12d,DWORD PTR[44+rsp]
+       xor     r14d,r15d
 
        add     r12d,DWORD PTR[8+rsp]
        mov     r13d,ecx
-       mov     r14d,ecx
+       add     r12d,r14d
+       mov     r14d,r10d
+       ror     r13d,14
        mov     r15d,edx
+       mov     DWORD PTR[8+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,ecx
        xor     r15d,r8d
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,r9d
+       xor     r14d,r10d
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,ecx
-       mov     DWORD PTR[8+rsp],r12d
+       mov     r9d,r11d
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,ecx
        xor     r15d,r8d
-       add     r12d,r9d
-
-       mov     r9d,r10d
-       add     r12d,r13d
 
+       xor     r9d,eax
+       xor     r14d,r10d
        add     r12d,r15d
-       mov     r13d,r10d
-       mov     r14d,r10d
+       mov     r15d,r11d
 
-       ror     r9d,2
-       ror     r13d,13
-       mov     r15d,r10d
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     r9d,r10d
+       and     r15d,eax
 
-       xor     r9d,r13d
-       ror     r13d,9
-       or      r14d,eax
+       ror     r14d,2
+       add     r12d,r13d
+       add     r9d,r15d
 
-       xor     r9d,r13d
-       and     r15d,eax
        add     ebx,r12d
-
-       and     r14d,r11d
        add     r9d,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     r9d,r14d
-       mov     r13d,DWORD PTR[16+rsp]
-       mov     r12d,DWORD PTR[4+rsp]
 
-       mov     r15d,r13d
+       mov     r13d,DWORD PTR[16+rsp]
+       mov     r14d,DWORD PTR[4+rsp]
+       mov     r12d,r13d
+       mov     r15d,r14d
 
+       ror     r12d,11
+       xor     r12d,r13d
        shr     r13d,3
-       ror     r15d,7
 
-       xor     r13d,r15d
-       ror     r15d,11
-
-       xor     r13d,r15d
-       mov     r14d,r12d
-
-       shr     r12d,10
-       ror     r14d,17
-
-       xor     r12d,r14d
-       ror     r14d,2
+       ror     r12d,7
+       xor     r13d,r12d
+       mov     r12d,DWORD PTR[48+rsp]
 
-       xor     r12d,r14d
+       ror     r15d,2
+       xor     r15d,r14d
+       shr     r14d,10
 
+       ror     r15d,17
        add     r12d,r13d
-
-       add     r12d,DWORD PTR[48+rsp]
+       xor     r14d,r15d
 
        add     r12d,DWORD PTR[12+rsp]
        mov     r13d,ebx
-       mov     r14d,ebx
+       add     r12d,r14d
+       mov     r14d,r9d
+       ror     r13d,14
        mov     r15d,ecx
+       mov     DWORD PTR[12+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,ebx
        xor     r15d,edx
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,r8d
+       xor     r14d,r9d
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,ebx
-       mov     DWORD PTR[12+rsp],r12d
+       mov     r8d,r10d
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,ebx
        xor     r15d,edx
-       add     r12d,r8d
-
-       mov     r8d,r9d
-       add     r12d,r13d
 
+       xor     r8d,r11d
+       xor     r14d,r9d
        add     r12d,r15d
-       mov     r13d,r9d
-       mov     r14d,r9d
+       mov     r15d,r10d
 
-       ror     r8d,2
-       ror     r13d,13
-       mov     r15d,r9d
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     r8d,r9d
+       and     r15d,r11d
 
-       xor     r8d,r13d
-       ror     r13d,9
-       or      r14d,r11d
+       ror     r14d,2
+       add     r12d,r13d
+       add     r8d,r15d
 
-       xor     r8d,r13d
-       and     r15d,r11d
        add     eax,r12d
-
-       and     r14d,r10d
        add     r8d,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     r8d,r14d
-       mov     r13d,DWORD PTR[20+rsp]
-       mov     r12d,DWORD PTR[8+rsp]
 
-       mov     r15d,r13d
+       mov     r13d,DWORD PTR[20+rsp]
+       mov     r14d,DWORD PTR[8+rsp]
+       mov     r12d,r13d
+       mov     r15d,r14d
 
+       ror     r12d,11
+       xor     r12d,r13d
        shr     r13d,3
-       ror     r15d,7
 
-       xor     r13d,r15d
-       ror     r15d,11
-
-       xor     r13d,r15d
-       mov     r14d,r12d
-
-       shr     r12d,10
-       ror     r14d,17
-
-       xor     r12d,r14d
-       ror     r14d,2
+       ror     r12d,7
+       xor     r13d,r12d
+       mov     r12d,DWORD PTR[52+rsp]
 
-       xor     r12d,r14d
+       ror     r15d,2
+       xor     r15d,r14d
+       shr     r14d,10
 
+       ror     r15d,17
        add     r12d,r13d
-
-       add     r12d,DWORD PTR[52+rsp]
+       xor     r14d,r15d
 
        add     r12d,DWORD PTR[16+rsp]
        mov     r13d,eax
-       mov     r14d,eax
+       add     r12d,r14d
+       mov     r14d,r8d
+       ror     r13d,14
        mov     r15d,ebx
+       mov     DWORD PTR[16+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,eax
        xor     r15d,ecx
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,edx
+       xor     r14d,r8d
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,eax
-       mov     DWORD PTR[16+rsp],r12d
+       mov     edx,r9d
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,eax
        xor     r15d,ecx
-       add     r12d,edx
-
-       mov     edx,r8d
-       add     r12d,r13d
 
+       xor     edx,r10d
+       xor     r14d,r8d
        add     r12d,r15d
-       mov     r13d,r8d
-       mov     r14d,r8d
+       mov     r15d,r9d
 
-       ror     edx,2
-       ror     r13d,13
-       mov     r15d,r8d
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     edx,r8d
+       and     r15d,r10d
 
-       xor     edx,r13d
-       ror     r13d,9
-       or      r14d,r10d
+       ror     r14d,2
+       add     r12d,r13d
+       add     edx,r15d
 
-       xor     edx,r13d
-       and     r15d,r10d
        add     r11d,r12d
-
-       and     r14d,r9d
        add     edx,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     edx,r14d
-       mov     r13d,DWORD PTR[24+rsp]
-       mov     r12d,DWORD PTR[12+rsp]
 
-       mov     r15d,r13d
+       mov     r13d,DWORD PTR[24+rsp]
+       mov     r14d,DWORD PTR[12+rsp]
+       mov     r12d,r13d
+       mov     r15d,r14d
 
+       ror     r12d,11
+       xor     r12d,r13d
        shr     r13d,3
-       ror     r15d,7
 
-       xor     r13d,r15d
-       ror     r15d,11
-
-       xor     r13d,r15d
-       mov     r14d,r12d
-
-       shr     r12d,10
-       ror     r14d,17
-
-       xor     r12d,r14d
-       ror     r14d,2
+       ror     r12d,7
+       xor     r13d,r12d
+       mov     r12d,DWORD PTR[56+rsp]
 
-       xor     r12d,r14d
+       ror     r15d,2
+       xor     r15d,r14d
+       shr     r14d,10
 
+       ror     r15d,17
        add     r12d,r13d
-
-       add     r12d,DWORD PTR[56+rsp]
+       xor     r14d,r15d
 
        add     r12d,DWORD PTR[20+rsp]
        mov     r13d,r11d
-       mov     r14d,r11d
+       add     r12d,r14d
+       mov     r14d,edx
+       ror     r13d,14
        mov     r15d,eax
+       mov     DWORD PTR[20+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,r11d
        xor     r15d,ebx
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,ecx
+       xor     r14d,edx
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,r11d
-       mov     DWORD PTR[20+rsp],r12d
+       mov     ecx,r8d
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,r11d
        xor     r15d,ebx
-       add     r12d,ecx
-
-       mov     ecx,edx
-       add     r12d,r13d
 
+       xor     ecx,r9d
+       xor     r14d,edx
        add     r12d,r15d
-       mov     r13d,edx
-       mov     r14d,edx
+       mov     r15d,r8d
 
-       ror     ecx,2
-       ror     r13d,13
-       mov     r15d,edx
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     ecx,edx
+       and     r15d,r9d
 
-       xor     ecx,r13d
-       ror     r13d,9
-       or      r14d,r9d
+       ror     r14d,2
+       add     r12d,r13d
+       add     ecx,r15d
 
-       xor     ecx,r13d
-       and     r15d,r9d
        add     r10d,r12d
-
-       and     r14d,r8d
        add     ecx,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     ecx,r14d
-       mov     r13d,DWORD PTR[28+rsp]
-       mov     r12d,DWORD PTR[16+rsp]
 
-       mov     r15d,r13d
+       mov     r13d,DWORD PTR[28+rsp]
+       mov     r14d,DWORD PTR[16+rsp]
+       mov     r12d,r13d
+       mov     r15d,r14d
 
+       ror     r12d,11
+       xor     r12d,r13d
        shr     r13d,3
-       ror     r15d,7
 
-       xor     r13d,r15d
-       ror     r15d,11
-
-       xor     r13d,r15d
-       mov     r14d,r12d
-
-       shr     r12d,10
-       ror     r14d,17
-
-       xor     r12d,r14d
-       ror     r14d,2
+       ror     r12d,7
+       xor     r13d,r12d
+       mov     r12d,DWORD PTR[60+rsp]
 
-       xor     r12d,r14d
+       ror     r15d,2
+       xor     r15d,r14d
+       shr     r14d,10
 
+       ror     r15d,17
        add     r12d,r13d
-
-       add     r12d,DWORD PTR[60+rsp]
+       xor     r14d,r15d
 
        add     r12d,DWORD PTR[24+rsp]
        mov     r13d,r10d
-       mov     r14d,r10d
+       add     r12d,r14d
+       mov     r14d,ecx
+       ror     r13d,14
        mov     r15d,r11d
+       mov     DWORD PTR[24+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,r10d
        xor     r15d,eax
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,ebx
+       xor     r14d,ecx
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,r10d
-       mov     DWORD PTR[24+rsp],r12d
+       mov     ebx,edx
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,r10d
        xor     r15d,eax
-       add     r12d,ebx
-
-       mov     ebx,ecx
-       add     r12d,r13d
 
+       xor     ebx,r8d
+       xor     r14d,ecx
        add     r12d,r15d
-       mov     r13d,ecx
-       mov     r14d,ecx
+       mov     r15d,edx
 
-       ror     ebx,2
-       ror     r13d,13
-       mov     r15d,ecx
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     ebx,ecx
+       and     r15d,r8d
 
-       xor     ebx,r13d
-       ror     r13d,9
-       or      r14d,r8d
+       ror     r14d,2
+       add     r12d,r13d
+       add     ebx,r15d
 
-       xor     ebx,r13d
-       and     r15d,r8d
        add     r9d,r12d
-
-       and     r14d,edx
        add     ebx,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     ebx,r14d
-       mov     r13d,DWORD PTR[32+rsp]
-       mov     r12d,DWORD PTR[20+rsp]
 
-       mov     r15d,r13d
+       mov     r13d,DWORD PTR[32+rsp]
+       mov     r14d,DWORD PTR[20+rsp]
+       mov     r12d,r13d
+       mov     r15d,r14d
 
+       ror     r12d,11
+       xor     r12d,r13d
        shr     r13d,3
-       ror     r15d,7
 
-       xor     r13d,r15d
-       ror     r15d,11
-
-       xor     r13d,r15d
-       mov     r14d,r12d
-
-       shr     r12d,10
-       ror     r14d,17
-
-       xor     r12d,r14d
-       ror     r14d,2
+       ror     r12d,7
+       xor     r13d,r12d
+       mov     r12d,DWORD PTR[rsp]
 
-       xor     r12d,r14d
+       ror     r15d,2
+       xor     r15d,r14d
+       shr     r14d,10
 
+       ror     r15d,17
        add     r12d,r13d
-
-       add     r12d,DWORD PTR[rsp]
+       xor     r14d,r15d
 
        add     r12d,DWORD PTR[28+rsp]
        mov     r13d,r9d
-       mov     r14d,r9d
+       add     r12d,r14d
+       mov     r14d,ebx
+       ror     r13d,14
        mov     r15d,r10d
+       mov     DWORD PTR[28+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,r9d
        xor     r15d,r11d
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,eax
+       xor     r14d,ebx
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,r9d
-       mov     DWORD PTR[28+rsp],r12d
+       mov     eax,ecx
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,r9d
        xor     r15d,r11d
-       add     r12d,eax
-
-       mov     eax,ebx
-       add     r12d,r13d
 
+       xor     eax,edx
+       xor     r14d,ebx
        add     r12d,r15d
-       mov     r13d,ebx
-       mov     r14d,ebx
+       mov     r15d,ecx
 
-       ror     eax,2
-       ror     r13d,13
-       mov     r15d,ebx
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     eax,ebx
+       and     r15d,edx
 
-       xor     eax,r13d
-       ror     r13d,9
-       or      r14d,edx
+       ror     r14d,2
+       add     r12d,r13d
+       add     eax,r15d
 
-       xor     eax,r13d
-       and     r15d,edx
        add     r8d,r12d
-
-       and     r14d,ecx
        add     eax,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     eax,r14d
-       mov     r13d,DWORD PTR[36+rsp]
-       mov     r12d,DWORD PTR[24+rsp]
 
-       mov     r15d,r13d
+       mov     r13d,DWORD PTR[36+rsp]
+       mov     r14d,DWORD PTR[24+rsp]
+       mov     r12d,r13d
+       mov     r15d,r14d
 
+       ror     r12d,11
+       xor     r12d,r13d
        shr     r13d,3
-       ror     r15d,7
 
-       xor     r13d,r15d
-       ror     r15d,11
-
-       xor     r13d,r15d
-       mov     r14d,r12d
-
-       shr     r12d,10
-       ror     r14d,17
-
-       xor     r12d,r14d
-       ror     r14d,2
+       ror     r12d,7
+       xor     r13d,r12d
+       mov     r12d,DWORD PTR[4+rsp]
 
-       xor     r12d,r14d
+       ror     r15d,2
+       xor     r15d,r14d
+       shr     r14d,10
 
+       ror     r15d,17
        add     r12d,r13d
-
-       add     r12d,DWORD PTR[4+rsp]
+       xor     r14d,r15d
 
        add     r12d,DWORD PTR[32+rsp]
        mov     r13d,r8d
-       mov     r14d,r8d
+       add     r12d,r14d
+       mov     r14d,eax
+       ror     r13d,14
        mov     r15d,r9d
+       mov     DWORD PTR[32+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,r8d
        xor     r15d,r10d
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,r11d
+       xor     r14d,eax
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,r8d
-       mov     DWORD PTR[32+rsp],r12d
+       mov     r11d,ebx
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,r8d
        xor     r15d,r10d
-       add     r12d,r11d
-
-       mov     r11d,eax
-       add     r12d,r13d
 
+       xor     r11d,ecx
+       xor     r14d,eax
        add     r12d,r15d
-       mov     r13d,eax
-       mov     r14d,eax
-
-       ror     r11d,2
-       ror     r13d,13
-       mov     r15d,eax
-       add     r12d,DWORD PTR[rdi*4+rbp]
-
-       xor     r11d,r13d
-       ror     r13d,9
-       or      r14d,ecx
+       mov     r15d,ebx
 
-       xor     r11d,r13d
+       ror     r13d,6
+       and     r11d,eax
        and     r15d,ecx
-       add     edx,r12d
 
-       and     r14d,ebx
+       ror     r14d,2
+       add     r12d,r13d
+       add     r11d,r15d
+
+       add     edx,r12d
        add     r11d,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     r11d,r14d
-       mov     r13d,DWORD PTR[40+rsp]
-       mov     r12d,DWORD PTR[28+rsp]
 
-       mov     r15d,r13d
+       mov     r13d,DWORD PTR[40+rsp]
+       mov     r14d,DWORD PTR[28+rsp]
+       mov     r12d,r13d
+       mov     r15d,r14d
 
+       ror     r12d,11
+       xor     r12d,r13d
        shr     r13d,3
-       ror     r15d,7
-
-       xor     r13d,r15d
-       ror     r15d,11
-
-       xor     r13d,r15d
-       mov     r14d,r12d
 
-       shr     r12d,10
-       ror     r14d,17
-
-       xor     r12d,r14d
-       ror     r14d,2
+       ror     r12d,7
+       xor     r13d,r12d
+       mov     r12d,DWORD PTR[8+rsp]
 
-       xor     r12d,r14d
+       ror     r15d,2
+       xor     r15d,r14d
+       shr     r14d,10
 
+       ror     r15d,17
        add     r12d,r13d
-
-       add     r12d,DWORD PTR[8+rsp]
+       xor     r14d,r15d
 
        add     r12d,DWORD PTR[36+rsp]
        mov     r13d,edx
-       mov     r14d,edx
+       add     r12d,r14d
+       mov     r14d,r11d
+       ror     r13d,14
        mov     r15d,r8d
+       mov     DWORD PTR[36+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,edx
        xor     r15d,r9d
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,r10d
+       xor     r14d,r11d
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,edx
-       mov     DWORD PTR[36+rsp],r12d
+       mov     r10d,eax
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,edx
        xor     r15d,r9d
-       add     r12d,r10d
-
-       mov     r10d,r11d
-       add     r12d,r13d
 
+       xor     r10d,ebx
+       xor     r14d,r11d
        add     r12d,r15d
-       mov     r13d,r11d
-       mov     r14d,r11d
+       mov     r15d,eax
 
-       ror     r10d,2
-       ror     r13d,13
-       mov     r15d,r11d
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     r10d,r11d
+       and     r15d,ebx
 
-       xor     r10d,r13d
-       ror     r13d,9
-       or      r14d,ebx
+       ror     r14d,2
+       add     r12d,r13d
+       add     r10d,r15d
 
-       xor     r10d,r13d
-       and     r15d,ebx
        add     ecx,r12d
-
-       and     r14d,eax
        add     r10d,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     r10d,r14d
-       mov     r13d,DWORD PTR[44+rsp]
-       mov     r12d,DWORD PTR[32+rsp]
 
-       mov     r15d,r13d
+       mov     r13d,DWORD PTR[44+rsp]
+       mov     r14d,DWORD PTR[32+rsp]
+       mov     r12d,r13d
+       mov     r15d,r14d
 
+       ror     r12d,11
+       xor     r12d,r13d
        shr     r13d,3
-       ror     r15d,7
-
-       xor     r13d,r15d
-       ror     r15d,11
-
-       xor     r13d,r15d
-       mov     r14d,r12d
 
-       shr     r12d,10
-       ror     r14d,17
-
-       xor     r12d,r14d
-       ror     r14d,2
+       ror     r12d,7
+       xor     r13d,r12d
+       mov     r12d,DWORD PTR[12+rsp]
 
-       xor     r12d,r14d
+       ror     r15d,2
+       xor     r15d,r14d
+       shr     r14d,10
 
+       ror     r15d,17
        add     r12d,r13d
-
-       add     r12d,DWORD PTR[12+rsp]
+       xor     r14d,r15d
 
        add     r12d,DWORD PTR[40+rsp]
        mov     r13d,ecx
-       mov     r14d,ecx
+       add     r12d,r14d
+       mov     r14d,r10d
+       ror     r13d,14
        mov     r15d,edx
+       mov     DWORD PTR[40+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,ecx
        xor     r15d,r8d
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,r9d
+       xor     r14d,r10d
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,ecx
-       mov     DWORD PTR[40+rsp],r12d
+       mov     r9d,r11d
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,ecx
        xor     r15d,r8d
-       add     r12d,r9d
-
-       mov     r9d,r10d
-       add     r12d,r13d
 
+       xor     r9d,eax
+       xor     r14d,r10d
        add     r12d,r15d
-       mov     r13d,r10d
-       mov     r14d,r10d
+       mov     r15d,r11d
 
-       ror     r9d,2
-       ror     r13d,13
-       mov     r15d,r10d
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     r9d,r10d
+       and     r15d,eax
 
-       xor     r9d,r13d
-       ror     r13d,9
-       or      r14d,eax
+       ror     r14d,2
+       add     r12d,r13d
+       add     r9d,r15d
 
-       xor     r9d,r13d
-       and     r15d,eax
        add     ebx,r12d
-
-       and     r14d,r11d
        add     r9d,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     r9d,r14d
-       mov     r13d,DWORD PTR[48+rsp]
-       mov     r12d,DWORD PTR[36+rsp]
 
-       mov     r15d,r13d
+       mov     r13d,DWORD PTR[48+rsp]
+       mov     r14d,DWORD PTR[36+rsp]
+       mov     r12d,r13d
+       mov     r15d,r14d
 
+       ror     r12d,11
+       xor     r12d,r13d
        shr     r13d,3
-       ror     r15d,7
-
-       xor     r13d,r15d
-       ror     r15d,11
-
-       xor     r13d,r15d
-       mov     r14d,r12d
 
-       shr     r12d,10
-       ror     r14d,17
-
-       xor     r12d,r14d
-       ror     r14d,2
+       ror     r12d,7
+       xor     r13d,r12d
+       mov     r12d,DWORD PTR[16+rsp]
 
-       xor     r12d,r14d
+       ror     r15d,2
+       xor     r15d,r14d
+       shr     r14d,10
 
+       ror     r15d,17
        add     r12d,r13d
-
-       add     r12d,DWORD PTR[16+rsp]
+       xor     r14d,r15d
 
        add     r12d,DWORD PTR[44+rsp]
        mov     r13d,ebx
-       mov     r14d,ebx
+       add     r12d,r14d
+       mov     r14d,r9d
+       ror     r13d,14
        mov     r15d,ecx
+       mov     DWORD PTR[44+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,ebx
        xor     r15d,edx
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,r8d
+       xor     r14d,r9d
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,ebx
-       mov     DWORD PTR[44+rsp],r12d
+       mov     r8d,r10d
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,ebx
        xor     r15d,edx
-       add     r12d,r8d
-
-       mov     r8d,r9d
-       add     r12d,r13d
 
+       xor     r8d,r11d
+       xor     r14d,r9d
        add     r12d,r15d
-       mov     r13d,r9d
-       mov     r14d,r9d
+       mov     r15d,r10d
 
-       ror     r8d,2
-       ror     r13d,13
-       mov     r15d,r9d
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     r8d,r9d
+       and     r15d,r11d
 
-       xor     r8d,r13d
-       ror     r13d,9
-       or      r14d,r11d
+       ror     r14d,2
+       add     r12d,r13d
+       add     r8d,r15d
 
-       xor     r8d,r13d
-       and     r15d,r11d
        add     eax,r12d
-
-       and     r14d,r10d
        add     r8d,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     r8d,r14d
-       mov     r13d,DWORD PTR[52+rsp]
-       mov     r12d,DWORD PTR[40+rsp]
 
-       mov     r15d,r13d
+       mov     r13d,DWORD PTR[52+rsp]
+       mov     r14d,DWORD PTR[40+rsp]
+       mov     r12d,r13d
+       mov     r15d,r14d
 
+       ror     r12d,11
+       xor     r12d,r13d
        shr     r13d,3
-       ror     r15d,7
-
-       xor     r13d,r15d
-       ror     r15d,11
-
-       xor     r13d,r15d
-       mov     r14d,r12d
 
-       shr     r12d,10
-       ror     r14d,17
-
-       xor     r12d,r14d
-       ror     r14d,2
+       ror     r12d,7
+       xor     r13d,r12d
+       mov     r12d,DWORD PTR[20+rsp]
 
-       xor     r12d,r14d
+       ror     r15d,2
+       xor     r15d,r14d
+       shr     r14d,10
 
+       ror     r15d,17
        add     r12d,r13d
-
-       add     r12d,DWORD PTR[20+rsp]
+       xor     r14d,r15d
 
        add     r12d,DWORD PTR[48+rsp]
        mov     r13d,eax
-       mov     r14d,eax
+       add     r12d,r14d
+       mov     r14d,r8d
+       ror     r13d,14
        mov     r15d,ebx
+       mov     DWORD PTR[48+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,eax
        xor     r15d,ecx
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,edx
+       xor     r14d,r8d
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,eax
-       mov     DWORD PTR[48+rsp],r12d
+       mov     edx,r9d
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,eax
        xor     r15d,ecx
-       add     r12d,edx
-
-       mov     edx,r8d
-       add     r12d,r13d
 
+       xor     edx,r10d
+       xor     r14d,r8d
        add     r12d,r15d
-       mov     r13d,r8d
-       mov     r14d,r8d
+       mov     r15d,r9d
 
-       ror     edx,2
-       ror     r13d,13
-       mov     r15d,r8d
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     edx,r8d
+       and     r15d,r10d
 
-       xor     edx,r13d
-       ror     r13d,9
-       or      r14d,r10d
+       ror     r14d,2
+       add     r12d,r13d
+       add     edx,r15d
 
-       xor     edx,r13d
-       and     r15d,r10d
        add     r11d,r12d
-
-       and     r14d,r9d
        add     edx,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     edx,r14d
-       mov     r13d,DWORD PTR[56+rsp]
-       mov     r12d,DWORD PTR[44+rsp]
 
-       mov     r15d,r13d
+       mov     r13d,DWORD PTR[56+rsp]
+       mov     r14d,DWORD PTR[44+rsp]
+       mov     r12d,r13d
+       mov     r15d,r14d
 
+       ror     r12d,11
+       xor     r12d,r13d
        shr     r13d,3
-       ror     r15d,7
-
-       xor     r13d,r15d
-       ror     r15d,11
-
-       xor     r13d,r15d
-       mov     r14d,r12d
 
-       shr     r12d,10
-       ror     r14d,17
-
-       xor     r12d,r14d
-       ror     r14d,2
+       ror     r12d,7
+       xor     r13d,r12d
+       mov     r12d,DWORD PTR[24+rsp]
 
-       xor     r12d,r14d
+       ror     r15d,2
+       xor     r15d,r14d
+       shr     r14d,10
 
+       ror     r15d,17
        add     r12d,r13d
-
-       add     r12d,DWORD PTR[24+rsp]
+       xor     r14d,r15d
 
        add     r12d,DWORD PTR[52+rsp]
        mov     r13d,r11d
-       mov     r14d,r11d
+       add     r12d,r14d
+       mov     r14d,edx
+       ror     r13d,14
        mov     r15d,eax
+       mov     DWORD PTR[52+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,r11d
        xor     r15d,ebx
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,ecx
+       xor     r14d,edx
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,r11d
-       mov     DWORD PTR[52+rsp],r12d
+       mov     ecx,r8d
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,r11d
        xor     r15d,ebx
-       add     r12d,ecx
-
-       mov     ecx,edx
-       add     r12d,r13d
 
+       xor     ecx,r9d
+       xor     r14d,edx
        add     r12d,r15d
-       mov     r13d,edx
-       mov     r14d,edx
+       mov     r15d,r8d
 
-       ror     ecx,2
-       ror     r13d,13
-       mov     r15d,edx
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     ecx,edx
+       and     r15d,r9d
 
-       xor     ecx,r13d
-       ror     r13d,9
-       or      r14d,r9d
+       ror     r14d,2
+       add     r12d,r13d
+       add     ecx,r15d
 
-       xor     ecx,r13d
-       and     r15d,r9d
        add     r10d,r12d
-
-       and     r14d,r8d
        add     ecx,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     ecx,r14d
-       mov     r13d,DWORD PTR[60+rsp]
-       mov     r12d,DWORD PTR[48+rsp]
 
-       mov     r15d,r13d
+       mov     r13d,DWORD PTR[60+rsp]
+       mov     r14d,DWORD PTR[48+rsp]
+       mov     r12d,r13d
+       mov     r15d,r14d
 
+       ror     r12d,11
+       xor     r12d,r13d
        shr     r13d,3
-       ror     r15d,7
-
-       xor     r13d,r15d
-       ror     r15d,11
-
-       xor     r13d,r15d
-       mov     r14d,r12d
 
-       shr     r12d,10
-       ror     r14d,17
-
-       xor     r12d,r14d
-       ror     r14d,2
+       ror     r12d,7
+       xor     r13d,r12d
+       mov     r12d,DWORD PTR[28+rsp]
 
-       xor     r12d,r14d
+       ror     r15d,2
+       xor     r15d,r14d
+       shr     r14d,10
 
+       ror     r15d,17
        add     r12d,r13d
-
-       add     r12d,DWORD PTR[28+rsp]
+       xor     r14d,r15d
 
        add     r12d,DWORD PTR[56+rsp]
        mov     r13d,r10d
-       mov     r14d,r10d
+       add     r12d,r14d
+       mov     r14d,ecx
+       ror     r13d,14
        mov     r15d,r11d
+       mov     DWORD PTR[56+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,r10d
        xor     r15d,eax
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,ebx
+       xor     r14d,ecx
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,r10d
-       mov     DWORD PTR[56+rsp],r12d
+       mov     ebx,edx
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,r10d
        xor     r15d,eax
-       add     r12d,ebx
-
-       mov     ebx,ecx
-       add     r12d,r13d
 
+       xor     ebx,r8d
+       xor     r14d,ecx
        add     r12d,r15d
-       mov     r13d,ecx
-       mov     r14d,ecx
+       mov     r15d,edx
 
-       ror     ebx,2
-       ror     r13d,13
-       mov     r15d,ecx
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     ebx,ecx
+       and     r15d,r8d
 
-       xor     ebx,r13d
-       ror     r13d,9
-       or      r14d,r8d
+       ror     r14d,2
+       add     r12d,r13d
+       add     ebx,r15d
 
-       xor     ebx,r13d
-       and     r15d,r8d
        add     r9d,r12d
-
-       and     r14d,edx
        add     ebx,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     ebx,r14d
-       mov     r13d,DWORD PTR[rsp]
-       mov     r12d,DWORD PTR[52+rsp]
 
-       mov     r15d,r13d
+       mov     r13d,DWORD PTR[rsp]
+       mov     r14d,DWORD PTR[52+rsp]
+       mov     r12d,r13d
+       mov     r15d,r14d
 
+       ror     r12d,11
+       xor     r12d,r13d
        shr     r13d,3
-       ror     r15d,7
-
-       xor     r13d,r15d
-       ror     r15d,11
-
-       xor     r13d,r15d
-       mov     r14d,r12d
 
-       shr     r12d,10
-       ror     r14d,17
-
-       xor     r12d,r14d
-       ror     r14d,2
+       ror     r12d,7
+       xor     r13d,r12d
+       mov     r12d,DWORD PTR[32+rsp]
 
-       xor     r12d,r14d
+       ror     r15d,2
+       xor     r15d,r14d
+       shr     r14d,10
 
+       ror     r15d,17
        add     r12d,r13d
-
-       add     r12d,DWORD PTR[32+rsp]
+       xor     r14d,r15d
 
        add     r12d,DWORD PTR[60+rsp]
        mov     r13d,r9d
-       mov     r14d,r9d
+       add     r12d,r14d
+       mov     r14d,ebx
+       ror     r13d,14
        mov     r15d,r10d
+       mov     DWORD PTR[60+rsp],r12d
 
-       ror     r13d,6
-       ror     r14d,11
+       ror     r14d,9
+       xor     r13d,r9d
        xor     r15d,r11d
 
-       xor     r13d,r14d
-       ror     r14d,14
+       ror     r13d,5
+       add     r12d,eax
+       xor     r14d,ebx
+
+       add     r12d,DWORD PTR[rdi*4+rbp]
        and     r15d,r9d
-       mov     DWORD PTR[60+rsp],r12d
+       mov     eax,ecx
 
-       xor     r13d,r14d
+       ror     r14d,11
+       xor     r13d,r9d
        xor     r15d,r11d
-       add     r12d,eax
-
-       mov     eax,ebx
-       add     r12d,r13d
 
+       xor     eax,edx
+       xor     r14d,ebx
        add     r12d,r15d
-       mov     r13d,ebx
-       mov     r14d,ebx
+       mov     r15d,ecx
 
-       ror     eax,2
-       ror     r13d,13
-       mov     r15d,ebx
-       add     r12d,DWORD PTR[rdi*4+rbp]
+       ror     r13d,6
+       and     eax,ebx
+       and     r15d,edx
 
-       xor     eax,r13d
-       ror     r13d,9
-       or      r14d,edx
+       ror     r14d,2
+       add     r12d,r13d
+       add     eax,r15d
 
-       xor     eax,r13d
-       and     r15d,edx
        add     r8d,r12d
-
-       and     r14d,ecx
        add     eax,r12d
-
-       or      r14d,r15d
        lea     rdi,QWORD PTR[1+rdi]
-
        add     eax,r14d
+
        cmp     rdi,64
        jb      $L$rounds_16_xx
 
-       mov     rdi,QWORD PTR[((16*4+0*8))+rsp]
-       lea     rsi,QWORD PTR[((16*4))+rsi]
-
-       add     eax,DWORD PTR[((4*0))+rdi]
-       add     ebx,DWORD PTR[((4*1))+rdi]
-       add     ecx,DWORD PTR[((4*2))+rdi]
-       add     edx,DWORD PTR[((4*3))+rdi]
-       add     r8d,DWORD PTR[((4*4))+rdi]
-       add     r9d,DWORD PTR[((4*5))+rdi]
-       add     r10d,DWORD PTR[((4*6))+rdi]
-       add     r11d,DWORD PTR[((4*7))+rdi]
-
-       cmp     rsi,QWORD PTR[((16*4+2*8))+rsp]
-
-       mov     DWORD PTR[((4*0))+rdi],eax
-       mov     DWORD PTR[((4*1))+rdi],ebx
-       mov     DWORD PTR[((4*2))+rdi],ecx
-       mov     DWORD PTR[((4*3))+rdi],edx
-       mov     DWORD PTR[((4*4))+rdi],r8d
-       mov     DWORD PTR[((4*5))+rdi],r9d
-       mov     DWORD PTR[((4*6))+rdi],r10d
-       mov     DWORD PTR[((4*7))+rdi],r11d
+       mov     rdi,QWORD PTR[((64+0))+rsp]
+       lea     rsi,QWORD PTR[64+rsi]
+
+       add     eax,DWORD PTR[rdi]
+       add     ebx,DWORD PTR[4+rdi]
+       add     ecx,DWORD PTR[8+rdi]
+       add     edx,DWORD PTR[12+rdi]
+       add     r8d,DWORD PTR[16+rdi]
+       add     r9d,DWORD PTR[20+rdi]
+       add     r10d,DWORD PTR[24+rdi]
+       add     r11d,DWORD PTR[28+rdi]
+
+       cmp     rsi,QWORD PTR[((64+16))+rsp]
+
+       mov     DWORD PTR[rdi],eax
+       mov     DWORD PTR[4+rdi],ebx
+       mov     DWORD PTR[8+rdi],ecx
+       mov     DWORD PTR[12+rdi],edx
+       mov     DWORD PTR[16+rdi],r8d
+       mov     DWORD PTR[20+rdi],r9d
+       mov     DWORD PTR[24+rdi],r10d
+       mov     DWORD PTR[28+rdi],r11d
        jb      $L$loop
 
-       mov     rsi,QWORD PTR[((16*4+3*8))+rsp]
+       mov     rsi,QWORD PTR[((64+24))+rsp]
        mov     r15,QWORD PTR[rsi]
        mov     r14,QWORD PTR[8+rsi]
        mov     r13,QWORD PTR[16+rsi]
@@ -2010,7 +1818,7 @@ se_handler        PROC PRIVATE
        cmp     rbx,r10
        jae     $L$in_prologue
 
-       mov     rax,QWORD PTR[((16*4+3*8))+rax]
+       mov     rax,QWORD PTR[((64+24))+rax]
        lea     rax,QWORD PTR[48+rax]
 
        mov     rbx,QWORD PTR[((-8))+rax]

diff --git a/deps/openssl/asm/x64-win32-masm/whrlpool/wp-x86_64.asm b/deps/openssl/asm/x64-win32-masm/whrlpool/wp-x86_64.asm
index 25337b2..42b524d 100644 (file)
--- a/deps/openssl/asm/x64-win32-masm/whrlpool/wp-x86_64.asm
+++ b/deps/openssl/asm/x64-win32-masm/whrlpool/wp-x86_64.asm
@@ -37,39 +37,39 @@ $L$prologue::
 
        xor     rcx,rcx
        xor     rdx,rdx
-       mov     r8,QWORD PTR[((0*8))+rdi]
-       mov     r9,QWORD PTR[((1*8))+rdi]
-       mov     r10,QWORD PTR[((2*8))+rdi]
-       mov     r11,QWORD PTR[((3*8))+rdi]
-       mov     r12,QWORD PTR[((4*8))+rdi]
-       mov     r13,QWORD PTR[((5*8))+rdi]
-       mov     r14,QWORD PTR[((6*8))+rdi]
-       mov     r15,QWORD PTR[((7*8))+rdi]
+       mov     r8,QWORD PTR[rdi]
+       mov     r9,QWORD PTR[8+rdi]
+       mov     r10,QWORD PTR[16+rdi]
+       mov     r11,QWORD PTR[24+rdi]
+       mov     r12,QWORD PTR[32+rdi]
+       mov     r13,QWORD PTR[40+rdi]
+       mov     r14,QWORD PTR[48+rdi]
+       mov     r15,QWORD PTR[56+rdi]
 $L$outerloop::
-       mov     QWORD PTR[((0*8))+rsp],r8
-       mov     QWORD PTR[((1*8))+rsp],r9
-       mov     QWORD PTR[((2*8))+rsp],r10
-       mov     QWORD PTR[((3*8))+rsp],r11
-       mov     QWORD PTR[((4*8))+rsp],r12
-       mov     QWORD PTR[((5*8))+rsp],r13
-       mov     QWORD PTR[((6*8))+rsp],r14
-       mov     QWORD PTR[((7*8))+rsp],r15
-       xor     r8,QWORD PTR[((0*8))+rsi]
-       xor     r9,QWORD PTR[((1*8))+rsi]
-       xor     r10,QWORD PTR[((2*8))+rsi]
-       xor     r11,QWORD PTR[((3*8))+rsi]
-       xor     r12,QWORD PTR[((4*8))+rsi]
-       xor     r13,QWORD PTR[((5*8))+rsi]
-       xor     r14,QWORD PTR[((6*8))+rsi]
-       xor     r15,QWORD PTR[((7*8))+rsi]
-       mov     QWORD PTR[((64+0*8))+rsp],r8
-       mov     QWORD PTR[((64+1*8))+rsp],r9
-       mov     QWORD PTR[((64+2*8))+rsp],r10
-       mov     QWORD PTR[((64+3*8))+rsp],r11
-       mov     QWORD PTR[((64+4*8))+rsp],r12
-       mov     QWORD PTR[((64+5*8))+rsp],r13
-       mov     QWORD PTR[((64+6*8))+rsp],r14
-       mov     QWORD PTR[((64+7*8))+rsp],r15
+       mov     QWORD PTR[rsp],r8
+       mov     QWORD PTR[8+rsp],r9
+       mov     QWORD PTR[16+rsp],r10
+       mov     QWORD PTR[24+rsp],r11
+       mov     QWORD PTR[32+rsp],r12
+       mov     QWORD PTR[40+rsp],r13
+       mov     QWORD PTR[48+rsp],r14
+       mov     QWORD PTR[56+rsp],r15
+       xor     r8,QWORD PTR[rsi]
+       xor     r9,QWORD PTR[8+rsi]
+       xor     r10,QWORD PTR[16+rsi]
+       xor     r11,QWORD PTR[24+rsi]
+       xor     r12,QWORD PTR[32+rsi]
+       xor     r13,QWORD PTR[40+rsi]
+       xor     r14,QWORD PTR[48+rsi]
+       xor     r15,QWORD PTR[56+rsi]
+       mov     QWORD PTR[((64+0))+rsp],r8
+       mov     QWORD PTR[((64+8))+rsp],r9
+       mov     QWORD PTR[((64+16))+rsp],r10
+       mov     QWORD PTR[((64+24))+rsp],r11
+       mov     QWORD PTR[((64+32))+rsp],r12
+       mov     QWORD PTR[((64+40))+rsp],r13
+       mov     QWORD PTR[((64+48))+rsp],r14
+       mov     QWORD PTR[((64+56))+rsp],r15
        xor     rsi,rsi
        mov     QWORD PTR[24+rbx],rsi
 ALIGN  16
@@ -86,7 +86,7 @@ $L$round::
        mov     r9,QWORD PTR[7+rdi*8+rbp]
        mov     cl,al
        mov     dl,ah
-       mov     eax,DWORD PTR[((0*8+8))+rsp]
+       mov     eax,DWORD PTR[((0+8))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        mov     r10,QWORD PTR[6+rsi*8+rbp]
@@ -100,7 +100,7 @@ $L$round::
        mov     r13,QWORD PTR[3+rdi*8+rbp]
        mov     cl,bl
        mov     dl,bh
-       mov     ebx,DWORD PTR[((0*8+8+4))+rsp]
+       mov     ebx,DWORD PTR[((0+8+4))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        mov     r14,QWORD PTR[2+rsi*8+rbp]
@@ -114,7 +114,7 @@ $L$round::
        xor     r10,QWORD PTR[7+rdi*8+rbp]
        mov     cl,al
        mov     dl,ah
-       mov     eax,DWORD PTR[((1*8+8))+rsp]
+       mov     eax,DWORD PTR[((8+8))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r11,QWORD PTR[6+rsi*8+rbp]
@@ -128,7 +128,7 @@ $L$round::
        xor     r14,QWORD PTR[3+rdi*8+rbp]
        mov     cl,bl
        mov     dl,bh
-       mov     ebx,DWORD PTR[((1*8+8+4))+rsp]
+       mov     ebx,DWORD PTR[((8+8+4))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r15,QWORD PTR[2+rsi*8+rbp]
@@ -142,7 +142,7 @@ $L$round::
        xor     r11,QWORD PTR[7+rdi*8+rbp]
        mov     cl,al
        mov     dl,ah
-       mov     eax,DWORD PTR[((2*8+8))+rsp]
+       mov     eax,DWORD PTR[((16+8))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r12,QWORD PTR[6+rsi*8+rbp]
@@ -156,7 +156,7 @@ $L$round::
        xor     r15,QWORD PTR[3+rdi*8+rbp]
        mov     cl,bl
        mov     dl,bh
-       mov     ebx,DWORD PTR[((2*8+8+4))+rsp]
+       mov     ebx,DWORD PTR[((16+8+4))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r8,QWORD PTR[2+rsi*8+rbp]
@@ -170,7 +170,7 @@ $L$round::
        xor     r12,QWORD PTR[7+rdi*8+rbp]
        mov     cl,al
        mov     dl,ah
-       mov     eax,DWORD PTR[((3*8+8))+rsp]
+       mov     eax,DWORD PTR[((24+8))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r13,QWORD PTR[6+rsi*8+rbp]
@@ -184,7 +184,7 @@ $L$round::
        xor     r8,QWORD PTR[3+rdi*8+rbp]
        mov     cl,bl
        mov     dl,bh
-       mov     ebx,DWORD PTR[((3*8+8+4))+rsp]
+       mov     ebx,DWORD PTR[((24+8+4))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r9,QWORD PTR[2+rsi*8+rbp]
@@ -198,7 +198,7 @@ $L$round::
        xor     r13,QWORD PTR[7+rdi*8+rbp]
        mov     cl,al
        mov     dl,ah
-       mov     eax,DWORD PTR[((4*8+8))+rsp]
+       mov     eax,DWORD PTR[((32+8))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r14,QWORD PTR[6+rsi*8+rbp]
@@ -212,7 +212,7 @@ $L$round::
        xor     r9,QWORD PTR[3+rdi*8+rbp]
        mov     cl,bl
        mov     dl,bh
-       mov     ebx,DWORD PTR[((4*8+8+4))+rsp]
+       mov     ebx,DWORD PTR[((32+8+4))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r10,QWORD PTR[2+rsi*8+rbp]
@@ -226,7 +226,7 @@ $L$round::
        xor     r14,QWORD PTR[7+rdi*8+rbp]
        mov     cl,al
        mov     dl,ah
-       mov     eax,DWORD PTR[((5*8+8))+rsp]
+       mov     eax,DWORD PTR[((40+8))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r15,QWORD PTR[6+rsi*8+rbp]
@@ -240,7 +240,7 @@ $L$round::
        xor     r10,QWORD PTR[3+rdi*8+rbp]
        mov     cl,bl
        mov     dl,bh
-       mov     ebx,DWORD PTR[((5*8+8+4))+rsp]
+       mov     ebx,DWORD PTR[((40+8+4))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r11,QWORD PTR[2+rsi*8+rbp]
@@ -254,7 +254,7 @@ $L$round::
        xor     r15,QWORD PTR[7+rdi*8+rbp]
        mov     cl,al
        mov     dl,ah
-       mov     eax,DWORD PTR[((6*8+8))+rsp]
+       mov     eax,DWORD PTR[((48+8))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r8,QWORD PTR[6+rsi*8+rbp]
@@ -268,7 +268,7 @@ $L$round::
        xor     r11,QWORD PTR[3+rdi*8+rbp]
        mov     cl,bl
        mov     dl,bh
-       mov     ebx,DWORD PTR[((6*8+8+4))+rsp]
+       mov     ebx,DWORD PTR[((48+8+4))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r12,QWORD PTR[2+rsi*8+rbp]
@@ -282,7 +282,7 @@ $L$round::
        xor     r8,QWORD PTR[7+rdi*8+rbp]
        mov     cl,al
        mov     dl,ah
-       mov     eax,DWORD PTR[((7*8+8))+rsp]
+       mov     eax,DWORD PTR[((56+8))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r9,QWORD PTR[6+rsi*8+rbp]
@@ -296,19 +296,19 @@ $L$round::
        xor     r12,QWORD PTR[3+rdi*8+rbp]
        mov     cl,bl
        mov     dl,bh
-       mov     ebx,DWORD PTR[((7*8+8+4))+rsp]
+       mov     ebx,DWORD PTR[((56+8+4))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r13,QWORD PTR[2+rsi*8+rbp]
        xor     r14,QWORD PTR[1+rdi*8+rbp]
-       mov     QWORD PTR[((0*8))+rsp],r8
-       mov     QWORD PTR[((1*8))+rsp],r9
-       mov     QWORD PTR[((2*8))+rsp],r10
-       mov     QWORD PTR[((3*8))+rsp],r11
-       mov     QWORD PTR[((4*8))+rsp],r12
-       mov     QWORD PTR[((5*8))+rsp],r13
-       mov     QWORD PTR[((6*8))+rsp],r14
-       mov     QWORD PTR[((7*8))+rsp],r15
+       mov     QWORD PTR[rsp],r8
+       mov     QWORD PTR[8+rsp],r9
+       mov     QWORD PTR[16+rsp],r10
+       mov     QWORD PTR[24+rsp],r11
+       mov     QWORD PTR[32+rsp],r12
+       mov     QWORD PTR[40+rsp],r13
+       mov     QWORD PTR[48+rsp],r14
+       mov     QWORD PTR[56+rsp],r15
        mov     cl,al
        mov     dl,ah
        lea     rsi,QWORD PTR[rcx*1+rcx]
@@ -318,7 +318,7 @@ $L$round::
        xor     r9,QWORD PTR[7+rdi*8+rbp]
        mov     cl,al
        mov     dl,ah
-       mov     eax,DWORD PTR[((64+0*8+8))+rsp]
+       mov     eax,DWORD PTR[((64+0+8))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r10,QWORD PTR[6+rsi*8+rbp]
@@ -332,7 +332,7 @@ $L$round::
        xor     r13,QWORD PTR[3+rdi*8+rbp]
        mov     cl,bl
        mov     dl,bh
-       mov     ebx,DWORD PTR[((64+0*8+8+4))+rsp]
+       mov     ebx,DWORD PTR[((64+0+8+4))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r14,QWORD PTR[2+rsi*8+rbp]
@@ -346,7 +346,7 @@ $L$round::
        xor     r10,QWORD PTR[7+rdi*8+rbp]
        mov     cl,al
        mov     dl,ah
-       mov     eax,DWORD PTR[((64+1*8+8))+rsp]
+       mov     eax,DWORD PTR[((64+8+8))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r11,QWORD PTR[6+rsi*8+rbp]
@@ -360,7 +360,7 @@ $L$round::
        xor     r14,QWORD PTR[3+rdi*8+rbp]
        mov     cl,bl
        mov     dl,bh
-       mov     ebx,DWORD PTR[((64+1*8+8+4))+rsp]
+       mov     ebx,DWORD PTR[((64+8+8+4))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r15,QWORD PTR[2+rsi*8+rbp]
@@ -374,7 +374,7 @@ $L$round::
        xor     r11,QWORD PTR[7+rdi*8+rbp]
        mov     cl,al
        mov     dl,ah
-       mov     eax,DWORD PTR[((64+2*8+8))+rsp]
+       mov     eax,DWORD PTR[((64+16+8))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r12,QWORD PTR[6+rsi*8+rbp]
@@ -388,7 +388,7 @@ $L$round::
        xor     r15,QWORD PTR[3+rdi*8+rbp]
        mov     cl,bl
        mov     dl,bh
-       mov     ebx,DWORD PTR[((64+2*8+8+4))+rsp]
+       mov     ebx,DWORD PTR[((64+16+8+4))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r8,QWORD PTR[2+rsi*8+rbp]
@@ -402,7 +402,7 @@ $L$round::
        xor     r12,QWORD PTR[7+rdi*8+rbp]
        mov     cl,al
        mov     dl,ah
-       mov     eax,DWORD PTR[((64+3*8+8))+rsp]
+       mov     eax,DWORD PTR[((64+24+8))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r13,QWORD PTR[6+rsi*8+rbp]
@@ -416,7 +416,7 @@ $L$round::
        xor     r8,QWORD PTR[3+rdi*8+rbp]
        mov     cl,bl
        mov     dl,bh
-       mov     ebx,DWORD PTR[((64+3*8+8+4))+rsp]
+       mov     ebx,DWORD PTR[((64+24+8+4))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r9,QWORD PTR[2+rsi*8+rbp]
@@ -430,7 +430,7 @@ $L$round::
        xor     r13,QWORD PTR[7+rdi*8+rbp]
        mov     cl,al
        mov     dl,ah
-       mov     eax,DWORD PTR[((64+4*8+8))+rsp]
+       mov     eax,DWORD PTR[((64+32+8))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r14,QWORD PTR[6+rsi*8+rbp]
@@ -444,7 +444,7 @@ $L$round::
        xor     r9,QWORD PTR[3+rdi*8+rbp]
        mov     cl,bl
        mov     dl,bh
-       mov     ebx,DWORD PTR[((64+4*8+8+4))+rsp]
+       mov     ebx,DWORD PTR[((64+32+8+4))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r10,QWORD PTR[2+rsi*8+rbp]
@@ -458,7 +458,7 @@ $L$round::
        xor     r14,QWORD PTR[7+rdi*8+rbp]
        mov     cl,al
        mov     dl,ah
-       mov     eax,DWORD PTR[((64+5*8+8))+rsp]
+       mov     eax,DWORD PTR[((64+40+8))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r15,QWORD PTR[6+rsi*8+rbp]
@@ -472,7 +472,7 @@ $L$round::
        xor     r10,QWORD PTR[3+rdi*8+rbp]
        mov     cl,bl
        mov     dl,bh
-       mov     ebx,DWORD PTR[((64+5*8+8+4))+rsp]
+       mov     ebx,DWORD PTR[((64+40+8+4))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r11,QWORD PTR[2+rsi*8+rbp]
@@ -486,7 +486,7 @@ $L$round::
        xor     r15,QWORD PTR[7+rdi*8+rbp]
        mov     cl,al
        mov     dl,ah
-       mov     eax,DWORD PTR[((64+6*8+8))+rsp]
+       mov     eax,DWORD PTR[((64+48+8))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r8,QWORD PTR[6+rsi*8+rbp]
@@ -500,7 +500,7 @@ $L$round::
        xor     r11,QWORD PTR[3+rdi*8+rbp]
        mov     cl,bl
        mov     dl,bh
-       mov     ebx,DWORD PTR[((64+6*8+8+4))+rsp]
+       mov     ebx,DWORD PTR[((64+48+8+4))+rsp]
        lea     rsi,QWORD PTR[rcx*1+rcx]
        lea     rdi,QWORD PTR[rdx*1+rdx]
        xor     r12,QWORD PTR[2+rsi*8+rbp]
@@ -540,44 +540,44 @@ $L$round::
        je      $L$roundsdone
 
        mov     QWORD PTR[24+rbx],rsi
-       mov     QWORD PTR[((64+0*8))+rsp],r8
-       mov     QWORD PTR[((64+1*8))+rsp],r9
-       mov     QWORD PTR[((64+2*8))+rsp],r10
-       mov     QWORD PTR[((64+3*8))+rsp],r11
-       mov     QWORD PTR[((64+4*8))+rsp],r12
-       mov     QWORD PTR[((64+5*8))+rsp],r13
-       mov     QWORD PTR[((64+6*8))+rsp],r14
-       mov     QWORD PTR[((64+7*8))+rsp],r15
+       mov     QWORD PTR[((64+0))+rsp],r8
+       mov     QWORD PTR[((64+8))+rsp],r9
+       mov     QWORD PTR[((64+16))+rsp],r10
+       mov     QWORD PTR[((64+24))+rsp],r11
+       mov     QWORD PTR[((64+32))+rsp],r12
+       mov     QWORD PTR[((64+40))+rsp],r13
+       mov     QWORD PTR[((64+48))+rsp],r14
+       mov     QWORD PTR[((64+56))+rsp],r15
        jmp     $L$round
 ALIGN  16
 $L$roundsdone::
        mov     rdi,QWORD PTR[rbx]
        mov     rsi,QWORD PTR[8+rbx]
        mov     rax,QWORD PTR[16+rbx]
-       xor     r8,QWORD PTR[((0*8))+rsi]
-       xor     r9,QWORD PTR[((1*8))+rsi]
-       xor     r10,QWORD PTR[((2*8))+rsi]
-       xor     r11,QWORD PTR[((3*8))+rsi]
-       xor     r12,QWORD PTR[((4*8))+rsi]
-       xor     r13,QWORD PTR[((5*8))+rsi]
-       xor     r14,QWORD PTR[((6*8))+rsi]
-       xor     r15,QWORD PTR[((7*8))+rsi]
-       xor     r8,QWORD PTR[((0*8))+rdi]
-       xor     r9,QWORD PTR[((1*8))+rdi]
-       xor     r10,QWORD PTR[((2*8))+rdi]
-       xor     r11,QWORD PTR[((3*8))+rdi]
-       xor     r12,QWORD PTR[((4*8))+rdi]
-       xor     r13,QWORD PTR[((5*8))+rdi]
-       xor     r14,QWORD PTR[((6*8))+rdi]
-       xor     r15,QWORD PTR[((7*8))+rdi]
-       mov     QWORD PTR[((0*8))+rdi],r8
-       mov     QWORD PTR[((1*8))+rdi],r9
-       mov     QWORD PTR[((2*8))+rdi],r10
-       mov     QWORD PTR[((3*8))+rdi],r11
-       mov     QWORD PTR[((4*8))+rdi],r12
-       mov     QWORD PTR[((5*8))+rdi],r13
-       mov     QWORD PTR[((6*8))+rdi],r14
-       mov     QWORD PTR[((7*8))+rdi],r15
+       xor     r8,QWORD PTR[rsi]
+       xor     r9,QWORD PTR[8+rsi]
+       xor     r10,QWORD PTR[16+rsi]
+       xor     r11,QWORD PTR[24+rsi]
+       xor     r12,QWORD PTR[32+rsi]
+       xor     r13,QWORD PTR[40+rsi]
+       xor     r14,QWORD PTR[48+rsi]
+       xor     r15,QWORD PTR[56+rsi]
+       xor     r8,QWORD PTR[rdi]
+       xor     r9,QWORD PTR[8+rdi]
+       xor     r10,QWORD PTR[16+rdi]
+       xor     r11,QWORD PTR[24+rdi]
+       xor     r12,QWORD PTR[32+rdi]
+       xor     r13,QWORD PTR[40+rdi]
+       xor     r14,QWORD PTR[48+rdi]
+       xor     r15,QWORD PTR[56+rdi]
+       mov     QWORD PTR[rdi],r8
+       mov     QWORD PTR[8+rdi],r9
+       mov     QWORD PTR[16+rdi],r10
+       mov     QWORD PTR[24+rdi],r11
+       mov     QWORD PTR[32+rdi],r12
+       mov     QWORD PTR[40+rdi],r13
+       mov     QWORD PTR[48+rdi],r14
+       mov     QWORD PTR[56+rdi],r15
        lea     rsi,QWORD PTR[64+rsi]
        sub     rax,1
        jz      $L$alldone

diff --git a/deps/openssl/asm/x64-win32-masm/x86_64cpuid.asm b/deps/openssl/asm/x64-win32-masm/x86_64cpuid.asm
index cdf7f90..497160c 100644 (file)
--- a/deps/openssl/asm/x64-win32-masm/x86_64cpuid.asm
+++ b/deps/openssl/asm/x64-win32-masm/x86_64cpuid.asm
@@ -1,9 +1,15 @@
 OPTION DOTNAME
 EXTERN OPENSSL_cpuid_setup:NEAR
+
 .CRT$XCU       SEGMENT READONLY ALIGN(8)
                DQ      OPENSSL_cpuid_setup
 
+
 .CRT$XCU       ENDS
+_DATA  SEGMENT
+COMM   OPENSSL_ia32cap_P:DWORD:2
+
+_DATA  ENDS
 .text$ SEGMENT ALIGN(64) 'CODE'
 
 PUBLIC OPENSSL_atomic_add
@@ -68,7 +74,15 @@ OPENSSL_ia32_cpuid   PROC PUBLIC
 
        mov     eax,080000000h
        cpuid
-       cmp     eax,080000008h
+       cmp     eax,080000001h
+       jb      $L$intel
+       mov     r10d,eax
+       mov     eax,080000001h
+       cpuid
+       or      r9d,ecx
+       and     r9d,000000801h
+
+       cmp     r10d,080000008h
        jb      $L$intel
 
        mov     eax,080000008h
@@ -79,12 +93,12 @@ OPENSSL_ia32_cpuid  PROC PUBLIC
        mov     eax,1
        cpuid
        bt      edx,28
-       jnc     $L$done
+       jnc     $L$generic
        shr     ebx,16
        cmp     bl,r10b
-       ja      $L$done
+       ja      $L$generic
        and     edx,0efffffffh
-       jmp     $L$done
+       jmp     $L$generic
 
 $L$intel::
        cmp     r11d,4
@@ -101,30 +115,48 @@ $L$intel::
 $L$nocacheinfo::
        mov     eax,1
        cpuid
+       and     edx,0bfefffffh
        cmp     r9d,0
        jne     $L$notintel
-       or      edx,000100000h
+       or      edx,040000000h
        and     ah,15
        cmp     ah,15
-       je      $L$notintel
-       or      edx,040000000h
+       jne     $L$notintel
+       or      edx,000100000h
 $L$notintel::
        bt      edx,28
-       jnc     $L$done
+       jnc     $L$generic
        and     edx,0efffffffh
        cmp     r10d,0
-       je      $L$done
+       je      $L$generic
 
        or      edx,010000000h
        shr     ebx,16
        cmp     bl,1
-       ja      $L$done
+       ja      $L$generic
        and     edx,0efffffffh
+$L$generic::
+       and     r9d,000000800h
+       and     ecx,0fffff7ffh
+       or      r9d,ecx
+
+       mov     r10d,edx
+       bt      r9d,27
+       jnc     $L$clear_avx
+       xor     ecx,ecx
+DB     00fh,001h,0d0h
+
+       and     eax,6
+       cmp     eax,6
+       je      $L$done
+$L$clear_avx::
+       mov     eax,0efffe7ffh
+       and     r9d,eax
 $L$done::
-       shl     rcx,32
-       mov     eax,edx
+       shl     r9,32
+       mov     eax,r10d
        mov     rbx,r8
-       or      rax,rcx
+       or      rax,r9
        DB      0F3h,0C3h               ;repret
 OPENSSL_ia32_cpuid     ENDP
 
@@ -181,6 +213,20 @@ OPENSSL_wipe_cpu   PROC PUBLIC
        lea     rax,QWORD PTR[8+rsp]
        DB      0F3h,0C3h               ;repret
 OPENSSL_wipe_cpu       ENDP
+PUBLIC OPENSSL_ia32_rdrand
+
+ALIGN  16
+OPENSSL_ia32_rdrand    PROC PUBLIC
+       mov     ecx,8
+$L$oop_rdrand::
+DB     72,15,199,240
+       jc      $L$break_rdrand
+       loop    $L$oop_rdrand
+$L$break_rdrand::
+       cmp     rax,0
+       cmove   rax,rcx
+       DB      0F3h,0C3h               ;repret
+OPENSSL_ia32_rdrand    ENDP
 
 .text$ ENDS
 END

diff --git a/deps/openssl/asm/x86-elf-gas/aes/aes-586.s b/deps/openssl/asm/x86-elf-gas/aes/aes-586.s
index 34c90a0..f586d3d 100644 (file)
--- a/deps/openssl/asm/x86-elf-gas/aes/aes-586.s
+++ b/deps/openssl/asm/x86-elf-gas/aes/aes-586.s
@@ -2986,19 +2986,19 @@ _x86_AES_set_encrypt_key:
        popl    %ebp
        ret
 .size  _x86_AES_set_encrypt_key,.-_x86_AES_set_encrypt_key
-.globl AES_set_encrypt_key
-.type  AES_set_encrypt_key,@function
+.globl private_AES_set_encrypt_key
+.type  private_AES_set_encrypt_key,@function
 .align 16
-AES_set_encrypt_key:
-.L_AES_set_encrypt_key_begin:
+private_AES_set_encrypt_key:
+.L_private_AES_set_encrypt_key_begin:
        call    _x86_AES_set_encrypt_key
        ret
-.size  AES_set_encrypt_key,.-.L_AES_set_encrypt_key_begin
-.globl AES_set_decrypt_key
-.type  AES_set_decrypt_key,@function
+.size  private_AES_set_encrypt_key,.-.L_private_AES_set_encrypt_key_begin
+.globl private_AES_set_decrypt_key
+.type  private_AES_set_decrypt_key,@function
 .align 16
-AES_set_decrypt_key:
-.L_AES_set_decrypt_key_begin:
+private_AES_set_decrypt_key:
+.L_private_AES_set_decrypt_key_begin:
        call    _x86_AES_set_encrypt_key
        cmpl    $0,%eax
        je      .L054proceed
@@ -3227,8 +3227,8 @@ AES_set_decrypt_key:
        popl    %ebx
        popl    %ebp
        ret
-.size  AES_set_decrypt_key,.-.L_AES_set_decrypt_key_begin
+.size  private_AES_set_decrypt_key,.-.L_private_AES_set_decrypt_key_begin
 .byte  65,69,83,32,102,111,114,32,120,56,54,44,32,67,82,89
 .byte  80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114
 .byte  111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
-.comm  OPENSSL_ia32cap_P,4,4
+.comm  OPENSSL_ia32cap_P,8,4

diff --git a/deps/openssl/asm/x86-elf-gas/camellia/cmll-x86.s b/deps/openssl/asm/x86-elf-gas/camellia/cmll-x86.s
index a896314..5c87910 100644 (file)
--- a/deps/openssl/asm/x86-elf-gas/camellia/cmll-x86.s
+++ b/deps/openssl/asm/x86-elf-gas/camellia/cmll-x86.s
@@ -1537,11 +1537,11 @@ Camellia_Ekeygen:
        popl    %ebp
        ret
 .size  Camellia_Ekeygen,.-.L_Camellia_Ekeygen_begin
-.globl Camellia_set_key
-.type  Camellia_set_key,@function
+.globl private_Camellia_set_key
+.type  private_Camellia_set_key,@function
 .align 16
-Camellia_set_key:
-.L_Camellia_set_key_begin:
+private_Camellia_set_key:
+.L_private_Camellia_set_key_begin:
        pushl   %ebx
        movl    8(%esp),%ecx
        movl    12(%esp),%ebx
@@ -1571,7 +1571,7 @@ Camellia_set_key:
 .L014done:
        popl    %ebx
        ret
-.size  Camellia_set_key,.-.L_Camellia_set_key_begin
+.size  private_Camellia_set_key,.-.L_private_Camellia_set_key_begin
 .align 64
 .LCamellia_SIGMA:
 .long  2694735487,1003262091,3061508184,1286239154,3337565999,3914302142,1426019237,4057165596,283453434,3731369245,2958461122,3018244605,0,0,0,0

diff --git a/deps/openssl/asm/x86-elf-gas/rc4/rc4-586.s b/deps/openssl/asm/x86-elf-gas/rc4/rc4-586.s
index 9ba94e4..513ce6a 100644 (file)
--- a/deps/openssl/asm/x86-elf-gas/rc4/rc4-586.s
+++ b/deps/openssl/asm/x86-elf-gas/rc4/rc4-586.s
@@ -29,11 +29,146 @@ RC4:
        movl    (%edi,%eax,4),%ecx
        andl    $-4,%edx
        jz      .L002loop1
-       leal    -4(%esi,%edx,1),%edx
-       movl    %edx,28(%esp)
+       testl   $-8,%edx
        movl    %ebp,32(%esp)
+       jz      .L003go4loop4
+       leal    OPENSSL_ia32cap_P,%ebp
+       btl     $26,(%ebp)
+       jnc     .L003go4loop4
+       movl    32(%esp),%ebp
+       andl    $-8,%edx
+       leal    -8(%esi,%edx,1),%edx
+       movl    %edx,-4(%edi)
+       addb    %cl,%bl
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       movq    (%esi),%mm0
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm2
+       jmp     .L004loop_mmx_enter
+.align 16
+.L005loop_mmx:
+       addb    %cl,%bl
+       psllq   $56,%mm1
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       pxor    %mm1,%mm2
+       movq    (%esi),%mm0
+       movq    %mm2,-8(%ebp,%esi,1)
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm2
+.L004loop_mmx_enter:
+       addb    %cl,%bl
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       pxor    %mm0,%mm2
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm1
+       addb    %cl,%bl
+       psllq   $8,%mm1
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       pxor    %mm1,%mm2
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm1
+       addb    %cl,%bl
+       psllq   $16,%mm1
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       pxor    %mm1,%mm2
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm1
+       addb    %cl,%bl
+       psllq   $24,%mm1
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       pxor    %mm1,%mm2
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm1
+       addb    %cl,%bl
+       psllq   $32,%mm1
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       pxor    %mm1,%mm2
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm1
+       addb    %cl,%bl
+       psllq   $40,%mm1
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       pxor    %mm1,%mm2
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm1
+       addb    %cl,%bl
+       psllq   $48,%mm1
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       pxor    %mm1,%mm2
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm1
+       movl    %ebx,%edx
+       xorl    %ebx,%ebx
+       movb    %dl,%bl
+       cmpl    -4(%edi),%esi
+       leal    8(%esi),%esi
+       jb      .L005loop_mmx
+       psllq   $56,%mm1
+       pxor    %mm1,%mm2
+       movq    %mm2,-8(%ebp,%esi,1)
+       emms
+       cmpl    24(%esp),%esi
+       je      .L006done
+       jmp     .L002loop1
 .align 16
-.L003loop4:
+.L003go4loop4:
+       leal    -4(%esi,%edx,1),%edx
+       movl    %edx,28(%esp)
+.L007loop4:
        addb    %cl,%bl
        movl    (%edi,%ebx,4),%edx
        movl    %ecx,(%edi,%ebx,4)
@@ -79,9 +214,9 @@ RC4:
        movl    %ebp,(%ecx,%esi,1)
        leal    4(%esi),%esi
        movl    (%edi,%eax,4),%ecx
-       jb      .L003loop4
+       jb      .L007loop4
        cmpl    24(%esp),%esi
-       je      .L004done
+       je      .L006done
        movl    32(%esp),%ebp
 .align 16
 .L002loop1:
@@ -99,11 +234,11 @@ RC4:
        cmpl    24(%esp),%esi
        movb    %dl,-1(%ebp,%esi,1)
        jb      .L002loop1
-       jmp     .L004done
+       jmp     .L006done
 .align 16
 .L001RC4_CHAR:
        movzbl  (%edi,%eax,1),%ecx
-.L005cloop1:
+.L008cloop1:
        addb    %cl,%bl
        movzbl  (%edi,%ebx,1),%edx
        movb    %cl,(%edi,%ebx,1)
@@ -116,10 +251,10 @@ RC4:
        movzbl  (%edi,%eax,1),%ecx
        cmpl    24(%esp),%esi
        movb    %dl,-1(%ebp,%esi,1)
-       jb      .L005cloop1
-.L004done:
+       jb      .L008cloop1
+.L006done:
        decb    %al
-       movb    %bl,-4(%edi)
+       movl    %ebx,-4(%edi)
        movb    %al,-8(%edi)
 .L000abort:
        popl    %edi
@@ -128,11 +263,11 @@ RC4:
        popl    %ebp
        ret
 .size  RC4,.-.L_RC4_begin
-.globl RC4_set_key
-.type  RC4_set_key,@function
+.globl private_RC4_set_key
+.type  private_RC4_set_key,@function
 .align 16
-RC4_set_key:
-.L_RC4_set_key_begin:
+private_RC4_set_key:
+.L_private_RC4_set_key_begin:
        pushl   %ebp
        pushl   %ebx
        pushl   %esi
@@ -147,53 +282,53 @@ RC4_set_key:
        xorl    %eax,%eax
        movl    %ebp,-4(%edi)
        btl     $20,(%edx)
-       jc      .L006c1stloop
+       jc      .L009c1stloop
 .align 16
-.L007w1stloop:
+.L010w1stloop:
        movl    %eax,(%edi,%eax,4)
        addb    $1,%al
-       jnc     .L007w1stloop
+       jnc     .L010w1stloop
        xorl    %ecx,%ecx
        xorl    %edx,%edx
 .align 16
-.L008w2ndloop:
+.L011w2ndloop:
        movl    (%edi,%ecx,4),%eax
        addb    (%esi,%ebp,1),%dl
        addb    %al,%dl
        addl    $1,%ebp
        movl    (%edi,%edx,4),%ebx
-       jnz     .L009wnowrap
+       jnz     .L012wnowrap
        movl    -4(%edi),%ebp
-.L009wnowrap:
+.L012wnowrap:
        movl    %eax,(%edi,%edx,4)
        movl    %ebx,(%edi,%ecx,4)
        addb    $1,%cl
-       jnc     .L008w2ndloop
-       jmp     .L010exit
+       jnc     .L011w2ndloop
+       jmp     .L013exit
 .align 16
-.L006c1stloop:
+.L009c1stloop:
        movb    %al,(%edi,%eax,1)
        addb    $1,%al
-       jnc     .L006c1stloop
+       jnc     .L009c1stloop
        xorl    %ecx,%ecx
        xorl    %edx,%edx
        xorl    %ebx,%ebx
 .align 16
-.L011c2ndloop:
+.L014c2ndloop:
        movb    (%edi,%ecx,1),%al
        addb    (%esi,%ebp,1),%dl
        addb    %al,%dl
        addl    $1,%ebp
        movb    (%edi,%edx,1),%bl
-       jnz     .L012cnowrap
+       jnz     .L015cnowrap
        movl    -4(%edi),%ebp
-.L012cnowrap:
+.L015cnowrap:
        movb    %al,(%edi,%edx,1)
        movb    %bl,(%edi,%ecx,1)
        addb    $1,%cl
-       jnc     .L011c2ndloop
+       jnc     .L014c2ndloop
        movl    $-1,256(%edi)
-.L010exit:
+.L013exit:
        xorl    %eax,%eax
        movl    %eax,-8(%edi)
        movl    %eax,-4(%edi)
@@ -202,29 +337,36 @@ RC4_set_key:
        popl    %ebx
        popl    %ebp
        ret
-.size  RC4_set_key,.-.L_RC4_set_key_begin
+.size  private_RC4_set_key,.-.L_private_RC4_set_key_begin
 .globl RC4_options
 .type  RC4_options,@function
 .align 16
 RC4_options:
 .L_RC4_options_begin:
-       call    .L013pic_point
-.L013pic_point:
+       call    .L016pic_point
+.L016pic_point:
        popl    %eax
-       leal    .L014opts-.L013pic_point(%eax),%eax
+       leal    .L017opts-.L016pic_point(%eax),%eax
        leal    OPENSSL_ia32cap_P,%edx
-       btl     $20,(%edx)
-       jnc     .L015skip
+       movl    (%edx),%edx
+       btl     $20,%edx
+       jc      .L0181xchar
+       btl     $26,%edx
+       jnc     .L019ret
+       addl    $25,%eax
+       ret
+.L0181xchar:
        addl    $12,%eax
-.L015skip:
+.L019ret:
        ret
 .align 64
-.L014opts:
+.L017opts:
 .byte  114,99,52,40,52,120,44,105,110,116,41,0
 .byte  114,99,52,40,49,120,44,99,104,97,114,41,0
+.byte  114,99,52,40,56,120,44,109,109,120,41,0
 .byte  82,67,52,32,102,111,114,32,120,56,54,44,32,67,82,89
 .byte  80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114
 .byte  111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align 64
 .size  RC4_options,.-.L_RC4_options_begin
-.comm  OPENSSL_ia32cap_P,4,4
+.comm  OPENSSL_ia32cap_P,8,4

diff --git a/deps/openssl/asm/x86-elf-gas/sha/sha1-586.s b/deps/openssl/asm/x86-elf-gas/sha/sha1-586.s
index cccb1ab..e77f654 100644 (file)
--- a/deps/openssl/asm/x86-elf-gas/sha/sha1-586.s
+++ b/deps/openssl/asm/x86-elf-gas/sha/sha1-586.s
@@ -12,11 +12,12 @@ sha1_block_data_order:
        movl    20(%esp),%ebp
        movl    24(%esp),%esi
        movl    28(%esp),%eax
-       subl    $64,%esp
+       subl    $76,%esp
        shll    $6,%eax
        addl    %esi,%eax
-       movl    %eax,92(%esp)
+       movl    %eax,104(%esp)
        movl    16(%ebp),%edi
+       jmp     .L000loop
 .align 16
 .L000loop:
        movl    (%esi),%eax
@@ -67,7 +68,7 @@ sha1_block_data_order:
        movl    %ebx,52(%esp)
        movl    %ecx,56(%esp)
        movl    %edx,60(%esp)
-       movl    %esi,88(%esp)
+       movl    %esi,100(%esp)
        movl    (%ebp),%eax
        movl    4(%ebp),%ebx
        movl    8(%ebp),%ecx
@@ -78,10 +79,10 @@ sha1_block_data_order:
        roll    $5,%ebp
        xorl    %edx,%esi
        addl    %edi,%ebp
-       andl    %ebx,%esi
        movl    (%esp),%edi
-       xorl    %edx,%esi
+       andl    %ebx,%esi
        rorl    $2,%ebx
+       xorl    %edx,%esi
        leal    1518500249(%ebp,%edi,1),%ebp
        addl    %esi,%ebp
 
@@ -90,10 +91,10 @@ sha1_block_data_order:
        roll    $5,%ebp
        xorl    %ecx,%edi
        addl    %edx,%ebp
-       andl    %eax,%edi
        movl    4(%esp),%edx
-       xorl    %ecx,%edi
+       andl    %eax,%edi
        rorl    $2,%eax
+       xorl    %ecx,%edi
        leal    1518500249(%ebp,%edx,1),%ebp
        addl    %edi,%ebp
 
@@ -102,10 +103,10 @@ sha1_block_data_order:
        roll    $5,%ebp
        xorl    %ebx,%edx
        addl    %ecx,%ebp
-       andl    %esi,%edx
        movl    8(%esp),%ecx
-       xorl    %ebx,%edx
+       andl    %esi,%edx
        rorl    $2,%esi
+       xorl    %ebx,%edx
        leal    1518500249(%ebp,%ecx,1),%ebp
        addl    %edx,%ebp
 
@@ -114,10 +115,10 @@ sha1_block_data_order:
        roll    $5,%ebp
        xorl    %eax,%ecx
        addl    %ebx,%ebp
-       andl    %edi,%ecx
        movl    12(%esp),%ebx
-       xorl    %eax,%ecx
+       andl    %edi,%ecx
        rorl    $2,%edi
+       xorl    %eax,%ecx
        leal    1518500249(%ebp,%ebx,1),%ebp
        addl    %ecx,%ebp
 
@@ -126,10 +127,10 @@ sha1_block_data_order:
        roll    $5,%ebp
        xorl    %esi,%ebx
        addl    %eax,%ebp
-       andl    %edx,%ebx
        movl    16(%esp),%eax
-       xorl    %esi,%ebx
+       andl    %edx,%ebx
        rorl    $2,%edx
+       xorl    %esi,%ebx
        leal    1518500249(%ebp,%eax,1),%ebp
        addl    %ebx,%ebp
 
@@ -138,10 +139,10 @@ sha1_block_data_order:
        roll    $5,%ebp
        xorl    %edi,%eax
        addl    %esi,%ebp
-       andl    %ecx,%eax
        movl    20(%esp),%esi
-       xorl    %edi,%eax
+       andl    %ecx,%eax
        rorl    $2,%ecx
+       xorl    %edi,%eax
        leal    1518500249(%ebp,%esi,1),%ebp
        addl    %eax,%ebp
 
@@ -150,10 +151,10 @@ sha1_block_data_order:
        roll    $5,%ebp
        xorl    %edx,%esi
        addl    %edi,%ebp
-       andl    %ebx,%esi
        movl    24(%esp),%edi
-       xorl    %edx,%esi
+       andl    %ebx,%esi
        rorl    $2,%ebx
+       xorl    %edx,%esi
        leal    1518500249(%ebp,%edi,1),%ebp
        addl    %esi,%ebp
 
@@ -162,10 +163,10 @@ sha1_block_data_order:
        roll    $5,%ebp
        xorl    %ecx,%edi
        addl    %edx,%ebp
-       andl    %eax,%edi
        movl    28(%esp),%edx
-       xorl    %ecx,%edi
+       andl    %eax,%edi
        rorl    $2,%eax
+       xorl    %ecx,%edi
        leal    1518500249(%ebp,%edx,1),%ebp
        addl    %edi,%ebp
 
@@ -174,10 +175,10 @@ sha1_block_data_order:
        roll    $5,%ebp
        xorl    %ebx,%edx
        addl    %ecx,%ebp
-       andl    %esi,%edx
        movl    32(%esp),%ecx
-       xorl    %ebx,%edx
+       andl    %esi,%edx
        rorl    $2,%esi
+       xorl    %ebx,%edx
        leal    1518500249(%ebp,%ecx,1),%ebp
        addl    %edx,%ebp
 
@@ -186,10 +187,10 @@ sha1_block_data_order:
        roll    $5,%ebp
        xorl    %eax,%ecx
        addl    %ebx,%ebp
-       andl    %edi,%ecx
        movl    36(%esp),%ebx
-       xorl    %eax,%ecx
+       andl    %edi,%ecx
        rorl    $2,%edi
+       xorl    %eax,%ecx
        leal    1518500249(%ebp,%ebx,1),%ebp
        addl    %ecx,%ebp
 
@@ -198,10 +199,10 @@ sha1_block_data_order:
        roll    $5,%ebp
        xorl    %esi,%ebx
        addl    %eax,%ebp
-       andl    %edx,%ebx
        movl    40(%esp),%eax
-       xorl    %esi,%ebx
+       andl    %edx,%ebx
        rorl    $2,%edx
+       xorl    %esi,%ebx
        leal    1518500249(%ebp,%eax,1),%ebp
        addl    %ebx,%ebp
 
@@ -210,10 +211,10 @@ sha1_block_data_order:
        roll    $5,%ebp
        xorl    %edi,%eax
        addl    %esi,%ebp
-       andl    %ecx,%eax
        movl    44(%esp),%esi
-       xorl    %edi,%eax
+       andl    %ecx,%eax
        rorl    $2,%ecx
+       xorl    %edi,%eax
        leal    1518500249(%ebp,%esi,1),%ebp
        addl    %eax,%ebp
 
@@ -222,10 +223,10 @@ sha1_block_data_order:
        roll    $5,%ebp
        xorl    %edx,%esi
        addl    %edi,%ebp
-       andl    %ebx,%esi
        movl    48(%esp),%edi
-       xorl    %edx,%esi
+       andl    %ebx,%esi
        rorl    $2,%ebx
+       xorl    %edx,%esi
        leal    1518500249(%ebp,%edi,1),%ebp
        addl    %esi,%ebp
 
@@ -234,10 +235,10 @@ sha1_block_data_order:
        roll    $5,%ebp
        xorl    %ecx,%edi
        addl    %edx,%ebp
-       andl    %eax,%edi
        movl    52(%esp),%edx
-       xorl    %ecx,%edi
+       andl    %eax,%edi
        rorl    $2,%eax
+       xorl    %ecx,%edi
        leal    1518500249(%ebp,%edx,1),%ebp
        addl    %edi,%ebp
 
@@ -246,10 +247,10 @@ sha1_block_data_order:
        roll    $5,%ebp
        xorl    %ebx,%edx
        addl    %ecx,%ebp
-       andl    %esi,%edx
        movl    56(%esp),%ecx
-       xorl    %ebx,%edx
+       andl    %esi,%edx
        rorl    $2,%esi
+       xorl    %ebx,%edx
        leal    1518500249(%ebp,%ecx,1),%ebp
        addl    %edx,%ebp
 
@@ -258,1162 +259,1099 @@ sha1_block_data_order:
        roll    $5,%ebp
        xorl    %eax,%ecx
        addl    %ebx,%ebp
-       andl    %edi,%ecx
        movl    60(%esp),%ebx
-       xorl    %eax,%ecx
+       andl    %edi,%ecx
        rorl    $2,%edi
+       xorl    %eax,%ecx
        leal    1518500249(%ebp,%ebx,1),%ebp
+       movl    (%esp),%ebx
        addl    %ebp,%ecx
 
-       movl    (%esp),%ebx
        movl    %edi,%ebp
        xorl    8(%esp),%ebx
        xorl    %esi,%ebp
        xorl    32(%esp),%ebx
        andl    %edx,%ebp
-       rorl    $2,%edx
        xorl    52(%esp),%ebx
        roll    $1,%ebx
        xorl    %esi,%ebp
+       addl    %ebp,%eax
+       movl    %ecx,%ebp
+       rorl    $2,%edx
        movl    %ebx,(%esp)
+       roll    $5,%ebp
        leal    1518500249(%ebx,%eax,1),%ebx
-       movl    %ecx,%eax
-       roll    $5,%eax
+       movl    4(%esp),%eax
        addl    %ebp,%ebx
-       addl    %eax,%ebx
 
-       movl    4(%esp),%eax
        movl    %edx,%ebp
        xorl    12(%esp),%eax
        xorl    %edi,%ebp
        xorl    36(%esp),%eax
        andl    %ecx,%ebp
-       rorl    $2,%ecx
        xorl    56(%esp),%eax
        roll    $1,%eax
        xorl    %edi,%ebp
+       addl    %ebp,%esi
+       movl    %ebx,%ebp
+       rorl    $2,%ecx
        movl    %eax,4(%esp)
+       roll    $5,%ebp
        leal    1518500249(%eax,%esi,1),%eax
-       movl    %ebx,%esi
-       roll    $5,%esi
+       movl    8(%esp),%esi
        addl    %ebp,%eax
-       addl    %esi,%eax
 
-       movl    8(%esp),%esi
        movl    %ecx,%ebp
        xorl    16(%esp),%esi
        xorl    %edx,%ebp
        xorl    40(%esp),%esi
        andl    %ebx,%ebp
-       rorl    $2,%ebx
        xorl    60(%esp),%esi
        roll    $1,%esi
        xorl    %edx,%ebp
+       addl    %ebp,%edi
+       movl    %eax,%ebp
+       rorl    $2,%ebx
        movl    %esi,8(%esp)
+       roll    $5,%ebp
        leal    1518500249(%esi,%edi,1),%esi
-       movl    %eax,%edi
-       roll    $5,%edi
+       movl    12(%esp),%edi
        addl    %ebp,%esi
-       addl    %edi,%esi
 
-       movl    12(%esp),%edi
        movl    %ebx,%ebp
        xorl    20(%esp),%edi
        xorl    %ecx,%ebp
        xorl    44(%esp),%edi
        andl    %eax,%ebp
-       rorl    $2,%eax
        xorl    (%esp),%edi
        roll    $1,%edi
        xorl    %ecx,%ebp
+       addl    %ebp,%edx
+       movl    %esi,%ebp
+       rorl    $2,%eax
        movl    %edi,12(%esp)
+       roll    $5,%ebp
        leal    1518500249(%edi,%edx,1),%edi
-       movl    %esi,%edx
-       roll    $5,%edx
+       movl    16(%esp),%edx
        addl    %ebp,%edi
-       addl    %edx,%edi
 
        movl    %esi,%ebp
-       movl    16(%esp),%edx
-       rorl    $2,%esi
        xorl    24(%esp),%edx
        xorl    %eax,%ebp
        xorl    48(%esp),%edx
        xorl    %ebx,%ebp
        xorl    4(%esp),%edx
        roll    $1,%edx
-       addl    %ecx,%ebp
+       addl    %ebp,%ecx
+       rorl    $2,%esi
+       movl    %edi,%ebp
+       roll    $5,%ebp
        movl    %edx,16(%esp)
-       movl    %edi,%ecx
-       roll    $5,%ecx
-       leal    1859775393(%edx,%ebp,1),%edx
-       addl    %ecx,%edx
+       leal    1859775393(%edx,%ecx,1),%edx
+       movl    20(%esp),%ecx
+       addl    %ebp,%edx
 
        movl    %edi,%ebp
-       movl    20(%esp),%ecx
-       rorl    $2,%edi
        xorl    28(%esp),%ecx
        xorl    %esi,%ebp
        xorl    52(%esp),%ecx
        xorl    %eax,%ebp
        xorl    8(%esp),%ecx
        roll    $1,%ecx
-       addl    %ebx,%ebp
+       addl    %ebp,%ebx
+       rorl    $2,%edi
+       movl    %edx,%ebp
+       roll    $5,%ebp
        movl    %ecx,20(%esp)
-       movl    %edx,%ebx
-       roll    $5,%ebx
-       leal    1859775393(%ecx,%ebp,1),%ecx
-       addl    %ebx,%ecx
+       leal    1859775393(%ecx,%ebx,1),%ecx
+       movl    24(%esp),%ebx
+       addl    %ebp,%ecx
 
        movl    %edx,%ebp
-       movl    24(%esp),%ebx
-       rorl    $2,%edx
        xorl    32(%esp),%ebx
        xorl    %edi,%ebp
        xorl    56(%esp),%ebx
        xorl    %esi,%ebp
        xorl    12(%esp),%ebx
        roll    $1,%ebx
-       addl    %eax,%ebp
+       addl    %ebp,%eax
+       rorl    $2,%edx
+       movl    %ecx,%ebp
+       roll    $5,%ebp
        movl    %ebx,24(%esp)
-       movl    %ecx,%eax
-       roll    $5,%eax
-       leal    1859775393(%ebx,%ebp,1),%ebx
-       addl    %eax,%ebx
+       leal    1859775393(%ebx,%eax,1),%ebx
+       movl    28(%esp),%eax
+       addl    %ebp,%ebx
 
        movl    %ecx,%ebp
-       movl    28(%esp),%eax
-       rorl    $2,%ecx
        xorl    36(%esp),%eax
        xorl    %edx,%ebp
        xorl    60(%esp),%eax
        xorl    %edi,%ebp
        xorl    16(%esp),%eax
        roll    $1,%eax
-       addl    %esi,%ebp
+       addl    %ebp,%esi
+       rorl    $2,%ecx
+       movl    %ebx,%ebp
+       roll    $5,%ebp
        movl    %eax,28(%esp)
-       movl    %ebx,%esi
-       roll    $5,%esi
-       leal    1859775393(%eax,%ebp,1),%eax
-       addl    %esi,%eax
+       leal    1859775393(%eax,%esi,1),%eax
+       movl    32(%esp),%esi
+       addl    %ebp,%eax
 
        movl    %ebx,%ebp
-       movl    32(%esp),%esi
-       rorl    $2,%ebx
        xorl    40(%esp),%esi
        xorl    %ecx,%ebp
        xorl    (%esp),%esi
        xorl    %edx,%ebp
        xorl    20(%esp),%esi
        roll    $1,%esi
-       addl    %edi,%ebp
+       addl    %ebp,%edi
+       rorl    $2,%ebx
+       movl    %eax,%ebp
+       roll    $5,%ebp
        movl    %esi,32(%esp)
-       movl    %eax,%edi
-       roll    $5,%edi
-       leal    1859775393(%esi,%ebp,1),%esi
-       addl    %edi,%esi
+       leal    1859775393(%esi,%edi,1),%esi
+       movl    36(%esp),%edi
+       addl    %ebp,%esi
 
        movl    %eax,%ebp
-       movl    36(%esp),%edi
-       rorl    $2,%eax
        xorl    44(%esp),%edi
        xorl    %ebx,%ebp
        xorl    4(%esp),%edi
        xorl    %ecx,%ebp
        xorl    24(%esp),%edi
        roll    $1,%edi
-       addl    %edx,%ebp
+       addl    %ebp,%edx
+       rorl    $2,%eax
+       movl    %esi,%ebp
+       roll    $5,%ebp
        movl    %edi,36(%esp)
-       movl    %esi,%edx
-       roll    $5,%edx
-       leal    1859775393(%edi,%ebp,1),%edi
-       addl    %edx,%edi
+       leal    1859775393(%edi,%edx,1),%edi
+       movl    40(%esp),%edx
+       addl    %ebp,%edi
 
        movl    %esi,%ebp
-       movl    40(%esp),%edx
-       rorl    $2,%esi
        xorl    48(%esp),%edx
        xorl    %eax,%ebp
        xorl    8(%esp),%edx
        xorl    %ebx,%ebp
        xorl    28(%esp),%edx
        roll    $1,%edx
-       addl    %ecx,%ebp
+       addl    %ebp,%ecx
+       rorl    $2,%esi
+       movl    %edi,%ebp
+       roll    $5,%ebp
        movl    %edx,40(%esp)
-       movl    %edi,%ecx
-       roll    $5,%ecx
-       leal    1859775393(%edx,%ebp,1),%edx
-       addl    %ecx,%edx
+       leal    1859775393(%edx,%ecx,1),%edx
+       movl    44(%esp),%ecx
+       addl    %ebp,%edx
 
        movl    %edi,%ebp
-       movl    44(%esp),%ecx
-       rorl    $2,%edi
        xorl    52(%esp),%ecx
        xorl    %esi,%ebp
        xorl    12(%esp),%ecx
        xorl    %eax,%ebp
        xorl    32(%esp),%ecx
        roll    $1,%ecx
-       addl    %ebx,%ebp
+       addl    %ebp,%ebx
+       rorl    $2,%edi
+       movl    %edx,%ebp
+       roll    $5,%ebp
        movl    %ecx,44(%esp)
-       movl    %edx,%ebx
-       roll    $5,%ebx
-       leal    1859775393(%ecx,%ebp,1),%ecx
-       addl    %ebx,%ecx
+       leal    1859775393(%ecx,%ebx,1),%ecx
+       movl    48(%esp),%ebx
+       addl    %ebp,%ecx
 
        movl    %edx,%ebp
-       movl    48(%esp),%ebx
-       rorl    $2,%edx
        xorl    56(%esp),%ebx
        xorl    %edi,%ebp
        xorl    16(%esp),%ebx
        xorl    %esi,%ebp
        xorl    36(%esp),%ebx
        roll    $1,%ebx
-       addl    %eax,%ebp
+       addl    %ebp,%eax
+       rorl    $2,%edx
+       movl    %ecx,%ebp
+       roll    $5,%ebp
        movl    %ebx,48(%esp)
-       movl    %ecx,%eax
-       roll    $5,%eax
-       leal    1859775393(%ebx,%ebp,1),%ebx
-       addl    %eax,%ebx
+       leal    1859775393(%ebx,%eax,1),%ebx
+       movl    52(%esp),%eax
+       addl    %ebp,%ebx
 
        movl    %ecx,%ebp
-       movl    52(%esp),%eax
-       rorl    $2,%ecx
        xorl    60(%esp),%eax
        xorl    %edx,%ebp
        xorl    20(%esp),%eax
        xorl    %edi,%ebp
        xorl    40(%esp),%eax
        roll    $1,%eax
-       addl    %esi,%ebp
+       addl    %ebp,%esi
+       rorl    $2,%ecx
+       movl    %ebx,%ebp
+       roll    $5,%ebp
        movl    %eax,52(%esp)
-       movl    %ebx,%esi
-       roll    $5,%esi
-       leal    1859775393(%eax,%ebp,1),%eax
-       addl    %esi,%eax
+       leal    1859775393(%eax,%esi,1),%eax
+       movl    56(%esp),%esi
+       addl    %ebp,%eax
 
        movl    %ebx,%ebp
-       movl    56(%esp),%esi
-       rorl    $2,%ebx
        xorl    (%esp),%esi
        xorl    %ecx,%ebp
        xorl    24(%esp),%esi
        xorl    %edx,%ebp
        xorl    44(%esp),%esi
        roll    $1,%esi
-       addl    %edi,%ebp
+       addl    %ebp,%edi
+       rorl    $2,%ebx
+       movl    %eax,%ebp
+       roll    $5,%ebp
        movl    %esi,56(%esp)
-       movl    %eax,%edi
-       roll    $5,%edi
-       leal    1859775393(%esi,%ebp,1),%esi
-       addl    %edi,%esi
+       leal    1859775393(%esi,%edi,1),%esi
+       movl    60(%esp),%edi
+       addl    %ebp,%esi
 
        movl    %eax,%ebp
-       movl    60(%esp),%edi
-       rorl    $2,%eax
        xorl    4(%esp),%edi
        xorl    %ebx,%ebp
        xorl    28(%esp),%edi
        xorl    %ecx,%ebp
        xorl    48(%esp),%edi
        roll    $1,%edi
-       addl    %edx,%ebp
+       addl    %ebp,%edx
+       rorl    $2,%eax
+       movl    %esi,%ebp
+       roll    $5,%ebp
        movl    %edi,60(%esp)
-       movl    %esi,%edx
-       roll    $5,%edx
-       leal    1859775393(%edi,%ebp,1),%edi
-       addl    %edx,%edi
+       leal    1859775393(%edi,%edx,1),%edi
+       movl    (%esp),%edx
+       addl    %ebp,%edi
 
        movl    %esi,%ebp
-       movl    (%esp),%edx
-       rorl    $2,%esi
        xorl    8(%esp),%edx
        xorl    %eax,%ebp
        xorl    32(%esp),%edx
        xorl    %ebx,%ebp
        xorl    52(%esp),%edx
        roll    $1,%edx
-       addl    %ecx,%ebp
+       addl    %ebp,%ecx
+       rorl    $2,%esi
+       movl    %edi,%ebp
+       roll    $5,%ebp
        movl    %edx,(%esp)
-       movl    %edi,%ecx
-       roll    $5,%ecx
-       leal    1859775393(%edx,%ebp,1),%edx
-       addl    %ecx,%edx
+       leal    1859775393(%edx,%ecx,1),%edx
+       movl    4(%esp),%ecx
+       addl    %ebp,%edx
 
        movl    %edi,%ebp
-       movl    4(%esp),%ecx
-       rorl    $2,%edi
        xorl    12(%esp),%ecx
        xorl    %esi,%ebp
        xorl    36(%esp),%ecx
        xorl    %eax,%ebp
        xorl    56(%esp),%ecx
        roll    $1,%ecx
-       addl    %ebx,%ebp
+       addl    %ebp,%ebx
+       rorl    $2,%edi
+       movl    %edx,%ebp
+       roll    $5,%ebp
        movl    %ecx,4(%esp)
-       movl    %edx,%ebx
-       roll    $5,%ebx
-       leal    1859775393(%ecx,%ebp,1),%ecx
-       addl    %ebx,%ecx
+       leal    1859775393(%ecx,%ebx,1),%ecx
+       movl    8(%esp),%ebx
+       addl    %ebp,%ecx
 
        movl    %edx,%ebp
-       movl    8(%esp),%ebx
-       rorl    $2,%edx
        xorl    16(%esp),%ebx
        xorl    %edi,%ebp
        xorl    40(%esp),%ebx
        xorl    %esi,%ebp
        xorl    60(%esp),%ebx
        roll    $1,%ebx
-       addl    %eax,%ebp
+       addl    %ebp,%eax
+       rorl    $2,%edx
+       movl    %ecx,%ebp
+       roll    $5,%ebp
        movl    %ebx,8(%esp)
-       movl    %ecx,%eax
-       roll    $5,%eax
-       leal    1859775393(%ebx,%ebp,1),%ebx
-       addl    %eax,%ebx
+       leal    1859775393(%ebx,%eax,1),%ebx
+       movl    12(%esp),%eax
+       addl    %ebp,%ebx
 
        movl    %ecx,%ebp
-       movl    12(%esp),%eax
-       rorl    $2,%ecx
        xorl    20(%esp),%eax
        xorl    %edx,%ebp
        xorl    44(%esp),%eax
        xorl    %edi,%ebp
        xorl    (%esp),%eax
        roll    $1,%eax
-       addl    %esi,%ebp
+       addl    %ebp,%esi
+       rorl    $2,%ecx
+       movl    %ebx,%ebp
+       roll    $5,%ebp
        movl    %eax,12(%esp)
-       movl    %ebx,%esi
-       roll    $5,%esi
-       leal    1859775393(%eax,%ebp,1),%eax
-       addl    %esi,%eax
+       leal    1859775393(%eax,%esi,1),%eax
+       movl    16(%esp),%esi
+       addl    %ebp,%eax
 
        movl    %ebx,%ebp
-       movl    16(%esp),%esi
-       rorl    $2,%ebx
        xorl    24(%esp),%esi
        xorl    %ecx,%ebp
        xorl    48(%esp),%esi
        xorl    %edx,%ebp
        xorl    4(%esp),%esi
        roll    $1,%esi
-       addl    %edi,%ebp
+       addl    %ebp,%edi
+       rorl    $2,%ebx
+       movl    %eax,%ebp
+       roll    $5,%ebp
        movl    %esi,16(%esp)
-       movl    %eax,%edi
-       roll    $5,%edi
-       leal    1859775393(%esi,%ebp,1),%esi
-       addl    %edi,%esi
+       leal    1859775393(%esi,%edi,1),%esi
+       movl    20(%esp),%edi
+       addl    %ebp,%esi
 
        movl    %eax,%ebp
-       movl    20(%esp),%edi
-       rorl    $2,%eax
        xorl    28(%esp),%edi
        xorl    %ebx,%ebp
        xorl    52(%esp),%edi
        xorl    %ecx,%ebp
        xorl    8(%esp),%edi
        roll    $1,%edi
-       addl    %edx,%ebp
+       addl    %ebp,%edx
+       rorl    $2,%eax
+       movl    %esi,%ebp
+       roll    $5,%ebp
        movl    %edi,20(%esp)
-       movl    %esi,%edx
-       roll    $5,%edx
-       leal    1859775393(%edi,%ebp,1),%edi
-       addl    %edx,%edi
+       leal    1859775393(%edi,%edx,1),%edi
+       movl    24(%esp),%edx
+       addl    %ebp,%edi
 
        movl    %esi,%ebp
-       movl    24(%esp),%edx
-       rorl    $2,%esi
        xorl    32(%esp),%edx
        xorl    %eax,%ebp
        xorl    56(%esp),%edx
        xorl    %ebx,%ebp
        xorl    12(%esp),%edx
        roll    $1,%edx
-       addl    %ecx,%ebp
+       addl    %ebp,%ecx
+       rorl    $2,%esi
+       movl    %edi,%ebp
+       roll    $5,%ebp
        movl    %edx,24(%esp)
-       movl    %edi,%ecx
-       roll    $5,%ecx
-       leal    1859775393(%edx,%ebp,1),%edx
-       addl    %ecx,%edx
+       leal    1859775393(%edx,%ecx,1),%edx
+       movl    28(%esp),%ecx
+       addl    %ebp,%edx
 
        movl    %edi,%ebp
-       movl    28(%esp),%ecx
-       rorl    $2,%edi
        xorl    36(%esp),%ecx
        xorl    %esi,%ebp
        xorl    60(%esp),%ecx
        xorl    %eax,%ebp
        xorl    16(%esp),%ecx
        roll    $1,%ecx
-       addl    %ebx,%ebp
+       addl    %ebp,%ebx
+       rorl    $2,%edi
+       movl    %edx,%ebp
+       roll    $5,%ebp
        movl    %ecx,28(%esp)
-       movl    %edx,%ebx
-       roll    $5,%ebx
-       leal    1859775393(%ecx,%ebp,1),%ecx
-       addl    %ebx,%ecx
-
+       leal    1859775393(%ecx,%ebx,1),%ecx
        movl    32(%esp),%ebx
-       movl    40(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    (%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    20(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    %edx,%ebp
+       addl    %ebp,%ecx
+
+       movl    %edi,%ebp
+       xorl    40(%esp),%ebx
+       xorl    %esi,%ebp
+       xorl    (%esp),%ebx
+       andl    %edx,%ebp
+       xorl    20(%esp),%ebx
        roll    $1,%ebx
-       orl     %edi,%ebp
-       movl    %ebx,32(%esp)
-       andl    %esi,%ebp
-       leal    2400959708(%ebx,%eax,1),%ebx
-       movl    %edx,%eax
+       addl    %eax,%ebp
        rorl    $2,%edx
-       andl    %edi,%eax
-       orl     %eax,%ebp
        movl    %ecx,%eax
        roll    $5,%eax
-       addl    %ebp,%ebx
+       movl    %ebx,32(%esp)
+       leal    2400959708(%ebx,%ebp,1),%ebx
+       movl    %edi,%ebp
        addl    %eax,%ebx
-
+       andl    %esi,%ebp
        movl    36(%esp),%eax
-       movl    44(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    4(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    24(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    %ecx,%ebp
+       addl    %ebp,%ebx
+
+       movl    %edx,%ebp
+       xorl    44(%esp),%eax
+       xorl    %edi,%ebp
+       xorl    4(%esp),%eax
+       andl    %ecx,%ebp
+       xorl    24(%esp),%eax
        roll    $1,%eax
-       orl     %edx,%ebp
-       movl    %eax,36(%esp)
-       andl    %edi,%ebp
-       leal    2400959708(%eax,%esi,1),%eax
-       movl    %ecx,%esi
+       addl    %esi,%ebp
        rorl    $2,%ecx
-       andl    %edx,%esi
-       orl     %esi,%ebp
        movl    %ebx,%esi
        roll    $5,%esi
-       addl    %ebp,%eax
+       movl    %eax,36(%esp)
+       leal    2400959708(%eax,%ebp,1),%eax
+       movl    %edx,%ebp
        addl    %esi,%eax
-
+       andl    %edi,%ebp
        movl    40(%esp),%esi
-       movl    48(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    8(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    28(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    %ebx,%ebp
+       addl    %ebp,%eax
+
+       movl    %ecx,%ebp
+       xorl    48(%esp),%esi
+       xorl    %edx,%ebp
+       xorl    8(%esp),%esi
+       andl    %ebx,%ebp
+       xorl    28(%esp),%esi
        roll    $1,%esi
-       orl     %ecx,%ebp
-       movl    %esi,40(%esp)
-       andl    %edx,%ebp
-       leal    2400959708(%esi,%edi,1),%esi
-       movl    %ebx,%edi
+       addl    %edi,%ebp
        rorl    $2,%ebx
-       andl    %ecx,%edi
-       orl     %edi,%ebp
        movl    %eax,%edi
        roll    $5,%edi
-       addl    %ebp,%esi
+       movl    %esi,40(%esp)
+       leal    2400959708(%esi,%ebp,1),%esi
+       movl    %ecx,%ebp
        addl    %edi,%esi
-
+       andl    %edx,%ebp
        movl    44(%esp),%edi
-       movl    52(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    12(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    32(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    %eax,%ebp
+       addl    %ebp,%esi
+
+       movl    %ebx,%ebp
+       xorl    52(%esp),%edi
+       xorl    %ecx,%ebp
+       xorl    12(%esp),%edi
+       andl    %eax,%ebp
+       xorl    32(%esp),%edi
        roll    $1,%edi
-       orl     %ebx,%ebp
-       movl    %edi,44(%esp)
-       andl    %ecx,%ebp
-       leal    2400959708(%edi,%edx,1),%edi
-       movl    %eax,%edx
+       addl    %edx,%ebp
        rorl    $2,%eax
-       andl    %ebx,%edx
-       orl     %edx,%ebp
        movl    %esi,%edx
        roll    $5,%edx
-       addl    %ebp,%edi
+       movl    %edi,44(%esp)
+       leal    2400959708(%edi,%ebp,1),%edi
+       movl    %ebx,%ebp
        addl    %edx,%edi
-
+       andl    %ecx,%ebp
        movl    48(%esp),%edx
-       movl    56(%esp),%ebp
-       xorl    %ebp,%edx
-       movl    16(%esp),%ebp
-       xorl    %ebp,%edx
-       movl    36(%esp),%ebp
-       xorl    %ebp,%edx
-       movl    %esi,%ebp
+       addl    %ebp,%edi
+
+       movl    %eax,%ebp
+       xorl    56(%esp),%edx
+       xorl    %ebx,%ebp
+       xorl    16(%esp),%edx
+       andl    %esi,%ebp
+       xorl    36(%esp),%edx
        roll    $1,%edx
-       orl     %eax,%ebp
-       movl    %edx,48(%esp)
-       andl    %ebx,%ebp
-       leal    2400959708(%edx,%ecx,1),%edx
-       movl    %esi,%ecx
+       addl    %ecx,%ebp
        rorl    $2,%esi
-       andl    %eax,%ecx
-       orl     %ecx,%ebp
        movl    %edi,%ecx
        roll    $5,%ecx
-       addl    %ebp,%edx
+       movl    %edx,48(%esp)
+       leal    2400959708(%edx,%ebp,1),%edx
+       movl    %eax,%ebp
        addl    %ecx,%edx
-
+       andl    %ebx,%ebp
        movl    52(%esp),%ecx
-       movl    60(%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    20(%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    40(%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    %edi,%ebp
+       addl    %ebp,%edx
+
+       movl    %esi,%ebp
+       xorl    60(%esp),%ecx
+       xorl    %eax,%ebp
+       xorl    20(%esp),%ecx
+       andl    %edi,%ebp
+       xorl    40(%esp),%ecx
        roll    $1,%ecx
-       orl     %esi,%ebp
-       movl    %ecx,52(%esp)
-       andl    %eax,%ebp
-       leal    2400959708(%ecx,%ebx,1),%ecx
-       movl    %edi,%ebx
+       addl    %ebx,%ebp
        rorl    $2,%edi
-       andl    %esi,%ebx
-       orl     %ebx,%ebp
        movl    %edx,%ebx
        roll    $5,%ebx
-       addl    %ebp,%ecx
+       movl    %ecx,52(%esp)
+       leal    2400959708(%ecx,%ebp,1),%ecx
+       movl    %esi,%ebp
        addl    %ebx,%ecx
-
+       andl    %eax,%ebp
        movl    56(%esp),%ebx
-       movl    (%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    24(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    44(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    %edx,%ebp
+       addl    %ebp,%ecx
+
+       movl    %edi,%ebp
+       xorl    (%esp),%ebx
+       xorl    %esi,%ebp
+       xorl    24(%esp),%ebx
+       andl    %edx,%ebp
+       xorl    44(%esp),%ebx
        roll    $1,%ebx
-       orl     %edi,%ebp
-       movl    %ebx,56(%esp)
-       andl    %esi,%ebp
-       leal    2400959708(%ebx,%eax,1),%ebx
-       movl    %edx,%eax
+       addl    %eax,%ebp
        rorl    $2,%edx
-       andl    %edi,%eax
-       orl     %eax,%ebp
        movl    %ecx,%eax
        roll    $5,%eax
-       addl    %ebp,%ebx
+       movl    %ebx,56(%esp)
+       leal    2400959708(%ebx,%ebp,1),%ebx
+       movl    %edi,%ebp
        addl    %eax,%ebx
-
+       andl    %esi,%ebp
        movl    60(%esp),%eax
-       movl    4(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    28(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    48(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    %ecx,%ebp
+       addl    %ebp,%ebx
+
+       movl    %edx,%ebp
+       xorl    4(%esp),%eax
+       xorl    %edi,%ebp
+       xorl    28(%esp),%eax
+       andl    %ecx,%ebp
+       xorl    48(%esp),%eax
        roll    $1,%eax
-       orl     %edx,%ebp
-       movl    %eax,60(%esp)
-       andl    %edi,%ebp
-       leal    2400959708(%eax,%esi,1),%eax
-       movl    %ecx,%esi
+       addl    %esi,%ebp
        rorl    $2,%ecx
-       andl    %edx,%esi
-       orl     %esi,%ebp
        movl    %ebx,%esi
        roll    $5,%esi
-       addl    %ebp,%eax
+       movl    %eax,60(%esp)
+       leal    2400959708(%eax,%ebp,1),%eax
+       movl    %edx,%ebp
        addl    %esi,%eax
-
+       andl    %edi,%ebp
        movl    (%esp),%esi
-       movl    8(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    32(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    52(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    %ebx,%ebp
+       addl    %ebp,%eax
+
+       movl    %ecx,%ebp
+       xorl    8(%esp),%esi
+       xorl    %edx,%ebp
+       xorl    32(%esp),%esi
+       andl    %ebx,%ebp
+       xorl    52(%esp),%esi
        roll    $1,%esi
-       orl     %ecx,%ebp
-       movl    %esi,(%esp)
-       andl    %edx,%ebp
-       leal    2400959708(%esi,%edi,1),%esi
-       movl    %ebx,%edi
+       addl    %edi,%ebp
        rorl    $2,%ebx
-       andl    %ecx,%edi
-       orl     %edi,%ebp
        movl    %eax,%edi
        roll    $5,%edi
-       addl    %ebp,%esi
+       movl    %esi,(%esp)
+       leal    2400959708(%esi,%ebp,1),%esi
+       movl    %ecx,%ebp
        addl    %edi,%esi
-
+       andl    %edx,%ebp
        movl    4(%esp),%edi
-       movl    12(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    36(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    56(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    %eax,%ebp
+       addl    %ebp,%esi
+
+       movl    %ebx,%ebp
+       xorl    12(%esp),%edi
+       xorl    %ecx,%ebp
+       xorl    36(%esp),%edi
+       andl    %eax,%ebp
+       xorl    56(%esp),%edi
        roll    $1,%edi
-       orl     %ebx,%ebp
-       movl    %edi,4(%esp)
-       andl    %ecx,%ebp
-       leal    2400959708(%edi,%edx,1),%edi
-       movl    %eax,%edx
+       addl    %edx,%ebp
        rorl    $2,%eax
-       andl    %ebx,%edx
-       orl     %edx,%ebp
        movl    %esi,%edx
        roll    $5,%edx
-       addl    %ebp,%edi
+       movl    %edi,4(%esp)
+       leal    2400959708(%edi,%ebp,1),%edi
+       movl    %ebx,%ebp
        addl    %edx,%edi
-
+       andl    %ecx,%ebp
        movl    8(%esp),%edx
-       movl    16(%esp),%ebp
-       xorl    %ebp,%edx
-       movl    40(%esp),%ebp
-       xorl    %ebp,%edx
-       movl    60(%esp),%ebp
-       xorl    %ebp,%edx
-       movl    %esi,%ebp
+       addl    %ebp,%edi
+
+       movl    %eax,%ebp
+       xorl    16(%esp),%edx
+       xorl    %ebx,%ebp
+       xorl    40(%esp),%edx
+       andl    %esi,%ebp
+       xorl    60(%esp),%edx
        roll    $1,%edx
-       orl     %eax,%ebp
-       movl    %edx,8(%esp)
-       andl    %ebx,%ebp
-       leal    2400959708(%edx,%ecx,1),%edx
-       movl    %esi,%ecx
+       addl    %ecx,%ebp
        rorl    $2,%esi
-       andl    %eax,%ecx
-       orl     %ecx,%ebp
        movl    %edi,%ecx
        roll    $5,%ecx
-       addl    %ebp,%edx
+       movl    %edx,8(%esp)
+       leal    2400959708(%edx,%ebp,1),%edx
+       movl    %eax,%ebp
        addl    %ecx,%edx
-
+       andl    %ebx,%ebp
        movl    12(%esp),%ecx
-       movl    20(%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    44(%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    (%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    %edi,%ebp
+       addl    %ebp,%edx
+
+       movl    %esi,%ebp
+       xorl    20(%esp),%ecx
+       xorl    %eax,%ebp
+       xorl    44(%esp),%ecx
+       andl    %edi,%ebp
+       xorl    (%esp),%ecx
        roll    $1,%ecx
-       orl     %esi,%ebp
-       movl    %ecx,12(%esp)
-       andl    %eax,%ebp
-       leal    2400959708(%ecx,%ebx,1),%ecx
-       movl    %edi,%ebx
+       addl    %ebx,%ebp
        rorl    $2,%edi
-       andl    %esi,%ebx
-       orl     %ebx,%ebp
        movl    %edx,%ebx
        roll    $5,%ebx
-       addl    %ebp,%ecx
+       movl    %ecx,12(%esp)
+       leal    2400959708(%ecx,%ebp,1),%ecx
+       movl    %esi,%ebp
        addl    %ebx,%ecx
-
+       andl    %eax,%ebp
        movl    16(%esp),%ebx
-       movl    24(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    48(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    4(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    %edx,%ebp
+       addl    %ebp,%ecx
+
+       movl    %edi,%ebp
+       xorl    24(%esp),%ebx
+       xorl    %esi,%ebp
+       xorl    48(%esp),%ebx
+       andl    %edx,%ebp
+       xorl    4(%esp),%ebx
        roll    $1,%ebx
-       orl     %edi,%ebp
-       movl    %ebx,16(%esp)
-       andl    %esi,%ebp
-       leal    2400959708(%ebx,%eax,1),%ebx
-       movl    %edx,%eax
+       addl    %eax,%ebp
        rorl    $2,%edx
-       andl    %edi,%eax
-       orl     %eax,%ebp
        movl    %ecx,%eax
        roll    $5,%eax
-       addl    %ebp,%ebx
+       movl    %ebx,16(%esp)
+       leal    2400959708(%ebx,%ebp,1),%ebx
+       movl    %edi,%ebp
        addl    %eax,%ebx
-
+       andl    %esi,%ebp
        movl    20(%esp),%eax
-       movl    28(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    52(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    8(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    %ecx,%ebp
+       addl    %ebp,%ebx
+
+       movl    %edx,%ebp
+       xorl    28(%esp),%eax
+       xorl    %edi,%ebp
+       xorl    52(%esp),%eax
+       andl    %ecx,%ebp
+       xorl    8(%esp),%eax
        roll    $1,%eax
-       orl     %edx,%ebp
-       movl    %eax,20(%esp)
-       andl    %edi,%ebp
-       leal    2400959708(%eax,%esi,1),%eax
-       movl    %ecx,%esi
+       addl    %esi,%ebp
        rorl    $2,%ecx
-       andl    %edx,%esi
-       orl     %esi,%ebp
        movl    %ebx,%esi
        roll    $5,%esi
-       addl    %ebp,%eax
+       movl    %eax,20(%esp)
+       leal    2400959708(%eax,%ebp,1),%eax
+       movl    %edx,%ebp
        addl    %esi,%eax
-
+       andl    %edi,%ebp
        movl    24(%esp),%esi
-       movl    32(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    56(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    12(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    %ebx,%ebp
+       addl    %ebp,%eax
+
+       movl    %ecx,%ebp
+       xorl    32(%esp),%esi
+       xorl    %edx,%ebp
+       xorl    56(%esp),%esi
+       andl    %ebx,%ebp
+       xorl    12(%esp),%esi
        roll    $1,%esi
-       orl     %ecx,%ebp
-       movl    %esi,24(%esp)
-       andl    %edx,%ebp
-       leal    2400959708(%esi,%edi,1),%esi
-       movl    %ebx,%edi
+       addl    %edi,%ebp
        rorl    $2,%ebx
-       andl    %ecx,%edi
-       orl     %edi,%ebp
        movl    %eax,%edi
        roll    $5,%edi
-       addl    %ebp,%esi
+       movl    %esi,24(%esp)
+       leal    2400959708(%esi,%ebp,1),%esi
+       movl    %ecx,%ebp
        addl    %edi,%esi
-
+       andl    %edx,%ebp
        movl    28(%esp),%edi
-       movl    36(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    60(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    16(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    %eax,%ebp
+       addl    %ebp,%esi
+
+       movl    %ebx,%ebp
+       xorl    36(%esp),%edi
+       xorl    %ecx,%ebp
+       xorl    60(%esp),%edi
+       andl    %eax,%ebp
+       xorl    16(%esp),%edi
        roll    $1,%edi
-       orl     %ebx,%ebp
-       movl    %edi,28(%esp)
-       andl    %ecx,%ebp
-       leal    2400959708(%edi,%edx,1),%edi
-       movl    %eax,%edx
+       addl    %edx,%ebp
        rorl    $2,%eax
-       andl    %ebx,%edx
-       orl     %edx,%ebp
        movl    %esi,%edx
        roll    $5,%edx
-       addl    %ebp,%edi
+       movl    %edi,28(%esp)
+       leal    2400959708(%edi,%ebp,1),%edi
+       movl    %ebx,%ebp
        addl    %edx,%edi
-
+       andl    %ecx,%ebp
        movl    32(%esp),%edx
-       movl    40(%esp),%ebp
-       xorl    %ebp,%edx
-       movl    (%esp),%ebp
-       xorl    %ebp,%edx
-       movl    20(%esp),%ebp
-       xorl    %ebp,%edx
-       movl    %esi,%ebp
+       addl    %ebp,%edi
+
+       movl    %eax,%ebp
+       xorl    40(%esp),%edx
+       xorl    %ebx,%ebp
+       xorl    (%esp),%edx
+       andl    %esi,%ebp
+       xorl    20(%esp),%edx
        roll    $1,%edx
-       orl     %eax,%ebp
-       movl    %edx,32(%esp)
-       andl    %ebx,%ebp
-       leal    2400959708(%edx,%ecx,1),%edx
-       movl    %esi,%ecx
+       addl    %ecx,%ebp
        rorl    $2,%esi
-       andl    %eax,%ecx
-       orl     %ecx,%ebp
        movl    %edi,%ecx
        roll    $5,%ecx
-       addl    %ebp,%edx
+       movl    %edx,32(%esp)
+       leal    2400959708(%edx,%ebp,1),%edx
+       movl    %eax,%ebp
        addl    %ecx,%edx
-
+       andl    %ebx,%ebp
        movl    36(%esp),%ecx
-       movl    44(%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    4(%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    24(%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    %edi,%ebp
+       addl    %ebp,%edx
+
+       movl    %esi,%ebp
+       xorl    44(%esp),%ecx
+       xorl    %eax,%ebp
+       xorl    4(%esp),%ecx
+       andl    %edi,%ebp
+       xorl    24(%esp),%ecx
        roll    $1,%ecx
-       orl     %esi,%ebp
-       movl    %ecx,36(%esp)
-       andl    %eax,%ebp
-       leal    2400959708(%ecx,%ebx,1),%ecx
-       movl    %edi,%ebx
+       addl    %ebx,%ebp
        rorl    $2,%edi
-       andl    %esi,%ebx
-       orl     %ebx,%ebp
        movl    %edx,%ebx
        roll    $5,%ebx
-       addl    %ebp,%ecx
+       movl    %ecx,36(%esp)
+       leal    2400959708(%ecx,%ebp,1),%ecx
+       movl    %esi,%ebp
        addl    %ebx,%ecx
-
+       andl    %eax,%ebp
        movl    40(%esp),%ebx
-       movl    48(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    8(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    28(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    %edx,%ebp
+       addl    %ebp,%ecx
+
+       movl    %edi,%ebp
+       xorl    48(%esp),%ebx
+       xorl    %esi,%ebp
+       xorl    8(%esp),%ebx
+       andl    %edx,%ebp
+       xorl    28(%esp),%ebx
        roll    $1,%ebx
-       orl     %edi,%ebp
-       movl    %ebx,40(%esp)
-       andl    %esi,%ebp
-       leal    2400959708(%ebx,%eax,1),%ebx
-       movl    %edx,%eax
+       addl    %eax,%ebp
        rorl    $2,%edx
-       andl    %edi,%eax
-       orl     %eax,%ebp
        movl    %ecx,%eax
        roll    $5,%eax
-       addl    %ebp,%ebx
+       movl    %ebx,40(%esp)
+       leal    2400959708(%ebx,%ebp,1),%ebx
+       movl    %edi,%ebp
        addl    %eax,%ebx
-
+       andl    %esi,%ebp
        movl    44(%esp),%eax
-       movl    52(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    12(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    32(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    %ecx,%ebp
+       addl    %ebp,%ebx
+
+       movl    %edx,%ebp
+       xorl    52(%esp),%eax
+       xorl    %edi,%ebp
+       xorl    12(%esp),%eax
+       andl    %ecx,%ebp
+       xorl    32(%esp),%eax
        roll    $1,%eax
-       orl     %edx,%ebp
-       movl    %eax,44(%esp)
-       andl    %edi,%ebp
-       leal    2400959708(%eax,%esi,1),%eax
-       movl    %ecx,%esi
+       addl    %esi,%ebp
        rorl    $2,%ecx
-       andl    %edx,%esi
-       orl     %esi,%ebp
        movl    %ebx,%esi
        roll    $5,%esi
-       addl    %ebp,%eax
+       movl    %eax,44(%esp)
+       leal    2400959708(%eax,%ebp,1),%eax
+       movl    %edx,%ebp
        addl    %esi,%eax
+       andl    %edi,%ebp
+       movl    48(%esp),%esi
+       addl    %ebp,%eax
 
        movl    %ebx,%ebp
-       movl    48(%esp),%esi
-       rorl    $2,%ebx
        xorl    56(%esp),%esi
        xorl    %ecx,%ebp
        xorl    16(%esp),%esi
        xorl    %edx,%ebp
        xorl    36(%esp),%esi
        roll    $1,%esi
-       addl    %edi,%ebp
+       addl    %ebp,%edi
+       rorl    $2,%ebx
+       movl    %eax,%ebp
+       roll    $5,%ebp
        movl    %esi,48(%esp)
-       movl    %eax,%edi
-       roll    $5,%edi
-       leal    3395469782(%esi,%ebp,1),%esi
-       addl    %edi,%esi
+       leal    3395469782(%esi,%edi,1),%esi
+       movl    52(%esp),%edi
+       addl    %ebp,%esi
 
        movl    %eax,%ebp
-       movl    52(%esp),%edi
-       rorl    $2,%eax
        xorl    60(%esp),%edi
        xorl    %ebx,%ebp
        xorl    20(%esp),%edi
        xorl    %ecx,%ebp
        xorl    40(%esp),%edi
        roll    $1,%edi
-       addl    %edx,%ebp
+       addl    %ebp,%edx
+       rorl    $2,%eax
+       movl    %esi,%ebp
+       roll    $5,%ebp
        movl    %edi,52(%esp)
-       movl    %esi,%edx
-       roll    $5,%edx
-       leal    3395469782(%edi,%ebp,1),%edi
-       addl    %edx,%edi
+       leal    3395469782(%edi,%edx,1),%edi
+       movl    56(%esp),%edx
+       addl    %ebp,%edi
 
        movl    %esi,%ebp
-       movl    56(%esp),%edx
-       rorl    $2,%esi
        xorl    (%esp),%edx
        xorl    %eax,%ebp
        xorl    24(%esp),%edx
        xorl    %ebx,%ebp
        xorl    44(%esp),%edx
        roll    $1,%edx
-       addl    %ecx,%ebp
+       addl    %ebp,%ecx
+       rorl    $2,%esi
+       movl    %edi,%ebp
+       roll    $5,%ebp
        movl    %edx,56(%esp)
-       movl    %edi,%ecx
-       roll    $5,%ecx
-       leal    3395469782(%edx,%ebp,1),%edx
-       addl    %ecx,%edx
+       leal    3395469782(%edx,%ecx,1),%edx
+       movl    60(%esp),%ecx
+       addl    %ebp,%edx
 
        movl    %edi,%ebp
-       movl    60(%esp),%ecx
-       rorl    $2,%edi
        xorl    4(%esp),%ecx
        xorl    %esi,%ebp
        xorl    28(%esp),%ecx
        xorl    %eax,%ebp
        xorl    48(%esp),%ecx
        roll    $1,%ecx
-       addl    %ebx,%ebp
+       addl    %ebp,%ebx
+       rorl    $2,%edi
+       movl    %edx,%ebp
+       roll    $5,%ebp
        movl    %ecx,60(%esp)
-       movl    %edx,%ebx
-       roll    $5,%ebx
-       leal    3395469782(%ecx,%ebp,1),%ecx
-       addl    %ebx,%ecx
+       leal    3395469782(%ecx,%ebx,1),%ecx
+       movl    (%esp),%ebx
+       addl    %ebp,%ecx
 
        movl    %edx,%ebp
-       movl    (%esp),%ebx
-       rorl    $2,%edx
        xorl    8(%esp),%ebx
        xorl    %edi,%ebp
        xorl    32(%esp),%ebx
        xorl    %esi,%ebp
        xorl    52(%esp),%ebx
        roll    $1,%ebx
-       addl    %eax,%ebp
+       addl    %ebp,%eax
+       rorl    $2,%edx
+       movl    %ecx,%ebp
+       roll    $5,%ebp
        movl    %ebx,(%esp)
-       movl    %ecx,%eax
-       roll    $5,%eax
-       leal    3395469782(%ebx,%ebp,1),%ebx
-       addl    %eax,%ebx
+       leal    3395469782(%ebx,%eax,1),%ebx
+       movl    4(%esp),%eax
+       addl    %ebp,%ebx
 
        movl    %ecx,%ebp
-       movl    4(%esp),%eax
-       rorl    $2,%ecx
        xorl    12(%esp),%eax
        xorl    %edx,%ebp
        xorl    36(%esp),%eax
        xorl    %edi,%ebp
        xorl    56(%esp),%eax
        roll    $1,%eax
-       addl    %esi,%ebp
+       addl    %ebp,%esi
+       rorl    $2,%ecx
+       movl    %ebx,%ebp
+       roll    $5,%ebp
        movl    %eax,4(%esp)
-       movl    %ebx,%esi
-       roll    $5,%esi
-       leal    3395469782(%eax,%ebp,1),%eax
-       addl    %esi,%eax
+       leal    3395469782(%eax,%esi,1),%eax
+       movl    8(%esp),%esi
+       addl    %ebp,%eax
 
        movl    %ebx,%ebp
-       movl    8(%esp),%esi
-       rorl    $2,%ebx
        xorl    16(%esp),%esi
        xorl    %ecx,%ebp
        xorl    40(%esp),%esi
        xorl    %edx,%ebp
        xorl    60(%esp),%esi
        roll    $1,%esi
-       addl    %edi,%ebp
+       addl    %ebp,%edi
+       rorl    $2,%ebx
+       movl    %eax,%ebp
+       roll    $5,%ebp
        movl    %esi,8(%esp)
-       movl    %eax,%edi
-       roll    $5,%edi
-       leal    3395469782(%esi,%ebp,1),%esi
-       addl    %edi,%esi
+       leal    3395469782(%esi,%edi,1),%esi
+       movl    12(%esp),%edi
+       addl    %ebp,%esi
 
        movl    %eax,%ebp
-       movl    12(%esp),%edi
-       rorl    $2,%eax
        xorl    20(%esp),%edi
        xorl    %ebx,%ebp
        xorl    44(%esp),%edi
        xorl    %ecx,%ebp
        xorl    (%esp),%edi
        roll    $1,%edi
-       addl    %edx,%ebp
+       addl    %ebp,%edx
+       rorl    $2,%eax
+       movl    %esi,%ebp
+       roll    $5,%ebp
        movl    %edi,12(%esp)
-       movl    %esi,%edx
-       roll    $5,%edx
-       leal    3395469782(%edi,%ebp,1),%edi
-       addl    %edx,%edi
+       leal    3395469782(%edi,%edx,1),%edi
+       movl    16(%esp),%edx
+       addl    %ebp,%edi
 
        movl    %esi,%ebp
-       movl    16(%esp),%edx
-       rorl    $2,%esi
        xorl    24(%esp),%edx
        xorl    %eax,%ebp
        xorl    48(%esp),%edx
        xorl    %ebx,%ebp
        xorl    4(%esp),%edx
        roll    $1,%edx
-       addl    %ecx,%ebp
+       addl    %ebp,%ecx
+       rorl    $2,%esi
+       movl    %edi,%ebp
+       roll    $5,%ebp
        movl    %edx,16(%esp)
-       movl    %edi,%ecx
-       roll    $5,%ecx
-       leal    3395469782(%edx,%ebp,1),%edx
-       addl    %ecx,%edx
+       leal    3395469782(%edx,%ecx,1),%edx
+       movl    20(%esp),%ecx
+       addl    %ebp,%edx
 
        movl    %edi,%ebp
-       movl    20(%esp),%ecx
-       rorl    $2,%edi
        xorl    28(%esp),%ecx
        xorl    %esi,%ebp
        xorl    52(%esp),%ecx
        xorl    %eax,%ebp
        xorl    8(%esp),%ecx
        roll    $1,%ecx
-       addl    %ebx,%ebp
+       addl    %ebp,%ebx
+       rorl    $2,%edi
+       movl    %edx,%ebp
+       roll    $5,%ebp
        movl    %ecx,20(%esp)
-       movl    %edx,%ebx
-       roll    $5,%ebx
-       leal    3395469782(%ecx,%ebp,1),%ecx
-       addl    %ebx,%ecx
+       leal    3395469782(%ecx,%ebx,1),%ecx
+       movl    24(%esp),%ebx
+       addl    %ebp,%ecx
 
        movl    %edx,%ebp
-       movl    24(%esp),%ebx
-       rorl    $2,%edx
        xorl    32(%esp),%ebx
        xorl    %edi,%ebp
        xorl    56(%esp),%ebx
        xorl    %esi,%ebp
        xorl    12(%esp),%ebx
        roll    $1,%ebx
-       addl    %eax,%ebp
+       addl    %ebp,%eax
+       rorl    $2,%edx
+       movl    %ecx,%ebp
+       roll    $5,%ebp
        movl    %ebx,24(%esp)
-       movl    %ecx,%eax
-       roll    $5,%eax
-       leal    3395469782(%ebx,%ebp,1),%ebx
-       addl    %eax,%ebx
+       leal    3395469782(%ebx,%eax,1),%ebx
+       movl    28(%esp),%eax
+       addl    %ebp,%ebx
 
        movl    %ecx,%ebp
-       movl    28(%esp),%eax
-       rorl    $2,%ecx
        xorl    36(%esp),%eax
        xorl    %edx,%ebp
        xorl    60(%esp),%eax
        xorl    %edi,%ebp
        xorl    16(%esp),%eax
        roll    $1,%eax
-       addl    %esi,%ebp
+       addl    %ebp,%esi
+       rorl    $2,%ecx
+       movl    %ebx,%ebp
+       roll    $5,%ebp
        movl    %eax,28(%esp)
-       movl    %ebx,%esi
-       roll    $5,%esi
-       leal    3395469782(%eax,%ebp,1),%eax
-       addl    %esi,%eax
+       leal    3395469782(%eax,%esi,1),%eax
+       movl    32(%esp),%esi
+       addl    %ebp,%eax
 
        movl    %ebx,%ebp
-       movl    32(%esp),%esi
-       rorl    $2,%ebx
        xorl    40(%esp),%esi
        xorl    %ecx,%ebp
        xorl    (%esp),%esi
        xorl    %edx,%ebp
        xorl    20(%esp),%esi
        roll    $1,%esi
-       addl    %edi,%ebp
+       addl    %ebp,%edi
+       rorl    $2,%ebx
+       movl    %eax,%ebp
+       roll    $5,%ebp
        movl    %esi,32(%esp)
-       movl    %eax,%edi
-       roll    $5,%edi
-       leal    3395469782(%esi,%ebp,1),%esi
-       addl    %edi,%esi
+       leal    3395469782(%esi,%edi,1),%esi
+       movl    36(%esp),%edi
+       addl    %ebp,%esi
 
        movl    %eax,%ebp
-       movl    36(%esp),%edi
-       rorl    $2,%eax
        xorl    44(%esp),%edi
        xorl    %ebx,%ebp
        xorl    4(%esp),%edi
        xorl    %ecx,%ebp
        xorl    24(%esp),%edi
        roll    $1,%edi
-       addl    %edx,%ebp
+       addl    %ebp,%edx
+       rorl    $2,%eax
+       movl    %esi,%ebp
+       roll    $5,%ebp
        movl    %edi,36(%esp)
-       movl    %esi,%edx
-       roll    $5,%edx
-       leal    3395469782(%edi,%ebp,1),%edi
-       addl    %edx,%edi
+       leal    3395469782(%edi,%edx,1),%edi
+       movl    40(%esp),%edx
+       addl    %ebp,%edi
 
        movl    %esi,%ebp
-       movl    40(%esp),%edx
-       rorl    $2,%esi
        xorl    48(%esp),%edx
        xorl    %eax,%ebp
        xorl    8(%esp),%edx
        xorl    %ebx,%ebp
        xorl    28(%esp),%edx
        roll    $1,%edx
-       addl    %ecx,%ebp
+       addl    %ebp,%ecx
+       rorl    $2,%esi
+       movl    %edi,%ebp
+       roll    $5,%ebp
        movl    %edx,40(%esp)
-       movl    %edi,%ecx
-       roll    $5,%ecx
-       leal    3395469782(%edx,%ebp,1),%edx
-       addl    %ecx,%edx
+       leal    3395469782(%edx,%ecx,1),%edx
+       movl    44(%esp),%ecx
+       addl    %ebp,%edx
 
        movl    %edi,%ebp
-       movl    44(%esp),%ecx
-       rorl    $2,%edi
        xorl    52(%esp),%ecx
        xorl    %esi,%ebp
        xorl    12(%esp),%ecx
        xorl    %eax,%ebp
        xorl    32(%esp),%ecx
        roll    $1,%ecx
-       addl    %ebx,%ebp
+       addl    %ebp,%ebx
+       rorl    $2,%edi
+       movl    %edx,%ebp
+       roll    $5,%ebp
        movl    %ecx,44(%esp)
-       movl    %edx,%ebx
-       roll    $5,%ebx
-       leal    3395469782(%ecx,%ebp,1),%ecx
-       addl    %ebx,%ecx
+       leal    3395469782(%ecx,%ebx,1),%ecx
+       movl    48(%esp),%ebx
+       addl    %ebp,%ecx
 
        movl    %edx,%ebp
-       movl    48(%esp),%ebx
-       rorl    $2,%edx
        xorl    56(%esp),%ebx
        xorl    %edi,%ebp
        xorl    16(%esp),%ebx
        xorl    %esi,%ebp
        xorl    36(%esp),%ebx
        roll    $1,%ebx
-       addl    %eax,%ebp
+       addl    %ebp,%eax
+       rorl    $2,%edx
+       movl    %ecx,%ebp
+       roll    $5,%ebp
        movl    %ebx,48(%esp)
-       movl    %ecx,%eax
-       roll    $5,%eax
-       leal    3395469782(%ebx,%ebp,1),%ebx
-       addl    %eax,%ebx
+       leal    3395469782(%ebx,%eax,1),%ebx
+       movl    52(%esp),%eax
+       addl    %ebp,%ebx
 
        movl    %ecx,%ebp
-       movl    52(%esp),%eax
-       rorl    $2,%ecx
        xorl    60(%esp),%eax
        xorl    %edx,%ebp
        xorl    20(%esp),%eax
        xorl    %edi,%ebp
        xorl    40(%esp),%eax
        roll    $1,%eax
-       addl    %esi,%ebp
-       movl    %eax,52(%esp)
-       movl    %ebx,%esi
-       roll    $5,%esi
-       leal    3395469782(%eax,%ebp,1),%eax
-       addl    %esi,%eax
-
+       addl    %ebp,%esi
+       rorl    $2,%ecx
        movl    %ebx,%ebp
+       roll    $5,%ebp
+       leal    3395469782(%eax,%esi,1),%eax
        movl    56(%esp),%esi
-       rorl    $2,%ebx
+       addl    %ebp,%eax
+
+       movl    %ebx,%ebp
        xorl    (%esp),%esi
        xorl    %ecx,%ebp
        xorl    24(%esp),%esi
        xorl    %edx,%ebp
        xorl    44(%esp),%esi
        roll    $1,%esi
-       addl    %edi,%ebp
-       movl    %esi,56(%esp)
-       movl    %eax,%edi
-       roll    $5,%edi
-       leal    3395469782(%esi,%ebp,1),%esi
-       addl    %edi,%esi
-
+       addl    %ebp,%edi
+       rorl    $2,%ebx
        movl    %eax,%ebp
+       roll    $5,%ebp
+       leal    3395469782(%esi,%edi,1),%esi
        movl    60(%esp),%edi
-       rorl    $2,%eax
+       addl    %ebp,%esi
+
+       movl    %eax,%ebp
        xorl    4(%esp),%edi
        xorl    %ebx,%ebp
        xorl    28(%esp),%edi
        xorl    %ecx,%ebp
        xorl    48(%esp),%edi
        roll    $1,%edi
-       addl    %edx,%ebp
-       movl    %edi,60(%esp)
-       movl    %esi,%edx
-       roll    $5,%edx
-       leal    3395469782(%edi,%ebp,1),%edi
-       addl    %edx,%edi
-       movl    84(%esp),%ebp
-       movl    88(%esp),%edx
+       addl    %ebp,%edx
+       rorl    $2,%eax
+       movl    %esi,%ebp
+       roll    $5,%ebp
+       leal    3395469782(%edi,%edx,1),%edi
+       addl    %ebp,%edi
+       movl    96(%esp),%ebp
+       movl    100(%esp),%edx
        addl    (%ebp),%edi
        addl    4(%ebp),%esi
        addl    8(%ebp),%eax
@@ -1422,14 +1360,14 @@ sha1_block_data_order:
        movl    %edi,(%ebp)
        addl    $64,%edx
        movl    %esi,4(%ebp)
-       cmpl    92(%esp),%edx
+       cmpl    104(%esp),%edx
        movl    %eax,8(%ebp)
        movl    %ecx,%edi
        movl    %ebx,12(%ebp)
        movl    %edx,%esi
        movl    %ecx,16(%ebp)
        jb      .L000loop
-       addl    $64,%esp
+       addl    $76,%esp
        popl    %edi
        popl    %esi
        popl    %ebx

diff --git a/deps/openssl/asm/x86-elf-gas/sha/sha256-586.s b/deps/openssl/asm/x86-elf-gas/sha/sha256-586.s
index 973e50d..77a8951 100644 (file)
--- a/deps/openssl/asm/x86-elf-gas/sha/sha256-586.s
+++ b/deps/openssl/asm/x86-elf-gas/sha/sha256-586.s
@@ -96,31 +96,30 @@ sha256_block_data_order:
 .L00300_15:
        movl    92(%esp),%ebx
        movl    %edx,%ecx
-       rorl    $6,%ecx
-       movl    %edx,%edi
-       rorl    $11,%edi
+       rorl    $14,%ecx
        movl    20(%esp),%esi
-       xorl    %edi,%ecx
-       rorl    $14,%edi
-       xorl    %edi,%ecx
+       xorl    %edx,%ecx
+       rorl    $5,%ecx
+       xorl    %edx,%ecx
+       rorl    $6,%ecx
        movl    24(%esp),%edi
        addl    %ecx,%ebx
-       movl    %edx,16(%esp)
        xorl    %edi,%esi
+       movl    %edx,16(%esp)
        movl    %eax,%ecx
        andl    %edx,%esi
        movl    12(%esp),%edx
        xorl    %edi,%esi
        movl    %eax,%edi
        addl    %esi,%ebx
-       rorl    $2,%ecx
+       rorl    $9,%ecx
        addl    28(%esp),%ebx
-       rorl    $13,%edi
+       xorl    %eax,%ecx
+       rorl    $11,%ecx
        movl    4(%esp),%esi
-       xorl    %edi,%ecx
-       rorl    $9,%edi
+       xorl    %eax,%ecx
+       rorl    $2,%ecx
        addl    %ebx,%edx
-       xorl    %edi,%ecx
        movl    8(%esp),%edi
        addl    %ecx,%ebx
        movl    %eax,(%esp)
@@ -142,48 +141,46 @@ sha256_block_data_order:
 .L00416_63:
        movl    %ebx,%esi
        movl    100(%esp),%ecx
-       shrl    $3,%ebx
-       rorl    $7,%esi
-       xorl    %esi,%ebx
        rorl    $11,%esi
        movl    %ecx,%edi
+       xorl    %ebx,%esi
+       rorl    $7,%esi
+       shrl    $3,%ebx
+       rorl    $2,%edi
        xorl    %esi,%ebx
-       shrl    $10,%ecx
-       movl    156(%esp),%esi
+       xorl    %ecx,%edi
        rorl    $17,%edi
-       xorl    %edi,%ecx
-       rorl    $2,%edi
-       addl    %esi,%ebx
+       shrl    $10,%ecx
+       addl    156(%esp),%ebx
        xorl    %ecx,%edi
-       addl    %edi,%ebx
-       movl    %edx,%ecx
        addl    120(%esp),%ebx
-       rorl    $6,%ecx
-       movl    %edx,%edi
-       rorl    $11,%edi
+       movl    %edx,%ecx
+       addl    %edi,%ebx
+       rorl    $14,%ecx
        movl    20(%esp),%esi
-       xorl    %edi,%ecx
-       rorl    $14,%edi
+       xorl    %edx,%ecx
+       rorl    $5,%ecx
        movl    %ebx,92(%esp)
-       xorl    %edi,%ecx
+       xorl    %edx,%ecx
+       rorl    $6,%ecx
        movl    24(%esp),%edi
        addl    %ecx,%ebx
-       movl    %edx,16(%esp)
        xorl    %edi,%esi
+       movl    %edx,16(%esp)
        movl    %eax,%ecx
        andl    %edx,%esi
        movl    12(%esp),%edx
        xorl    %edi,%esi
        movl    %eax,%edi
        addl    %esi,%ebx
-       rorl    $2,%ecx
+       rorl    $9,%ecx
        addl    28(%esp),%ebx
-       rorl    $13,%edi
+       xorl    %eax,%ecx
+       rorl    $11,%ecx
        movl    4(%esp),%esi
-       xorl    %edi,%ecx
-       rorl    $9,%edi
+       xorl    %eax,%ecx
+       rorl    $2,%ecx
        addl    %ebx,%edx
-       xorl    %edi,%ecx
        movl    8(%esp),%edi
        addl    %ecx,%ebx
        movl    %eax,(%esp)

diff --git a/deps/openssl/asm/x86-elf-gas/x86cpuid.s b/deps/openssl/asm/x86-elf-gas/x86cpuid.s
index 56a92bf..f9cd038 100644 (file)
--- a/deps/openssl/asm/x86-elf-gas/x86cpuid.s
+++ b/deps/openssl/asm/x86-elf-gas/x86cpuid.s
@@ -19,9 +19,9 @@ OPENSSL_ia32_cpuid:
        pushfl
        popl    %eax
        xorl    %eax,%ecx
-       btl     $21,%ecx
-       jnc     .L000done
        xorl    %eax,%eax
+       btl     $21,%ecx
+       jnc     .L000nocpuid
        .byte   0x0f,0xa2
        movl    %eax,%edi
        xorl    %eax,%eax
@@ -47,7 +47,14 @@ OPENSSL_ia32_cpuid:
        jnz     .L001intel
        movl    $2147483648,%eax
        .byte   0x0f,0xa2
-       cmpl    $2147483656,%eax
+       cmpl    $2147483649,%eax
+       jb      .L001intel
+       movl    %eax,%esi
+       movl    $2147483649,%eax
+       .byte   0x0f,0xa2
+       orl     %ecx,%ebp
+       andl    $2049,%ebp
+       cmpl    $2147483656,%esi
        jb      .L001intel
        movl    $2147483656,%eax
        .byte   0x0f,0xa2
@@ -56,46 +63,68 @@ OPENSSL_ia32_cpuid:
        movl    $1,%eax
        .byte   0x0f,0xa2
        btl     $28,%edx
-       jnc     .L000done
+       jnc     .L002generic
        shrl    $16,%ebx
        andl    $255,%ebx
        cmpl    %esi,%ebx
-       ja      .L000done
+       ja      .L002generic
        andl    $4026531839,%edx
-       jmp     .L000done
+       jmp     .L002generic
 .L001intel:
        cmpl    $4,%edi
        movl    $-1,%edi
-       jb      .L002nocacheinfo
+       jb      .L003nocacheinfo
        movl    $4,%eax
        movl    $0,%ecx
        .byte   0x0f,0xa2
        movl    %eax,%edi
        shrl    $14,%edi
        andl    $4095,%edi
-.L002nocacheinfo:
+.L003nocacheinfo:
        movl    $1,%eax
        .byte   0x0f,0xa2
+       andl    $3220176895,%edx
        cmpl    $0,%ebp
-       jne     .L003notP4
+       jne     .L004notintel
+       orl     $1073741824,%edx
        andb    $15,%ah
        cmpb    $15,%ah
-       jne     .L003notP4
+       jne     .L004notintel
        orl     $1048576,%edx
-.L003notP4:
+.L004notintel:
        btl     $28,%edx
-       jnc     .L000done
+       jnc     .L002generic
        andl    $4026531839,%edx
        cmpl    $0,%edi
-       je      .L000done
+       je      .L002generic
        orl     $268435456,%edx
        shrl    $16,%ebx
        cmpb    $1,%bl
-       ja      .L000done
+       ja      .L002generic
        andl    $4026531839,%edx
-.L000done:
-       movl    %edx,%eax
-       movl    %ecx,%edx
+.L002generic:
+       andl    $2048,%ebp
+       andl    $4294965247,%ecx
+       movl    %edx,%esi
+       orl     %ecx,%ebp
+       btl     $27,%ecx
+       jnc     .L005clear_avx
+       xorl    %ecx,%ecx
+.byte  15,1,208
+       andl    $6,%eax
+       cmpl    $6,%eax
+       je      .L006done
+       cmpl    $2,%eax
+       je      .L005clear_avx
+.L007clear_xmm:
+       andl    $4261412861,%ebp
+       andl    $4278190079,%esi
+.L005clear_avx:
+       andl    $4026525695,%ebp
+.L006done:
+       movl    %esi,%eax
+       movl    %ebp,%edx
+.L000nocpuid:
        popl    %edi
        popl    %esi
        popl    %ebx
@@ -111,9 +140,9 @@ OPENSSL_rdtsc:
        xorl    %edx,%edx
        leal    OPENSSL_ia32cap_P,%ecx
        btl     $4,(%ecx)
-       jnc     .L004notsc
+       jnc     .L008notsc
        .byte   0x0f,0x31
-.L004notsc:
+.L008notsc:
        ret
 .size  OPENSSL_rdtsc,.-.L_OPENSSL_rdtsc_begin
 .globl OPENSSL_instrument_halt
@@ -123,14 +152,14 @@ OPENSSL_instrument_halt:
 .L_OPENSSL_instrument_halt_begin:
        leal    OPENSSL_ia32cap_P,%ecx
        btl     $4,(%ecx)
-       jnc     .L005nohalt
+       jnc     .L009nohalt
 .long  2421723150
        andl    $3,%eax
-       jnz     .L005nohalt
+       jnz     .L009nohalt
        pushfl
        popl    %eax
        btl     $9,%eax
-       jnc     .L005nohalt
+       jnc     .L009nohalt
        .byte   0x0f,0x31
        pushl   %edx
        pushl   %eax
@@ -140,7 +169,7 @@ OPENSSL_instrument_halt:
        sbbl    4(%esp),%edx
        addl    $8,%esp
        ret
-.L005nohalt:
+.L009nohalt:
        xorl    %eax,%eax
        xorl    %edx,%edx
        ret
@@ -153,21 +182,21 @@ OPENSSL_far_spin:
        pushfl
        popl    %eax
        btl     $9,%eax
-       jnc     .L006nospin
+       jnc     .L010nospin
        movl    4(%esp),%eax
        movl    8(%esp),%ecx
 .long  2430111262
        xorl    %eax,%eax
        movl    (%ecx),%edx
-       jmp     .L007spin
+       jmp     .L011spin
 .align 16
-.L007spin:
+.L011spin:
        incl    %eax
        cmpl    (%ecx),%edx
-       je      .L007spin
+       je      .L011spin
 .long  529567888
        ret
-.L006nospin:
+.L010nospin:
        xorl    %eax,%eax
        xorl    %edx,%edx
        ret
@@ -182,9 +211,9 @@ OPENSSL_wipe_cpu:
        leal    OPENSSL_ia32cap_P,%ecx
        movl    (%ecx),%ecx
        btl     $1,(%ecx)
-       jnc     .L008no_x87
+       jnc     .L012no_x87
 .long  4007259865,4007259865,4007259865,4007259865,2430851995
-.L008no_x87:
+.L012no_x87:
        leal    4(%esp),%eax
        ret
 .size  OPENSSL_wipe_cpu,.-.L_OPENSSL_wipe_cpu_begin
@@ -198,11 +227,11 @@ OPENSSL_atomic_add:
        pushl   %ebx
        nop
        movl    (%edx),%eax
-.L009spin:
+.L013spin:
        leal    (%eax,%ecx,1),%ebx
        nop
 .long  447811568
-       jne     .L009spin
+       jne     .L013spin
        movl    %ebx,%eax
        popl    %ebx
        ret
@@ -243,37 +272,49 @@ OPENSSL_cleanse:
        movl    8(%esp),%ecx
        xorl    %eax,%eax
        cmpl    $7,%ecx
-       jae     .L010lot
+       jae     .L014lot
        cmpl    $0,%ecx
-       je      .L011ret
-.L012little:
+       je      .L015ret
+.L016little:
        movb    %al,(%edx)
        subl    $1,%ecx
        leal    1(%edx),%edx
-       jnz     .L012little
-.L011ret:
+       jnz     .L016little
+.L015ret:
        ret
 .align 16
-.L010lot:
+.L014lot:
        testl   $3,%edx
-       jz      .L013aligned
+       jz      .L017aligned
        movb    %al,(%edx)
        leal    -1(%ecx),%ecx
        leal    1(%edx),%edx
-       jmp     .L010lot
-.L013aligned:
+       jmp     .L014lot
+.L017aligned:
        movl    %eax,(%edx)
        leal    -4(%ecx),%ecx
        testl   $-4,%ecx
        leal    4(%edx),%edx
-       jnz     .L013aligned
+       jnz     .L017aligned
        cmpl    $0,%ecx
-       jne     .L012little
+       jne     .L016little
        ret
 .size  OPENSSL_cleanse,.-.L_OPENSSL_cleanse_begin
-.comm  OPENSSL_ia32cap_P,4,4
+.globl OPENSSL_ia32_rdrand
+.type  OPENSSL_ia32_rdrand,@function
+.align 16
+OPENSSL_ia32_rdrand:
+.L_OPENSSL_ia32_rdrand_begin:
+       movl    $8,%ecx
+.L018loop:
+.byte  15,199,240
+       jc      .L019break
+       loop    .L018loop
+.L019break:
+       cmpl    $0,%eax
+       cmovel  %ecx,%eax
+       ret
+.size  OPENSSL_ia32_rdrand,.-.L_OPENSSL_ia32_rdrand_begin
+.comm  OPENSSL_ia32cap_P,8,4
 .section       .init
        call    OPENSSL_cpuid_setup
-       jmp     .Linitalign
-.align 16
-.Linitalign:

diff --git a/deps/openssl/asm/x86-macosx-gas/aes/aes-586.s b/deps/openssl/asm/x86-macosx-gas/aes/aes-586.s
index ff56a4b..a58ea6f 100644 (file)
--- a/deps/openssl/asm/x86-macosx-gas/aes/aes-586.s
+++ b/deps/openssl/asm/x86-macosx-gas/aes/aes-586.s
@@ -975,7 +975,7 @@ L_AES_encrypt_begin:
        call    L004pic_point
 L004pic_point:
        popl    %ebp
-       leal    _OPENSSL_ia32cap_P,%eax
+       movl    L_OPENSSL_ia32cap_P$non_lazy_ptr-L004pic_point(%ebp),%eax
        leal    LAES_Te-L004pic_point(%ebp),%ebp
        leal    764(%esp),%ebx
        subl    %ebp,%ebx
@@ -2153,7 +2153,7 @@ L_AES_decrypt_begin:
        call    L010pic_point
 L010pic_point:
        popl    %ebp
-       leal    _OPENSSL_ia32cap_P,%eax
+       movl    L_OPENSSL_ia32cap_P$non_lazy_ptr-L010pic_point(%ebp),%eax
        leal    LAES_Td-L010pic_point(%ebp),%ebp
        leal    764(%esp),%ebx
        subl    %ebp,%ebx
@@ -2207,7 +2207,7 @@ L_AES_cbc_encrypt_begin:
        call    L013pic_point
 L013pic_point:
        popl    %ebp
-       leal    _OPENSSL_ia32cap_P,%eax
+       movl    L_OPENSSL_ia32cap_P$non_lazy_ptr-L013pic_point(%ebp),%eax
        cmpl    $0,40(%esp)
        leal    LAES_Te-L013pic_point(%ebp),%ebp
        jne     L014picked_te
@@ -2950,16 +2950,16 @@ L045exit:
        popl    %ebx
        popl    %ebp
        ret
-.globl _AES_set_encrypt_key
+.globl _private_AES_set_encrypt_key
 .align 4
-_AES_set_encrypt_key:
-L_AES_set_encrypt_key_begin:
+_private_AES_set_encrypt_key:
+L_private_AES_set_encrypt_key_begin:
        call    __x86_AES_set_encrypt_key
        ret
-.globl _AES_set_decrypt_key
+.globl _private_AES_set_decrypt_key
 .align 4
-_AES_set_decrypt_key:
-L_AES_set_decrypt_key_begin:
+_private_AES_set_decrypt_key:
+L_private_AES_set_decrypt_key_begin:
        call    __x86_AES_set_encrypt_key
        cmpl    $0,%eax
        je      L054proceed
@@ -3191,4 +3191,8 @@ L056permute:
 .byte  65,69,83,32,102,111,114,32,120,56,54,44,32,67,82,89
 .byte  80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114
 .byte  111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
-.comm  _OPENSSL_ia32cap_P,4
+.section __IMPORT,__pointers,non_lazy_symbol_pointers
+L_OPENSSL_ia32cap_P$non_lazy_ptr:
+.indirect_symbol       _OPENSSL_ia32cap_P
+.long  0
+.comm  _OPENSSL_ia32cap_P,8,2

diff --git a/deps/openssl/asm/x86-macosx-gas/camellia/cmll-x86.s b/deps/openssl/asm/x86-macosx-gas/camellia/cmll-x86.s
index 4d61caa..2367cee 100644 (file)
--- a/deps/openssl/asm/x86-macosx-gas/camellia/cmll-x86.s
+++ b/deps/openssl/asm/x86-macosx-gas/camellia/cmll-x86.s
@@ -1519,10 +1519,10 @@ L013done:
        popl    %ebx
        popl    %ebp
        ret
-.globl _Camellia_set_key
+.globl _private_Camellia_set_key
 .align 4
-_Camellia_set_key:
-L_Camellia_set_key_begin:
+_private_Camellia_set_key:
+L_private_Camellia_set_key_begin:
        pushl   %ebx
        movl    8(%esp),%ecx
        movl    12(%esp),%ebx

diff --git a/deps/openssl/asm/x86-macosx-gas/des/crypt586.s b/deps/openssl/asm/x86-macosx-gas/des/crypt586.s
index edb1bb3..7d0074e 100644 (file)
--- a/deps/openssl/asm/x86-macosx-gas/des/crypt586.s
+++ b/deps/openssl/asm/x86-macosx-gas/des/crypt586.s
@@ -13,11 +13,14 @@ L_fcrypt_body_begin:
 
        xorl    %edi,%edi
        xorl    %esi,%esi
-       leal    _DES_SPtrans,%edx
+       call    L000PIC_me_up
+L000PIC_me_up:
+       popl    %edx
+       movl    L_DES_SPtrans$non_lazy_ptr-L000PIC_me_up(%edx),%edx
        pushl   %edx
        movl    28(%esp),%ebp
        pushl   $25
-L000start:
+L001start:
 
        # Round 0
 
@@ -840,7 +843,7 @@ L000start:
        movl    %esi,%edi
        movl    %eax,%esi
        movl    %ebx,(%esp)
-       jnz     L000start
+       jnz     L001start
 
        # FP
 
@@ -889,3 +892,7 @@ L000start:
        popl    %ebx
        popl    %ebp
        ret
+.section __IMPORT,__pointers,non_lazy_symbol_pointers
+L_DES_SPtrans$non_lazy_ptr:
+.indirect_symbol       _DES_SPtrans
+.long  0

diff --git a/deps/openssl/asm/x86-macosx-gas/rc4/rc4-586.s b/deps/openssl/asm/x86-macosx-gas/rc4/rc4-586.s
index a821dc9..882a02d 100644 (file)
--- a/deps/openssl/asm/x86-macosx-gas/rc4/rc4-586.s
+++ b/deps/openssl/asm/x86-macosx-gas/rc4/rc4-586.s
@@ -28,11 +28,149 @@ L_RC4_begin:
        movl    (%edi,%eax,4),%ecx
        andl    $-4,%edx
        jz      L002loop1
-       leal    -4(%esi,%edx,1),%edx
-       movl    %edx,28(%esp)
+       testl   $-8,%edx
        movl    %ebp,32(%esp)
+       jz      L003go4loop4
+       call    L004PIC_me_up
+L004PIC_me_up:
+       popl    %ebp
+       movl    L_OPENSSL_ia32cap_P$non_lazy_ptr-L004PIC_me_up(%ebp),%ebp
+       btl     $26,(%ebp)
+       jnc     L003go4loop4
+       movl    32(%esp),%ebp
+       andl    $-8,%edx
+       leal    -8(%esi,%edx,1),%edx
+       movl    %edx,-4(%edi)
+       addb    %cl,%bl
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       movq    (%esi),%mm0
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm2
+       jmp     L005loop_mmx_enter
 .align 4,0x90
-L003loop4:
+L006loop_mmx:
+       addb    %cl,%bl
+       psllq   $56,%mm1
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       pxor    %mm1,%mm2
+       movq    (%esi),%mm0
+       movq    %mm2,-8(%ebp,%esi,1)
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm2
+L005loop_mmx_enter:
+       addb    %cl,%bl
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       pxor    %mm0,%mm2
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm1
+       addb    %cl,%bl
+       psllq   $8,%mm1
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       pxor    %mm1,%mm2
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm1
+       addb    %cl,%bl
+       psllq   $16,%mm1
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       pxor    %mm1,%mm2
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm1
+       addb    %cl,%bl
+       psllq   $24,%mm1
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       pxor    %mm1,%mm2
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm1
+       addb    %cl,%bl
+       psllq   $32,%mm1
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       pxor    %mm1,%mm2
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm1
+       addb    %cl,%bl
+       psllq   $40,%mm1
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       pxor    %mm1,%mm2
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm1
+       addb    %cl,%bl
+       psllq   $48,%mm1
+       movl    (%edi,%ebx,4),%edx
+       movl    %ecx,(%edi,%ebx,4)
+       movl    %edx,(%edi,%eax,4)
+       incl    %eax
+       addl    %ecx,%edx
+       movzbl  %al,%eax
+       movzbl  %dl,%edx
+       pxor    %mm1,%mm2
+       movl    (%edi,%eax,4),%ecx
+       movd    (%edi,%edx,4),%mm1
+       movl    %ebx,%edx
+       xorl    %ebx,%ebx
+       movb    %dl,%bl
+       cmpl    -4(%edi),%esi
+       leal    8(%esi),%esi
+       jb      L006loop_mmx
+       psllq   $56,%mm1
+       pxor    %mm1,%mm2
+       movq    %mm2,-8(%ebp,%esi,1)
+       emms
+       cmpl    24(%esp),%esi
+       je      L007done
+       jmp     L002loop1
+.align 4,0x90
+L003go4loop4:
+       leal    -4(%esi,%edx,1),%edx
+       movl    %edx,28(%esp)
+L008loop4:
        addb    %cl,%bl
        movl    (%edi,%ebx,4),%edx
        movl    %ecx,(%edi,%ebx,4)
@@ -78,9 +216,9 @@ L003loop4:
        movl    %ebp,(%ecx,%esi,1)
        leal    4(%esi),%esi
        movl    (%edi,%eax,4),%ecx
-       jb      L003loop4
+       jb      L008loop4
        cmpl    24(%esp),%esi
-       je      L004done
+       je      L007done
        movl    32(%esp),%ebp
 .align 4,0x90
 L002loop1:
@@ -98,11 +236,11 @@ L002loop1:
        cmpl    24(%esp),%esi
        movb    %dl,-1(%ebp,%esi,1)
        jb      L002loop1
-       jmp     L004done
+       jmp     L007done
 .align 4,0x90
 L001RC4_CHAR:
        movzbl  (%edi,%eax,1),%ecx
-L005cloop1:
+L009cloop1:
        addb    %cl,%bl
        movzbl  (%edi,%ebx,1),%edx
        movb    %cl,(%edi,%ebx,1)
@@ -115,10 +253,10 @@ L005cloop1:
        movzbl  (%edi,%eax,1),%ecx
        cmpl    24(%esp),%esi
        movb    %dl,-1(%ebp,%esi,1)
-       jb      L005cloop1
-L004done:
+       jb      L009cloop1
+L007done:
        decb    %al
-       movb    %bl,-4(%edi)
+       movl    %ebx,-4(%edi)
        movb    %al,-8(%edi)
 L000abort:
        popl    %edi
@@ -126,10 +264,10 @@ L000abort:
        popl    %ebx
        popl    %ebp
        ret
-.globl _RC4_set_key
+.globl _private_RC4_set_key
 .align 4
-_RC4_set_key:
-L_RC4_set_key_begin:
+_private_RC4_set_key:
+L_private_RC4_set_key_begin:
        pushl   %ebp
        pushl   %ebx
        pushl   %esi
@@ -137,60 +275,63 @@ L_RC4_set_key_begin:
        movl    20(%esp),%edi
        movl    24(%esp),%ebp
        movl    28(%esp),%esi
-       leal    _OPENSSL_ia32cap_P,%edx
+       call    L010PIC_me_up
+L010PIC_me_up:
+       popl    %edx
+       movl    L_OPENSSL_ia32cap_P$non_lazy_ptr-L010PIC_me_up(%edx),%edx
        leal    8(%edi),%edi
        leal    (%esi,%ebp,1),%esi
        negl    %ebp
        xorl    %eax,%eax
        movl    %ebp,-4(%edi)
        btl     $20,(%edx)
-       jc      L006c1stloop
+       jc      L011c1stloop
 .align 4,0x90
-L007w1stloop:
+L012w1stloop:
        movl    %eax,(%edi,%eax,4)
        addb    $1,%al
-       jnc     L007w1stloop
+       jnc     L012w1stloop
        xorl    %ecx,%ecx
        xorl    %edx,%edx
 .align 4,0x90
-L008w2ndloop:
+L013w2ndloop:
        movl    (%edi,%ecx,4),%eax
        addb    (%esi,%ebp,1),%dl
        addb    %al,%dl
        addl    $1,%ebp
        movl    (%edi,%edx,4),%ebx
-       jnz     L009wnowrap
+       jnz     L014wnowrap
        movl    -4(%edi),%ebp
-L009wnowrap:
+L014wnowrap:
        movl    %eax,(%edi,%edx,4)
        movl    %ebx,(%edi,%ecx,4)
        addb    $1,%cl
-       jnc     L008w2ndloop
-       jmp     L010exit
+       jnc     L013w2ndloop
+       jmp     L015exit
 .align 4,0x90
-L006c1stloop:
+L011c1stloop:
        movb    %al,(%edi,%eax,1)
        addb    $1,%al
-       jnc     L006c1stloop
+       jnc     L011c1stloop
        xorl    %ecx,%ecx
        xorl    %edx,%edx
        xorl    %ebx,%ebx
 .align 4,0x90
-L011c2ndloop:
+L016c2ndloop:
        movb    (%edi,%ecx,1),%al
        addb    (%esi,%ebp,1),%dl
        addb    %al,%dl
        addl    $1,%ebp
        movb    (%edi,%edx,1),%bl
-       jnz     L012cnowrap
+       jnz     L017cnowrap
        movl    -4(%edi),%ebp
-L012cnowrap:
+L017cnowrap:
        movb    %al,(%edi,%edx,1)
        movb    %bl,(%edi,%ecx,1)
        addb    $1,%cl
-       jnc     L011c2ndloop
+       jnc     L016c2ndloop
        movl    $-1,256(%edi)
-L010exit:
+L015exit:
        xorl    %eax,%eax
        movl    %eax,-8(%edi)
        movl    %eax,-4(%edi)
@@ -203,22 +344,36 @@ L010exit:
 .align 4
 _RC4_options:
 L_RC4_options_begin:
-       call    L013pic_point
-L013pic_point:
+       call    L018pic_point
+L018pic_point:
        popl    %eax
-       leal    L014opts-L013pic_point(%eax),%eax
-       leal    _OPENSSL_ia32cap_P,%edx
-       btl     $20,(%edx)
-       jnc     L015skip
+       leal    L019opts-L018pic_point(%eax),%eax
+       call    L020PIC_me_up
+L020PIC_me_up:
+       popl    %edx
+       movl    L_OPENSSL_ia32cap_P$non_lazy_ptr-L020PIC_me_up(%edx),%edx
+       movl    (%edx),%edx
+       btl     $20,%edx
+       jc      L0211xchar
+       btl     $26,%edx
+       jnc     L022ret
+       addl    $25,%eax
+       ret
+L0211xchar:
        addl    $12,%eax
-L015skip:
+L022ret:
        ret
 .align 6,0x90
-L014opts:
+L019opts:
 .byte  114,99,52,40,52,120,44,105,110,116,41,0
 .byte  114,99,52,40,49,120,44,99,104,97,114,41,0
+.byte  114,99,52,40,56,120,44,109,109,120,41,0
 .byte  82,67,52,32,102,111,114,32,120,56,54,44,32,67,82,89
 .byte  80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114
 .byte  111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .align 6,0x90
-.comm  _OPENSSL_ia32cap_P,4
+.section __IMPORT,__pointers,non_lazy_symbol_pointers
+L_OPENSSL_ia32cap_P$non_lazy_ptr:
+.indirect_symbol       _OPENSSL_ia32cap_P
+.long  0
+.comm  _OPENSSL_ia32cap_P,8,2

diff --git a/deps/openssl/asm/x86-macosx-gas/sha/sha1-586.s b/deps/openssl/asm/x86-macosx-gas/sha/sha1-586.s
index 4f356fe..28d9572 100644 (file)
--- a/deps/openssl/asm/x86-macosx-gas/sha/sha1-586.s
+++ b/deps/openssl/asm/x86-macosx-gas/sha/sha1-586.s
@@ -11,11 +11,12 @@ L_sha1_block_data_order_begin:
        movl    20(%esp),%ebp
        movl    24(%esp),%esi
        movl    28(%esp),%eax
-       subl    $64,%esp
+       subl    $76,%esp
        shll    $6,%eax
        addl    %esi,%eax
-       movl    %eax,92(%esp)
+       movl    %eax,104(%esp)
        movl    16(%ebp),%edi
+       jmp     L000loop
 .align 4,0x90
 L000loop:
        movl    (%esi),%eax
@@ -66,7 +67,7 @@ L000loop:
        movl    %ebx,52(%esp)
        movl    %ecx,56(%esp)
        movl    %edx,60(%esp)
-       movl    %esi,88(%esp)
+       movl    %esi,100(%esp)
        movl    (%ebp),%eax
        movl    4(%ebp),%ebx
        movl    8(%ebp),%ecx
@@ -78,10 +79,10 @@ L000loop:
        roll    $5,%ebp
        xorl    %edx,%esi
        addl    %edi,%ebp
-       andl    %ebx,%esi
        movl    (%esp),%edi
-       xorl    %edx,%esi
+       andl    %ebx,%esi
        rorl    $2,%ebx
+       xorl    %edx,%esi
        leal    1518500249(%ebp,%edi,1),%ebp
        addl    %esi,%ebp
        # 00_15 1
@@ -91,10 +92,10 @@ L000loop:
        roll    $5,%ebp
        xorl    %ecx,%edi
        addl    %edx,%ebp
-       andl    %eax,%edi
        movl    4(%esp),%edx
-       xorl    %ecx,%edi
+       andl    %eax,%edi
        rorl    $2,%eax
+       xorl    %ecx,%edi
        leal    1518500249(%ebp,%edx,1),%ebp
        addl    %edi,%ebp
        # 00_15 2
@@ -104,10 +105,10 @@ L000loop:
        roll    $5,%ebp
        xorl    %ebx,%edx
        addl    %ecx,%ebp
-       andl    %esi,%edx
        movl    8(%esp),%ecx
-       xorl    %ebx,%edx
+       andl    %esi,%edx
        rorl    $2,%esi
+       xorl    %ebx,%edx
        leal    1518500249(%ebp,%ecx,1),%ebp
        addl    %edx,%ebp
        # 00_15 3
@@ -117,10 +118,10 @@ L000loop:
        roll    $5,%ebp
        xorl    %eax,%ecx
        addl    %ebx,%ebp
-       andl    %edi,%ecx
        movl    12(%esp),%ebx
-       xorl    %eax,%ecx
+       andl    %edi,%ecx
        rorl    $2,%edi
+       xorl    %eax,%ecx
        leal    1518500249(%ebp,%ebx,1),%ebp
        addl    %ecx,%ebp
        # 00_15 4
@@ -130,10 +131,10 @@ L000loop:
        roll    $5,%ebp
        xorl    %esi,%ebx
        addl    %eax,%ebp
-       andl    %edx,%ebx
        movl    16(%esp),%eax
-       xorl    %esi,%ebx
+       andl    %edx,%ebx
        rorl    $2,%edx
+       xorl    %esi,%ebx
        leal    1518500249(%ebp,%eax,1),%ebp
        addl    %ebx,%ebp
        # 00_15 5
@@ -143,10 +144,10 @@ L000loop:
        roll    $5,%ebp
        xorl    %edi,%eax
        addl    %esi,%ebp
-       andl    %ecx,%eax
        movl    20(%esp),%esi
-       xorl    %edi,%eax
+       andl    %ecx,%eax
        rorl    $2,%ecx
+       xorl    %edi,%eax
        leal    1518500249(%ebp,%esi,1),%ebp
        addl    %eax,%ebp
        # 00_15 6
@@ -156,10 +157,10 @@ L000loop:
        roll    $5,%ebp
        xorl    %edx,%esi
        addl    %edi,%ebp
-       andl    %ebx,%esi
        movl    24(%esp),%edi
-       xorl    %edx,%esi
+       andl    %ebx,%esi
        rorl    $2,%ebx
+       xorl    %edx,%esi
        leal    1518500249(%ebp,%edi,1),%ebp
        addl    %esi,%ebp
        # 00_15 7
@@ -169,10 +170,10 @@ L000loop:
        roll    $5,%ebp
        xorl    %ecx,%edi
        addl    %edx,%ebp
-       andl    %eax,%edi
        movl    28(%esp),%edx
-       xorl    %ecx,%edi
+       andl    %eax,%edi
        rorl    $2,%eax
+       xorl    %ecx,%edi
        leal    1518500249(%ebp,%edx,1),%ebp
        addl    %edi,%ebp
        # 00_15 8
@@ -182,10 +183,10 @@ L000loop:
        roll    $5,%ebp
        xorl    %ebx,%edx
        addl    %ecx,%ebp
-       andl    %esi,%edx
        movl    32(%esp),%ecx
-       xorl    %ebx,%edx
+       andl    %esi,%edx
        rorl    $2,%esi
+       xorl    %ebx,%edx
        leal    1518500249(%ebp,%ecx,1),%ebp
        addl    %edx,%ebp
        # 00_15 9
@@ -195,10 +196,10 @@ L000loop:
        roll    $5,%ebp
        xorl    %eax,%ecx
        addl    %ebx,%ebp
-       andl    %edi,%ecx
        movl    36(%esp),%ebx
-       xorl    %eax,%ecx
+       andl    %edi,%ecx
        rorl    $2,%edi
+       xorl    %eax,%ecx
        leal    1518500249(%ebp,%ebx,1),%ebp
        addl    %ecx,%ebp
        # 00_15 10
@@ -208,10 +209,10 @@ L000loop:
        roll    $5,%ebp
        xorl    %esi,%ebx
        addl    %eax,%ebp
-       andl    %edx,%ebx
        movl    40(%esp),%eax
-       xorl    %esi,%ebx
+       andl    %edx,%ebx
        rorl    $2,%edx
+       xorl    %esi,%ebx
        leal    1518500249(%ebp,%eax,1),%ebp
        addl    %ebx,%ebp
        # 00_15 11
@@ -221,10 +222,10 @@ L000loop:
        roll    $5,%ebp
        xorl    %edi,%eax
        addl    %esi,%ebp
-       andl    %ecx,%eax
        movl    44(%esp),%esi
-       xorl    %edi,%eax
+       andl    %ecx,%eax
        rorl    $2,%ecx
+       xorl    %edi,%eax
        leal    1518500249(%ebp,%esi,1),%ebp
        addl    %eax,%ebp
        # 00_15 12
@@ -234,10 +235,10 @@ L000loop:
        roll    $5,%ebp
        xorl    %edx,%esi
        addl    %edi,%ebp
-       andl    %ebx,%esi
        movl    48(%esp),%edi
-       xorl    %edx,%esi
+       andl    %ebx,%esi
        rorl    $2,%ebx
+       xorl    %edx,%esi
        leal    1518500249(%ebp,%edi,1),%ebp
        addl    %esi,%ebp
        # 00_15 13
@@ -247,10 +248,10 @@ L000loop:
        roll    $5,%ebp
        xorl    %ecx,%edi
        addl    %edx,%ebp
-       andl    %eax,%edi
        movl    52(%esp),%edx
-       xorl    %ecx,%edi
+       andl    %eax,%edi
        rorl    $2,%eax
+       xorl    %ecx,%edi
        leal    1518500249(%ebp,%edx,1),%ebp
        addl    %edi,%ebp
        # 00_15 14
@@ -260,10 +261,10 @@ L000loop:
        roll    $5,%ebp
        xorl    %ebx,%edx
        addl    %ecx,%ebp
-       andl    %esi,%edx
        movl    56(%esp),%ecx
-       xorl    %ebx,%edx
+       andl    %esi,%edx
        rorl    $2,%esi
+       xorl    %ebx,%edx
        leal    1518500249(%ebp,%ecx,1),%ebp
        addl    %edx,%ebp
        # 00_15 15
@@ -273,1226 +274,1163 @@ L000loop:
        roll    $5,%ebp
        xorl    %eax,%ecx
        addl    %ebx,%ebp
-       andl    %edi,%ecx
        movl    60(%esp),%ebx
-       xorl    %eax,%ecx
+       andl    %edi,%ecx
        rorl    $2,%edi
+       xorl    %eax,%ecx
        leal    1518500249(%ebp,%ebx,1),%ebp
+       movl    (%esp),%ebx
        addl    %ebp,%ecx
        # 16_19 16
 
-       movl    (%esp),%ebx
        movl    %edi,%ebp
        xorl    8(%esp),%ebx
        xorl    %esi,%ebp
        xorl    32(%esp),%ebx
        andl    %edx,%ebp
-       rorl    $2,%edx
        xorl    52(%esp),%ebx
        roll    $1,%ebx
        xorl    %esi,%ebp
+       addl    %ebp,%eax
+       movl    %ecx,%ebp
+       rorl    $2,%edx
        movl    %ebx,(%esp)
+       roll    $5,%ebp
        leal    1518500249(%ebx,%eax,1),%ebx
-       movl    %ecx,%eax
-       roll    $5,%eax
+       movl    4(%esp),%eax
        addl    %ebp,%ebx
-       addl    %eax,%ebx
        # 16_19 17
 
-       movl    4(%esp),%eax
        movl    %edx,%ebp
        xorl    12(%esp),%eax
        xorl    %edi,%ebp
        xorl    36(%esp),%eax
        andl    %ecx,%ebp
-       rorl    $2,%ecx
        xorl    56(%esp),%eax
        roll    $1,%eax
        xorl    %edi,%ebp
+       addl    %ebp,%esi
+       movl    %ebx,%ebp
+       rorl    $2,%ecx
        movl    %eax,4(%esp)
+       roll    $5,%ebp
        leal    1518500249(%eax,%esi,1),%eax
-       movl    %ebx,%esi
-       roll    $5,%esi
+       movl    8(%esp),%esi
        addl    %ebp,%eax
-       addl    %esi,%eax
        # 16_19 18
 
-       movl    8(%esp),%esi
        movl    %ecx,%ebp
        xorl    16(%esp),%esi
        xorl    %edx,%ebp
        xorl    40(%esp),%esi
        andl    %ebx,%ebp
-       rorl    $2,%ebx
        xorl    60(%esp),%esi
        roll    $1,%esi
        xorl    %edx,%ebp
+       addl    %ebp,%edi
+       movl    %eax,%ebp
+       rorl    $2,%ebx
        movl    %esi,8(%esp)
+       roll    $5,%ebp
        leal    1518500249(%esi,%edi,1),%esi
-       movl    %eax,%edi
-       roll    $5,%edi
+       movl    12(%esp),%edi
        addl    %ebp,%esi
-       addl    %edi,%esi
        # 16_19 19
 
-       movl    12(%esp),%edi
        movl    %ebx,%ebp
        xorl    20(%esp),%edi
        xorl    %ecx,%ebp
        xorl    44(%esp),%edi
        andl    %eax,%ebp
-       rorl    $2,%eax
        xorl    (%esp),%edi
        roll    $1,%edi
        xorl    %ecx,%ebp
+       addl    %ebp,%edx
+       movl    %esi,%ebp
+       rorl    $2,%eax
        movl    %edi,12(%esp)
+       roll    $5,%ebp
        leal    1518500249(%edi,%edx,1),%edi
-       movl    %esi,%edx
-       roll    $5,%edx
+       movl    16(%esp),%edx
        addl    %ebp,%edi
-       addl    %edx,%edi
        # 20_39 20
 
        movl    %esi,%ebp
-       movl    16(%esp),%edx
-       rorl    $2,%esi
        xorl    24(%esp),%edx
        xorl    %eax,%ebp
        xorl    48(%esp),%edx
        xorl    %ebx,%ebp
        xorl    4(%esp),%edx
        roll    $1,%edx
-       addl    %ecx,%ebp
+       addl    %ebp,%ecx
+       rorl    $2,%esi
+       movl    %edi,%ebp
+       roll    $5,%ebp
        movl    %edx,16(%esp)
-       movl    %edi,%ecx
-       roll    $5,%ecx
-       leal    1859775393(%edx,%ebp,1),%edx
-       addl    %ecx,%edx
+       leal    1859775393(%edx,%ecx,1),%edx
+       movl    20(%esp),%ecx
+       addl    %ebp,%edx
        # 20_39 21
 
        movl    %edi,%ebp
-       movl    20(%esp),%ecx
-       rorl    $2,%edi
        xorl    28(%esp),%ecx
        xorl    %esi,%ebp
        xorl    52(%esp),%ecx
        xorl    %eax,%ebp
        xorl    8(%esp),%ecx
        roll    $1,%ecx
-       addl    %ebx,%ebp
+       addl    %ebp,%ebx
+       rorl    $2,%edi
+       movl    %edx,%ebp
+       roll    $5,%ebp
        movl    %ecx,20(%esp)
-       movl    %edx,%ebx
-       roll    $5,%ebx
-       leal    1859775393(%ecx,%ebp,1),%ecx
-       addl    %ebx,%ecx
+       leal    1859775393(%ecx,%ebx,1),%ecx
+       movl    24(%esp),%ebx
+       addl    %ebp,%ecx
        # 20_39 22
 
        movl    %edx,%ebp
-       movl    24(%esp),%ebx
-       rorl    $2,%edx
        xorl    32(%esp),%ebx
        xorl    %edi,%ebp
        xorl    56(%esp),%ebx
        xorl    %esi,%ebp
        xorl    12(%esp),%ebx
        roll    $1,%ebx
-       addl    %eax,%ebp
+       addl    %ebp,%eax
+       rorl    $2,%edx
+       movl    %ecx,%ebp
+       roll    $5,%ebp
        movl    %ebx,24(%esp)
-       movl    %ecx,%eax
-       roll    $5,%eax
-       leal    1859775393(%ebx,%ebp,1),%ebx
-       addl    %eax,%ebx
+       leal    1859775393(%ebx,%eax,1),%ebx
+       movl    28(%esp),%eax
+       addl    %ebp,%ebx
        # 20_39 23
 
        movl    %ecx,%ebp
-       movl    28(%esp),%eax
-       rorl    $2,%ecx
        xorl    36(%esp),%eax
        xorl    %edx,%ebp
        xorl    60(%esp),%eax
        xorl    %edi,%ebp
        xorl    16(%esp),%eax
        roll    $1,%eax
-       addl    %esi,%ebp
+       addl    %ebp,%esi
+       rorl    $2,%ecx
+       movl    %ebx,%ebp
+       roll    $5,%ebp
        movl    %eax,28(%esp)
-       movl    %ebx,%esi
-       roll    $5,%esi
-       leal    1859775393(%eax,%ebp,1),%eax
-       addl    %esi,%eax
+       leal    1859775393(%eax,%esi,1),%eax
+       movl    32(%esp),%esi
+       addl    %ebp,%eax
        # 20_39 24
 
        movl    %ebx,%ebp
-       movl    32(%esp),%esi
-       rorl    $2,%ebx
        xorl    40(%esp),%esi
        xorl    %ecx,%ebp
        xorl    (%esp),%esi
        xorl    %edx,%ebp
        xorl    20(%esp),%esi
        roll    $1,%esi
-       addl    %edi,%ebp
+       addl    %ebp,%edi
+       rorl    $2,%ebx
+       movl    %eax,%ebp
+       roll    $5,%ebp
        movl    %esi,32(%esp)
-       movl    %eax,%edi
-       roll    $5,%edi
-       leal    1859775393(%esi,%ebp,1),%esi
-       addl    %edi,%esi
+       leal    1859775393(%esi,%edi,1),%esi
+       movl    36(%esp),%edi
+       addl    %ebp,%esi
        # 20_39 25
 
        movl    %eax,%ebp
-       movl    36(%esp),%edi
-       rorl    $2,%eax
        xorl    44(%esp),%edi
        xorl    %ebx,%ebp
        xorl    4(%esp),%edi
        xorl    %ecx,%ebp
        xorl    24(%esp),%edi
        roll    $1,%edi
-       addl    %edx,%ebp
+       addl    %ebp,%edx
+       rorl    $2,%eax
+       movl    %esi,%ebp
+       roll    $5,%ebp
        movl    %edi,36(%esp)
-       movl    %esi,%edx
-       roll    $5,%edx
-       leal    1859775393(%edi,%ebp,1),%edi
-       addl    %edx,%edi
+       leal    1859775393(%edi,%edx,1),%edi
+       movl    40(%esp),%edx
+       addl    %ebp,%edi
        # 20_39 26
 
        movl    %esi,%ebp
-       movl    40(%esp),%edx
-       rorl    $2,%esi
        xorl    48(%esp),%edx
        xorl    %eax,%ebp
        xorl    8(%esp),%edx
        xorl    %ebx,%ebp
        xorl    28(%esp),%edx
        roll    $1,%edx
-       addl    %ecx,%ebp
+       addl    %ebp,%ecx
+       rorl    $2,%esi
+       movl    %edi,%ebp
+       roll    $5,%ebp
        movl    %edx,40(%esp)
-       movl    %edi,%ecx
-       roll    $5,%ecx
-       leal    1859775393(%edx,%ebp,1),%edx
-       addl    %ecx,%edx
+       leal    1859775393(%edx,%ecx,1),%edx
+       movl    44(%esp),%ecx
+       addl    %ebp,%edx
        # 20_39 27
 
        movl    %edi,%ebp
-       movl    44(%esp),%ecx
-       rorl    $2,%edi
        xorl    52(%esp),%ecx
        xorl    %esi,%ebp
        xorl    12(%esp),%ecx
        xorl    %eax,%ebp
        xorl    32(%esp),%ecx
        roll    $1,%ecx
-       addl    %ebx,%ebp
+       addl    %ebp,%ebx
+       rorl    $2,%edi
+       movl    %edx,%ebp
+       roll    $5,%ebp
        movl    %ecx,44(%esp)
-       movl    %edx,%ebx
-       roll    $5,%ebx
-       leal    1859775393(%ecx,%ebp,1),%ecx
-       addl    %ebx,%ecx
+       leal    1859775393(%ecx,%ebx,1),%ecx
+       movl    48(%esp),%ebx
+       addl    %ebp,%ecx
        # 20_39 28
 
        movl    %edx,%ebp
-       movl    48(%esp),%ebx
-       rorl    $2,%edx
        xorl    56(%esp),%ebx
        xorl    %edi,%ebp
        xorl    16(%esp),%ebx
        xorl    %esi,%ebp
        xorl    36(%esp),%ebx
        roll    $1,%ebx
-       addl    %eax,%ebp
+       addl    %ebp,%eax
+       rorl    $2,%edx
+       movl    %ecx,%ebp
+       roll    $5,%ebp
        movl    %ebx,48(%esp)
-       movl    %ecx,%eax
-       roll    $5,%eax
-       leal    1859775393(%ebx,%ebp,1),%ebx
-       addl    %eax,%ebx
+       leal    1859775393(%ebx,%eax,1),%ebx
+       movl    52(%esp),%eax
+       addl    %ebp,%ebx
        # 20_39 29
 
        movl    %ecx,%ebp
-       movl    52(%esp),%eax
-       rorl    $2,%ecx
        xorl    60(%esp),%eax
        xorl    %edx,%ebp
        xorl    20(%esp),%eax
        xorl    %edi,%ebp
        xorl    40(%esp),%eax
        roll    $1,%eax
-       addl    %esi,%ebp
+       addl    %ebp,%esi
+       rorl    $2,%ecx
+       movl    %ebx,%ebp
+       roll    $5,%ebp
        movl    %eax,52(%esp)
-       movl    %ebx,%esi
-       roll    $5,%esi
-       leal    1859775393(%eax,%ebp,1),%eax
-       addl    %esi,%eax
+       leal    1859775393(%eax,%esi,1),%eax
+       movl    56(%esp),%esi
+       addl    %ebp,%eax
        # 20_39 30
 
        movl    %ebx,%ebp
-       movl    56(%esp),%esi
-       rorl    $2,%ebx
        xorl    (%esp),%esi
        xorl    %ecx,%ebp
        xorl    24(%esp),%esi
        xorl    %edx,%ebp
        xorl    44(%esp),%esi
        roll    $1,%esi
-       addl    %edi,%ebp
+       addl    %ebp,%edi
+       rorl    $2,%ebx
+       movl    %eax,%ebp
+       roll    $5,%ebp
        movl    %esi,56(%esp)
-       movl    %eax,%edi
-       roll    $5,%edi
-       leal    1859775393(%esi,%ebp,1),%esi
-       addl    %edi,%esi
+       leal    1859775393(%esi,%edi,1),%esi
+       movl    60(%esp),%edi
+       addl    %ebp,%esi
        # 20_39 31
 
        movl    %eax,%ebp
-       movl    60(%esp),%edi
-       rorl    $2,%eax
        xorl    4(%esp),%edi
        xorl    %ebx,%ebp
        xorl    28(%esp),%edi
        xorl    %ecx,%ebp
        xorl    48(%esp),%edi
        roll    $1,%edi
-       addl    %edx,%ebp
+       addl    %ebp,%edx
+       rorl    $2,%eax
+       movl    %esi,%ebp
+       roll    $5,%ebp
        movl    %edi,60(%esp)
-       movl    %esi,%edx
-       roll    $5,%edx
-       leal    1859775393(%edi,%ebp,1),%edi
-       addl    %edx,%edi
+       leal    1859775393(%edi,%edx,1),%edi
+       movl    (%esp),%edx
+       addl    %ebp,%edi
        # 20_39 32
 
        movl    %esi,%ebp
-       movl    (%esp),%edx
-       rorl    $2,%esi
        xorl    8(%esp),%edx
        xorl    %eax,%ebp
        xorl    32(%esp),%edx
        xorl    %ebx,%ebp
        xorl    52(%esp),%edx
        roll    $1,%edx
-       addl    %ecx,%ebp
+       addl    %ebp,%ecx
+       rorl    $2,%esi
+       movl    %edi,%ebp
+       roll    $5,%ebp
        movl    %edx,(%esp)
-       movl    %edi,%ecx
-       roll    $5,%ecx
-       leal    1859775393(%edx,%ebp,1),%edx
-       addl    %ecx,%edx
+       leal    1859775393(%edx,%ecx,1),%edx
+       movl    4(%esp),%ecx
+       addl    %ebp,%edx
        # 20_39 33
 
        movl    %edi,%ebp
-       movl    4(%esp),%ecx
-       rorl    $2,%edi
        xorl    12(%esp),%ecx
        xorl    %esi,%ebp
        xorl    36(%esp),%ecx
        xorl    %eax,%ebp
        xorl    56(%esp),%ecx
        roll    $1,%ecx
-       addl    %ebx,%ebp
+       addl    %ebp,%ebx
+       rorl    $2,%edi
+       movl    %edx,%ebp
+       roll    $5,%ebp
        movl    %ecx,4(%esp)
-       movl    %edx,%ebx
-       roll    $5,%ebx
-       leal    1859775393(%ecx,%ebp,1),%ecx
-       addl    %ebx,%ecx
+       leal    1859775393(%ecx,%ebx,1),%ecx
+       movl    8(%esp),%ebx
+       addl    %ebp,%ecx
        # 20_39 34
 
        movl    %edx,%ebp
-       movl    8(%esp),%ebx
-       rorl    $2,%edx
        xorl    16(%esp),%ebx
        xorl    %edi,%ebp
        xorl    40(%esp),%ebx
        xorl    %esi,%ebp
        xorl    60(%esp),%ebx
        roll    $1,%ebx
-       addl    %eax,%ebp
+       addl    %ebp,%eax
+       rorl    $2,%edx
+       movl    %ecx,%ebp
+       roll    $5,%ebp
        movl    %ebx,8(%esp)
-       movl    %ecx,%eax
-       roll    $5,%eax
-       leal    1859775393(%ebx,%ebp,1),%ebx
-       addl    %eax,%ebx
+       leal    1859775393(%ebx,%eax,1),%ebx
+       movl    12(%esp),%eax
+       addl    %ebp,%ebx
        # 20_39 35
 
        movl    %ecx,%ebp
-       movl    12(%esp),%eax
-       rorl    $2,%ecx
        xorl    20(%esp),%eax
        xorl    %edx,%ebp
        xorl    44(%esp),%eax
        xorl    %edi,%ebp
        xorl    (%esp),%eax
        roll    $1,%eax
-       addl    %esi,%ebp
+       addl    %ebp,%esi
+       rorl    $2,%ecx
+       movl    %ebx,%ebp
+       roll    $5,%ebp
        movl    %eax,12(%esp)
-       movl    %ebx,%esi
-       roll    $5,%esi
-       leal    1859775393(%eax,%ebp,1),%eax
-       addl    %esi,%eax
+       leal    1859775393(%eax,%esi,1),%eax
+       movl    16(%esp),%esi
+       addl    %ebp,%eax
        # 20_39 36
 
        movl    %ebx,%ebp
-       movl    16(%esp),%esi
-       rorl    $2,%ebx
        xorl    24(%esp),%esi
        xorl    %ecx,%ebp
        xorl    48(%esp),%esi
        xorl    %edx,%ebp
        xorl    4(%esp),%esi
        roll    $1,%esi
-       addl    %edi,%ebp
+       addl    %ebp,%edi
+       rorl    $2,%ebx
+       movl    %eax,%ebp
+       roll    $5,%ebp
        movl    %esi,16(%esp)
-       movl    %eax,%edi
-       roll    $5,%edi
-       leal    1859775393(%esi,%ebp,1),%esi
-       addl    %edi,%esi
+       leal    1859775393(%esi,%edi,1),%esi
+       movl    20(%esp),%edi
+       addl    %ebp,%esi
        # 20_39 37
 
        movl    %eax,%ebp
-       movl    20(%esp),%edi
-       rorl    $2,%eax
        xorl    28(%esp),%edi
        xorl    %ebx,%ebp
        xorl    52(%esp),%edi
        xorl    %ecx,%ebp
        xorl    8(%esp),%edi
        roll    $1,%edi
-       addl    %edx,%ebp
+       addl    %ebp,%edx
+       rorl    $2,%eax
+       movl    %esi,%ebp
+       roll    $5,%ebp
        movl    %edi,20(%esp)
-       movl    %esi,%edx
-       roll    $5,%edx
-       leal    1859775393(%edi,%ebp,1),%edi
-       addl    %edx,%edi
+       leal    1859775393(%edi,%edx,1),%edi
+       movl    24(%esp),%edx
+       addl    %ebp,%edi
        # 20_39 38
 
        movl    %esi,%ebp
-       movl    24(%esp),%edx
-       rorl    $2,%esi
        xorl    32(%esp),%edx
        xorl    %eax,%ebp
        xorl    56(%esp),%edx
        xorl    %ebx,%ebp
        xorl    12(%esp),%edx
        roll    $1,%edx
-       addl    %ecx,%ebp
+       addl    %ebp,%ecx
+       rorl    $2,%esi
+       movl    %edi,%ebp
+       roll    $5,%ebp
        movl    %edx,24(%esp)
-       movl    %edi,%ecx
-       roll    $5,%ecx
-       leal    1859775393(%edx,%ebp,1),%edx
-       addl    %ecx,%edx
+       leal    1859775393(%edx,%ecx,1),%edx
+       movl    28(%esp),%ecx
+       addl    %ebp,%edx
        # 20_39 39
 
        movl    %edi,%ebp
-       movl    28(%esp),%ecx
-       rorl    $2,%edi
        xorl    36(%esp),%ecx
        xorl    %esi,%ebp
        xorl    60(%esp),%ecx
        xorl    %eax,%ebp
        xorl    16(%esp),%ecx
        roll    $1,%ecx
-       addl    %ebx,%ebp
+       addl    %ebp,%ebx
+       rorl    $2,%edi
+       movl    %edx,%ebp
+       roll    $5,%ebp
        movl    %ecx,28(%esp)
-       movl    %edx,%ebx
-       roll    $5,%ebx
-       leal    1859775393(%ecx,%ebp,1),%ecx
-       addl    %ebx,%ecx
+       leal    1859775393(%ecx,%ebx,1),%ecx
+       movl    32(%esp),%ebx
+       addl    %ebp,%ecx
        # 40_59 40
 
-       movl    32(%esp),%ebx
-       movl    40(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    (%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    20(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    %edx,%ebp
+       movl    %edi,%ebp
+       xorl    40(%esp),%ebx
+       xorl    %esi,%ebp
+       xorl    (%esp),%ebx
+       andl    %edx,%ebp
+       xorl    20(%esp),%ebx
        roll    $1,%ebx
-       orl     %edi,%ebp
-       movl    %ebx,32(%esp)
-       andl    %esi,%ebp
-       leal    2400959708(%ebx,%eax,1),%ebx
-       movl    %edx,%eax
+       addl    %eax,%ebp
        rorl    $2,%edx
-       andl    %edi,%eax
-       orl     %eax,%ebp
        movl    %ecx,%eax
        roll    $5,%eax
-       addl    %ebp,%ebx
+       movl    %ebx,32(%esp)
+       leal    2400959708(%ebx,%ebp,1),%ebx
+       movl    %edi,%ebp
        addl    %eax,%ebx
+       andl    %esi,%ebp
+       movl    36(%esp),%eax
+       addl    %ebp,%ebx
        # 40_59 41
 
-       movl    36(%esp),%eax
-       movl    44(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    4(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    24(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    %ecx,%ebp
+       movl    %edx,%ebp
+       xorl    44(%esp),%eax
+       xorl    %edi,%ebp
+       xorl    4(%esp),%eax
+       andl    %ecx,%ebp
+       xorl    24(%esp),%eax
        roll    $1,%eax
-       orl     %edx,%ebp
-       movl    %eax,36(%esp)
-       andl    %edi,%ebp
-       leal    2400959708(%eax,%esi,1),%eax
-       movl    %ecx,%esi
+       addl    %esi,%ebp
        rorl    $2,%ecx
-       andl    %edx,%esi
-       orl     %esi,%ebp
        movl    %ebx,%esi
        roll    $5,%esi
-       addl    %ebp,%eax
+       movl    %eax,36(%esp)
+       leal    2400959708(%eax,%ebp,1),%eax
+       movl    %edx,%ebp
        addl    %esi,%eax
+       andl    %edi,%ebp
+       movl    40(%esp),%esi
+       addl    %ebp,%eax
        # 40_59 42
 
-       movl    40(%esp),%esi
-       movl    48(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    8(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    28(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    %ebx,%ebp
+       movl    %ecx,%ebp
+       xorl    48(%esp),%esi
+       xorl    %edx,%ebp
+       xorl    8(%esp),%esi
+       andl    %ebx,%ebp
+       xorl    28(%esp),%esi
        roll    $1,%esi
-       orl     %ecx,%ebp
-       movl    %esi,40(%esp)
-       andl    %edx,%ebp
-       leal    2400959708(%esi,%edi,1),%esi
-       movl    %ebx,%edi
+       addl    %edi,%ebp
        rorl    $2,%ebx
-       andl    %ecx,%edi
-       orl     %edi,%ebp
        movl    %eax,%edi
        roll    $5,%edi
-       addl    %ebp,%esi
+       movl    %esi,40(%esp)
+       leal    2400959708(%esi,%ebp,1),%esi
+       movl    %ecx,%ebp
        addl    %edi,%esi
+       andl    %edx,%ebp
+       movl    44(%esp),%edi
+       addl    %ebp,%esi
        # 40_59 43
 
-       movl    44(%esp),%edi
-       movl    52(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    12(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    32(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    %eax,%ebp
+       movl    %ebx,%ebp
+       xorl    52(%esp),%edi
+       xorl    %ecx,%ebp
+       xorl    12(%esp),%edi
+       andl    %eax,%ebp
+       xorl    32(%esp),%edi
        roll    $1,%edi
-       orl     %ebx,%ebp
-       movl    %edi,44(%esp)
-       andl    %ecx,%ebp
-       leal    2400959708(%edi,%edx,1),%edi
-       movl    %eax,%edx
+       addl    %edx,%ebp
        rorl    $2,%eax
-       andl    %ebx,%edx
-       orl     %edx,%ebp
        movl    %esi,%edx
        roll    $5,%edx
-       addl    %ebp,%edi
+       movl    %edi,44(%esp)
+       leal    2400959708(%edi,%ebp,1),%edi
+       movl    %ebx,%ebp
        addl    %edx,%edi
+       andl    %ecx,%ebp
+       movl    48(%esp),%edx
+       addl    %ebp,%edi
        # 40_59 44
 
-       movl    48(%esp),%edx
-       movl    56(%esp),%ebp
-       xorl    %ebp,%edx
-       movl    16(%esp),%ebp
-       xorl    %ebp,%edx
-       movl    36(%esp),%ebp
-       xorl    %ebp,%edx
-       movl    %esi,%ebp
+       movl    %eax,%ebp
+       xorl    56(%esp),%edx
+       xorl    %ebx,%ebp
+       xorl    16(%esp),%edx
+       andl    %esi,%ebp
+       xorl    36(%esp),%edx
        roll    $1,%edx
-       orl     %eax,%ebp
-       movl    %edx,48(%esp)
-       andl    %ebx,%ebp
-       leal    2400959708(%edx,%ecx,1),%edx
-       movl    %esi,%ecx
+       addl    %ecx,%ebp
        rorl    $2,%esi
-       andl    %eax,%ecx
-       orl     %ecx,%ebp
        movl    %edi,%ecx
        roll    $5,%ecx
-       addl    %ebp,%edx
+       movl    %edx,48(%esp)
+       leal    2400959708(%edx,%ebp,1),%edx
+       movl    %eax,%ebp
        addl    %ecx,%edx
+       andl    %ebx,%ebp
+       movl    52(%esp),%ecx
+       addl    %ebp,%edx
        # 40_59 45
 
-       movl    52(%esp),%ecx
-       movl    60(%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    20(%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    40(%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    %edi,%ebp
+       movl    %esi,%ebp
+       xorl    60(%esp),%ecx
+       xorl    %eax,%ebp
+       xorl    20(%esp),%ecx
+       andl    %edi,%ebp
+       xorl    40(%esp),%ecx
        roll    $1,%ecx
-       orl     %esi,%ebp
-       movl    %ecx,52(%esp)
-       andl    %eax,%ebp
-       leal    2400959708(%ecx,%ebx,1),%ecx
-       movl    %edi,%ebx
+       addl    %ebx,%ebp
        rorl    $2,%edi
-       andl    %esi,%ebx
-       orl     %ebx,%ebp
        movl    %edx,%ebx
        roll    $5,%ebx
-       addl    %ebp,%ecx
+       movl    %ecx,52(%esp)
+       leal    2400959708(%ecx,%ebp,1),%ecx
+       movl    %esi,%ebp
        addl    %ebx,%ecx
+       andl    %eax,%ebp
+       movl    56(%esp),%ebx
+       addl    %ebp,%ecx
        # 40_59 46
 
-       movl    56(%esp),%ebx
-       movl    (%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    24(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    44(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    %edx,%ebp
+       movl    %edi,%ebp
+       xorl    (%esp),%ebx
+       xorl    %esi,%ebp
+       xorl    24(%esp),%ebx
+       andl    %edx,%ebp
+       xorl    44(%esp),%ebx
        roll    $1,%ebx
-       orl     %edi,%ebp
-       movl    %ebx,56(%esp)
-       andl    %esi,%ebp
-       leal    2400959708(%ebx,%eax,1),%ebx
-       movl    %edx,%eax
+       addl    %eax,%ebp
        rorl    $2,%edx
-       andl    %edi,%eax
-       orl     %eax,%ebp
        movl    %ecx,%eax
        roll    $5,%eax
-       addl    %ebp,%ebx
+       movl    %ebx,56(%esp)
+       leal    2400959708(%ebx,%ebp,1),%ebx
+       movl    %edi,%ebp
        addl    %eax,%ebx
+       andl    %esi,%ebp
+       movl    60(%esp),%eax
+       addl    %ebp,%ebx
        # 40_59 47
 
-       movl    60(%esp),%eax
-       movl    4(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    28(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    48(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    %ecx,%ebp
+       movl    %edx,%ebp
+       xorl    4(%esp),%eax
+       xorl    %edi,%ebp
+       xorl    28(%esp),%eax
+       andl    %ecx,%ebp
+       xorl    48(%esp),%eax
        roll    $1,%eax
-       orl     %edx,%ebp
-       movl    %eax,60(%esp)
-       andl    %edi,%ebp
-       leal    2400959708(%eax,%esi,1),%eax
-       movl    %ecx,%esi
+       addl    %esi,%ebp
        rorl    $2,%ecx
-       andl    %edx,%esi
-       orl     %esi,%ebp
        movl    %ebx,%esi
        roll    $5,%esi
-       addl    %ebp,%eax
+       movl    %eax,60(%esp)
+       leal    2400959708(%eax,%ebp,1),%eax
+       movl    %edx,%ebp
        addl    %esi,%eax
+       andl    %edi,%ebp
+       movl    (%esp),%esi
+       addl    %ebp,%eax
        # 40_59 48
 
-       movl    (%esp),%esi
-       movl    8(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    32(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    52(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    %ebx,%ebp
+       movl    %ecx,%ebp
+       xorl    8(%esp),%esi
+       xorl    %edx,%ebp
+       xorl    32(%esp),%esi
+       andl    %ebx,%ebp
+       xorl    52(%esp),%esi
        roll    $1,%esi
-       orl     %ecx,%ebp
-       movl    %esi,(%esp)
-       andl    %edx,%ebp
-       leal    2400959708(%esi,%edi,1),%esi
-       movl    %ebx,%edi
+       addl    %edi,%ebp
        rorl    $2,%ebx
-       andl    %ecx,%edi
-       orl     %edi,%ebp
        movl    %eax,%edi
        roll    $5,%edi
-       addl    %ebp,%esi
+       movl    %esi,(%esp)
+       leal    2400959708(%esi,%ebp,1),%esi
+       movl    %ecx,%ebp
        addl    %edi,%esi
+       andl    %edx,%ebp
+       movl    4(%esp),%edi
+       addl    %ebp,%esi
        # 40_59 49
 
-       movl    4(%esp),%edi
-       movl    12(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    36(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    56(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    %eax,%ebp
+       movl    %ebx,%ebp
+       xorl    12(%esp),%edi
+       xorl    %ecx,%ebp
+       xorl    36(%esp),%edi
+       andl    %eax,%ebp
+       xorl    56(%esp),%edi
        roll    $1,%edi
-       orl     %ebx,%ebp
-       movl    %edi,4(%esp)
-       andl    %ecx,%ebp
-       leal    2400959708(%edi,%edx,1),%edi
-       movl    %eax,%edx
+       addl    %edx,%ebp
        rorl    $2,%eax
-       andl    %ebx,%edx
-       orl     %edx,%ebp
        movl    %esi,%edx
        roll    $5,%edx
-       addl    %ebp,%edi
+       movl    %edi,4(%esp)
+       leal    2400959708(%edi,%ebp,1),%edi
+       movl    %ebx,%ebp
        addl    %edx,%edi
+       andl    %ecx,%ebp
+       movl    8(%esp),%edx
+       addl    %ebp,%edi
        # 40_59 50
 
-       movl    8(%esp),%edx
-       movl    16(%esp),%ebp
-       xorl    %ebp,%edx
-       movl    40(%esp),%ebp
-       xorl    %ebp,%edx
-       movl    60(%esp),%ebp
-       xorl    %ebp,%edx
-       movl    %esi,%ebp
+       movl    %eax,%ebp
+       xorl    16(%esp),%edx
+       xorl    %ebx,%ebp
+       xorl    40(%esp),%edx
+       andl    %esi,%ebp
+       xorl    60(%esp),%edx
        roll    $1,%edx
-       orl     %eax,%ebp
-       movl    %edx,8(%esp)
-       andl    %ebx,%ebp
-       leal    2400959708(%edx,%ecx,1),%edx
-       movl    %esi,%ecx
+       addl    %ecx,%ebp
        rorl    $2,%esi
-       andl    %eax,%ecx
-       orl     %ecx,%ebp
        movl    %edi,%ecx
        roll    $5,%ecx
-       addl    %ebp,%edx
+       movl    %edx,8(%esp)
+       leal    2400959708(%edx,%ebp,1),%edx
+       movl    %eax,%ebp
        addl    %ecx,%edx
+       andl    %ebx,%ebp
+       movl    12(%esp),%ecx
+       addl    %ebp,%edx
        # 40_59 51
 
-       movl    12(%esp),%ecx
-       movl    20(%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    44(%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    (%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    %edi,%ebp
+       movl    %esi,%ebp
+       xorl    20(%esp),%ecx
+       xorl    %eax,%ebp
+       xorl    44(%esp),%ecx
+       andl    %edi,%ebp
+       xorl    (%esp),%ecx
        roll    $1,%ecx
-       orl     %esi,%ebp
-       movl    %ecx,12(%esp)
-       andl    %eax,%ebp
-       leal    2400959708(%ecx,%ebx,1),%ecx
-       movl    %edi,%ebx
+       addl    %ebx,%ebp
        rorl    $2,%edi
-       andl    %esi,%ebx
-       orl     %ebx,%ebp
        movl    %edx,%ebx
        roll    $5,%ebx
-       addl    %ebp,%ecx
+       movl    %ecx,12(%esp)
+       leal    2400959708(%ecx,%ebp,1),%ecx
+       movl    %esi,%ebp
        addl    %ebx,%ecx
+       andl    %eax,%ebp
+       movl    16(%esp),%ebx
+       addl    %ebp,%ecx
        # 40_59 52
 
-       movl    16(%esp),%ebx
-       movl    24(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    48(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    4(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    %edx,%ebp
+       movl    %edi,%ebp
+       xorl    24(%esp),%ebx
+       xorl    %esi,%ebp
+       xorl    48(%esp),%ebx
+       andl    %edx,%ebp
+       xorl    4(%esp),%ebx
        roll    $1,%ebx
-       orl     %edi,%ebp
-       movl    %ebx,16(%esp)
-       andl    %esi,%ebp
-       leal    2400959708(%ebx,%eax,1),%ebx
-       movl    %edx,%eax
+       addl    %eax,%ebp
        rorl    $2,%edx
-       andl    %edi,%eax
-       orl     %eax,%ebp
        movl    %ecx,%eax
        roll    $5,%eax
-       addl    %ebp,%ebx
+       movl    %ebx,16(%esp)
+       leal    2400959708(%ebx,%ebp,1),%ebx
+       movl    %edi,%ebp
        addl    %eax,%ebx
+       andl    %esi,%ebp
+       movl    20(%esp),%eax
+       addl    %ebp,%ebx
        # 40_59 53
 
-       movl    20(%esp),%eax
-       movl    28(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    52(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    8(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    %ecx,%ebp
+       movl    %edx,%ebp
+       xorl    28(%esp),%eax
+       xorl    %edi,%ebp
+       xorl    52(%esp),%eax
+       andl    %ecx,%ebp
+       xorl    8(%esp),%eax
        roll    $1,%eax
-       orl     %edx,%ebp
-       movl    %eax,20(%esp)
-       andl    %edi,%ebp
-       leal    2400959708(%eax,%esi,1),%eax
-       movl    %ecx,%esi
+       addl    %esi,%ebp
        rorl    $2,%ecx
-       andl    %edx,%esi
-       orl     %esi,%ebp
        movl    %ebx,%esi
        roll    $5,%esi
-       addl    %ebp,%eax
+       movl    %eax,20(%esp)
+       leal    2400959708(%eax,%ebp,1),%eax
+       movl    %edx,%ebp
        addl    %esi,%eax
+       andl    %edi,%ebp
+       movl    24(%esp),%esi
+       addl    %ebp,%eax
        # 40_59 54
 
-       movl    24(%esp),%esi
-       movl    32(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    56(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    12(%esp),%ebp
-       xorl    %ebp,%esi
-       movl    %ebx,%ebp
+       movl    %ecx,%ebp
+       xorl    32(%esp),%esi
+       xorl    %edx,%ebp
+       xorl    56(%esp),%esi
+       andl    %ebx,%ebp
+       xorl    12(%esp),%esi
        roll    $1,%esi
-       orl     %ecx,%ebp
-       movl    %esi,24(%esp)
-       andl    %edx,%ebp
-       leal    2400959708(%esi,%edi,1),%esi
-       movl    %ebx,%edi
+       addl    %edi,%ebp
        rorl    $2,%ebx
-       andl    %ecx,%edi
-       orl     %edi,%ebp
        movl    %eax,%edi
        roll    $5,%edi
-       addl    %ebp,%esi
+       movl    %esi,24(%esp)
+       leal    2400959708(%esi,%ebp,1),%esi
+       movl    %ecx,%ebp
        addl    %edi,%esi
+       andl    %edx,%ebp
+       movl    28(%esp),%edi
+       addl    %ebp,%esi
        # 40_59 55
 
-       movl    28(%esp),%edi
-       movl    36(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    60(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    16(%esp),%ebp
-       xorl    %ebp,%edi
-       movl    %eax,%ebp
+       movl    %ebx,%ebp
+       xorl    36(%esp),%edi
+       xorl    %ecx,%ebp
+       xorl    60(%esp),%edi
+       andl    %eax,%ebp
+       xorl    16(%esp),%edi
        roll    $1,%edi
-       orl     %ebx,%ebp
-       movl    %edi,28(%esp)
-       andl    %ecx,%ebp
-       leal    2400959708(%edi,%edx,1),%edi
-       movl    %eax,%edx
+       addl    %edx,%ebp
        rorl    $2,%eax
-       andl    %ebx,%edx
-       orl     %edx,%ebp
        movl    %esi,%edx
        roll    $5,%edx
-       addl    %ebp,%edi
+       movl    %edi,28(%esp)
+       leal    2400959708(%edi,%ebp,1),%edi
+       movl    %ebx,%ebp
        addl    %edx,%edi
+       andl    %ecx,%ebp
+       movl    32(%esp),%edx
+       addl    %ebp,%edi
        # 40_59 56
 
-       movl    32(%esp),%edx
-       movl    40(%esp),%ebp
-       xorl    %ebp,%edx
-       movl    (%esp),%ebp
-       xorl    %ebp,%edx
-       movl    20(%esp),%ebp
-       xorl    %ebp,%edx
-       movl    %esi,%ebp
+       movl    %eax,%ebp
+       xorl    40(%esp),%edx
+       xorl    %ebx,%ebp
+       xorl    (%esp),%edx
+       andl    %esi,%ebp
+       xorl    20(%esp),%edx
        roll    $1,%edx
-       orl     %eax,%ebp
-       movl    %edx,32(%esp)
-       andl    %ebx,%ebp
-       leal    2400959708(%edx,%ecx,1),%edx
-       movl    %esi,%ecx
+       addl    %ecx,%ebp
        rorl    $2,%esi
-       andl    %eax,%ecx
-       orl     %ecx,%ebp
        movl    %edi,%ecx
        roll    $5,%ecx
-       addl    %ebp,%edx
+       movl    %edx,32(%esp)
+       leal    2400959708(%edx,%ebp,1),%edx
+       movl    %eax,%ebp
        addl    %ecx,%edx
+       andl    %ebx,%ebp
+       movl    36(%esp),%ecx
+       addl    %ebp,%edx
        # 40_59 57
 
-       movl    36(%esp),%ecx
-       movl    44(%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    4(%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    24(%esp),%ebp
-       xorl    %ebp,%ecx
-       movl    %edi,%ebp
+       movl    %esi,%ebp
+       xorl    44(%esp),%ecx
+       xorl    %eax,%ebp
+       xorl    4(%esp),%ecx
+       andl    %edi,%ebp
+       xorl    24(%esp),%ecx
        roll    $1,%ecx
-       orl     %esi,%ebp
-       movl    %ecx,36(%esp)
-       andl    %eax,%ebp
-       leal    2400959708(%ecx,%ebx,1),%ecx
-       movl    %edi,%ebx
+       addl    %ebx,%ebp
        rorl    $2,%edi
-       andl    %esi,%ebx
-       orl     %ebx,%ebp
        movl    %edx,%ebx
        roll    $5,%ebx
-       addl    %ebp,%ecx
+       movl    %ecx,36(%esp)
+       leal    2400959708(%ecx,%ebp,1),%ecx
+       movl    %esi,%ebp
        addl    %ebx,%ecx
+       andl    %eax,%ebp
+       movl    40(%esp),%ebx
+       addl    %ebp,%ecx
        # 40_59 58
 
-       movl    40(%esp),%ebx
-       movl    48(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    8(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    28(%esp),%ebp
-       xorl    %ebp,%ebx
-       movl    %edx,%ebp
+       movl    %edi,%ebp
+       xorl    48(%esp),%ebx
+       xorl    %esi,%ebp
+       xorl    8(%esp),%ebx
+       andl    %edx,%ebp
+       xorl    28(%esp),%ebx
        roll    $1,%ebx
-       orl     %edi,%ebp
-       movl    %ebx,40(%esp)
-       andl    %esi,%ebp
-       leal    2400959708(%ebx,%eax,1),%ebx
-       movl    %edx,%eax
+       addl    %eax,%ebp
        rorl    $2,%edx
-       andl    %edi,%eax
-       orl     %eax,%ebp
        movl    %ecx,%eax
        roll    $5,%eax
-       addl    %ebp,%ebx
+       movl    %ebx,40(%esp)
+       leal    2400959708(%ebx,%ebp,1),%ebx
+       movl    %edi,%ebp
        addl    %eax,%ebx
+       andl    %esi,%ebp
+       movl    44(%esp),%eax
+       addl    %ebp,%ebx
        # 40_59 59
 
-       movl    44(%esp),%eax
-       movl    52(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    12(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    32(%esp),%ebp
-       xorl    %ebp,%eax
-       movl    %ecx,%ebp
+       movl    %edx,%ebp
+       xorl    52(%esp),%eax
+       xorl    %edi,%ebp
+       xorl    12(%esp),%eax
+       andl    %ecx,%ebp
+       xorl    32(%esp),%eax
        roll    $1,%eax
-       orl     %edx,%ebp
-       movl    %eax,44(%esp)
-       andl    %edi,%ebp
-       leal    2400959708(%eax,%esi,1),%eax
-       movl    %ecx,%esi
+       addl    %esi,%ebp
        rorl    $2,%ecx
-       andl    %edx,%esi
-       orl     %esi,%ebp
        movl    %ebx,%esi
        roll    $5,%esi
-       addl    %ebp,%eax
+       movl    %eax,44(%esp)
+       leal    2400959708(%eax,%ebp,1),%eax
+       movl    %edx,%ebp
        addl    %esi,%eax
+       andl    %edi,%ebp
+       movl    48(%esp),%esi
+       addl    %ebp,%eax
        # 20_39 60
 
        movl    %ebx,%ebp
-       movl    48(%esp),%esi
-       rorl    $2,%ebx
        xorl    56(%esp),%esi
        xorl    %ecx,%ebp
        xorl    16(%esp),%esi
        xorl    %edx,%ebp
        xorl    36(%esp),%esi
        roll    $1,%esi
-       addl    %edi,%ebp
+       addl    %ebp,%edi
+       rorl    $2,%ebx
+       movl    %eax,%ebp
+       roll    $5,%ebp
        movl    %esi,48(%esp)
-       movl    %eax,%edi
-       roll    $5,%edi
-       leal    3395469782(%esi,%ebp,1),%esi
-       addl    %edi,%esi
+       leal    3395469782(%esi,%edi,1),%esi
+       movl    52(%esp),%edi
+       addl    %ebp,%esi
        # 20_39 61
 
        movl    %eax,%ebp
-       movl    52(%esp),%edi
-       rorl    $2,%eax
        xorl    60(%esp),%edi
        xorl    %ebx,%ebp
        xorl    20(%esp),%edi
        xorl    %ecx,%ebp
        xorl    40(%esp),%edi
        roll    $1,%edi
-       addl    %edx,%ebp
+       addl    %ebp,%edx
+       rorl    $2,%eax
+       movl    %esi,%ebp
+       roll    $5,%ebp
        movl    %edi,52(%esp)
-       movl    %esi,%edx
-       roll    $5,%edx
-       leal    3395469782(%edi,%ebp,1),%edi
-       addl    %edx,%edi
+       leal    3395469782(%edi,%edx,1),%edi
+       movl    56(%esp),%edx
+       addl    %ebp,%edi
        # 20_39 62
 
        movl    %esi,%ebp
-       movl    56(%esp),%edx
-       rorl    $2,%esi
        xorl    (%esp),%edx
        xorl    %eax,%ebp
        xorl    24(%esp),%edx
        xorl    %ebx,%ebp
        xorl    44(%esp),%edx
        roll    $1,%edx
-       addl    %ecx,%ebp
+       addl    %ebp,%ecx
+       rorl    $2,%esi
+       movl    %edi,%ebp
+       roll    $5,%ebp
        movl    %edx,56(%esp)
-       movl    %edi,%ecx
-       roll    $5,%ecx
-       leal    3395469782(%edx,%ebp,1),%edx
-       addl    %ecx,%edx
+       leal    3395469782(%edx,%ecx,1),%edx
+       movl    60(%esp),%ecx
+       addl    %ebp,%edx
        # 20_39 63
 
        movl    %edi,%ebp
-       movl    60(%esp),%ecx
-       rorl    $2,%edi
        xorl    4(%esp),%ecx
        xorl    %esi,%ebp
        xorl    28(%esp),%ecx
        xorl    %eax,%ebp
        xorl    48(%esp),%ecx
        roll    $1,%ecx
-       addl    %ebx,%ebp
+       addl    %ebp,%ebx
+       rorl    $2,%edi
+       movl    %edx,%ebp
+       roll    $5,%ebp
        movl    %ecx,60(%esp)
-       movl    %edx,%ebx
-       roll    $5,%ebx
-       leal    3395469782(%ecx,%ebp,1),%ecx
-       addl    %ebx,%ecx
+       leal    3395469782(%ecx,%ebx,1),%ecx
+       movl    (%esp),%ebx
+       addl    %ebp,%ecx
        # 20_39 64
 
        movl    %edx,%ebp
-       movl    (%esp),%ebx
-       rorl    $2,%edx
        xorl    8(%esp),%ebx
        xorl    %edi,%ebp
        xorl    32(%esp),%ebx
        xorl    %esi,%ebp
        xorl    52(%esp),%ebx
        roll    $1,%ebx
-       addl    %eax,%ebp
+       addl    %ebp,%eax
+       rorl    $2,%edx
+       movl    %ecx,%ebp
+       roll    $5,%ebp
        movl    %ebx,(%esp)
-       movl    %ecx,%eax
-       roll    $5,%eax
-       leal    3395469782(%ebx,%ebp,1),%ebx
-       addl    %eax,%ebx
+       leal    3395469782(%ebx,%eax,1),%ebx
+       movl    4(%esp),%eax
+       addl    %ebp,%ebx
        # 20_39 65
 
        movl    %ecx,%ebp
-       movl    4(%esp),%eax
-       rorl    $2,%ecx
        xorl    12(%esp),%eax
        xorl    %edx,%ebp
        xorl    36(%esp),%eax
        xorl    %edi,%ebp
        xorl    56(%esp),%eax
        roll    $1,%eax
-       addl    %esi,%ebp
+       addl    %ebp,%esi
+       rorl    $2,%ecx
+       movl    %ebx,%ebp
+       roll    $5,%ebp
        movl    %eax,4(%esp)
-       movl    %ebx,%esi
-       roll    $5,%esi
-       leal    3395469782(%eax,%ebp,1),%eax
-       addl    %esi,%eax
+       leal    3395469782(%eax,%esi,1),%eax
+       movl    8(%esp),%esi
+       addl    %ebp,%eax
        # 20_39 66
 
        movl    %ebx,%ebp
-       movl    8(%esp),%esi
-       rorl    $2,%ebx
        xorl    16(%esp),%esi
        xorl    %ecx,%ebp
        xorl    40(%esp),%esi
        xorl    %edx,%ebp
        xorl    60(%esp),%esi
        roll    $1,%esi
-       addl    %edi,%ebp
+       addl    %ebp,%edi
+       rorl    $2,%ebx
+       movl    %eax,%ebp
+       roll    $5,%ebp
        movl    %esi,8(%esp)
-       movl    %eax,%edi
-       roll    $5,%edi
-       leal    3395469782(%esi,%ebp,1),%esi
-       addl    %edi,%esi
+       leal    3395469782(%esi,%edi,1),%esi
+       movl    12(%esp),%edi
+       addl    %ebp,%esi
        # 20_39 67
 
        movl    %eax,%ebp
-       movl    12(%esp),%edi
-       rorl    $2,%eax
        xorl    20(%esp),%edi
        xorl    %ebx,%ebp
        xorl    44(%esp),%edi
        xorl    %ecx,%ebp
        xorl    (%esp),%edi
        roll    $1,%edi
-       addl    %edx,%ebp
+       addl    %ebp,%edx
+       rorl    $2,%eax
+       movl    %esi,%ebp
+       roll    $5,%ebp
        movl    %edi,12(%esp)
-       movl    %esi,%edx
-       roll    $5,%edx
-       leal    3395469782(%edi,%ebp,1),%edi
-       addl    %edx,%edi
+       leal    3395469782(%edi,%edx,1),%edi
+       movl    16(%esp),%edx
+       addl    %ebp,%edi
        # 20_39 68
 
        movl    %esi,%ebp
-       movl    16(%esp),%edx
-       rorl    $2,%esi
        xorl    24(%esp),%edx
        xorl    %eax,%ebp
        xorl    48(%esp),%edx
        xorl    %ebx,%ebp
        xorl    4(%esp),%edx
        roll    $1,%edx
-       addl    %ecx,%ebp
+       addl    %ebp,%ecx
+       rorl    $2,%esi
+       movl    %edi,%ebp
+       roll    $5,%ebp
        movl    %edx,16(%esp)
-       movl    %edi,%ecx
-       roll    $5,%ecx
-       leal    3395469782(%edx,%ebp,1),%edx
-       addl    %ecx,%edx
+       leal    3395469782(%edx,%ecx,1),%edx
+       movl    20(%esp),%ecx
+       addl    %ebp,%edx
        # 20_39 69
 
        movl    %edi,%ebp
-       movl    20(%esp),%ecx
-       rorl    $2,%edi
        xorl    28(%esp),%ecx
        xorl    %esi,%ebp
        xorl    52(%esp),%ecx
        xorl    %eax,%ebp
        xorl    8(%esp),%ecx
        roll    $1,%ecx
-       addl    %ebx,%ebp
+       addl    %ebp,%ebx
+       rorl    $2,%edi
+       movl    %edx,%ebp
+       roll    $5,%ebp
        movl    %ecx,20(%esp)
-       movl    %edx,%ebx
-       roll    $5,%ebx
-       leal    3395469782(%ecx,%ebp,1),%ecx
-       addl    %ebx,%ecx
+       leal    3395469782(%ecx,%ebx,1),%ecx
+       movl    24(%esp),%ebx
+       addl    %ebp,%ecx
        # 20_39 70
 
        movl    %edx,%ebp
-       movl    24(%esp),%ebx
-       rorl    $2,%edx
        xorl    32(%esp),%ebx
        xorl    %edi,%ebp
        xorl    56(%esp),%ebx
        xorl    %esi,%ebp
        xorl    12(%esp),%ebx
        roll    $1,%ebx
-       addl    %eax,%ebp
+       addl    %ebp,%eax
+       rorl    $2,%edx
+       movl    %ecx,%ebp
+       roll    $5,%ebp
        movl    %ebx,24(%esp)
-       movl    %ecx,%eax
-       roll    $5,%eax
-       leal    3395469782(%ebx,%ebp,1),%ebx
-       addl    %eax,%ebx
+       leal    3395469782(%ebx,%eax,1),%ebx
+       movl    28(%esp),%eax
+       addl    %ebp,%ebx
        # 20_39 71
 
        movl    %ecx,%ebp
-       movl    28(%esp),%eax
-       rorl    $2,%ecx
        xorl    36(%esp),%eax
        xorl    %edx,%ebp
        xorl    60(%esp),%eax
        xorl    %edi,%ebp
        xorl    16(%esp),%eax
        roll    $1,%eax
-       addl    %esi,%ebp
+       addl    %ebp,%esi
+       rorl    $2,%ecx
+       movl    %ebx,%ebp
+       roll    $5,%ebp
        movl    %eax,28(%esp)
-       movl    %ebx,%esi
-       roll    $5,%esi
-       leal    3395469782(%eax,%ebp,1),%eax
-       addl    %esi,%eax
+       leal    3395469782(%eax,%esi,1),%eax
+       movl    32(%esp),%esi
+       addl    %ebp,%eax
        # 20_39 72
 
        movl    %ebx,%ebp
-       movl    32(%esp),%esi
-       rorl    $2,%ebx
        xorl    40(%esp),%esi
        xorl    %ecx,%ebp
        xorl    (%esp),%esi
        xorl    %edx,%ebp
        xorl    20(%esp),%esi
        roll    $1,%esi
-       addl    %edi,%ebp
+       addl    %ebp,%edi
+       rorl    $2,%ebx
+       movl    %eax,%ebp
+       roll    $5,%ebp
        movl    %esi,32(%esp)
-       movl    %eax,%edi
-       roll    $5,%edi
-       leal    3395469782(%esi,%ebp,1),%esi
-       addl    %edi,%esi
+       leal    3395469782(%esi,%edi,1),%esi
+       movl    36(%esp),%edi
+       addl    %ebp,%esi
        # 20_39 73
 
        movl    %eax,%ebp
-       movl    36(%esp),%edi
-       rorl    $2,%eax
        xorl    44(%esp),%edi
        xorl    %ebx,%ebp
        xorl    4(%esp),%edi
        xorl    %ecx,%ebp
        xorl    24(%esp),%edi
        roll    $1,%edi
-       addl    %edx,%ebp
+       addl    %ebp,%edx
+       rorl    $2,%eax
+       movl    %esi,%ebp
+       roll    $5,%ebp
        movl    %edi,36(%esp)
-       movl    %esi,%edx
-       roll    $5,%edx
-       leal    3395469782(%edi,%ebp,1),%edi
-       addl    %edx,%edi
+       leal    3395469782(%edi,%edx,1),%edi
+       movl    40(%esp),%edx
+       addl    %ebp,%edi
        # 20_39 74
 
        movl    %esi,%ebp
-       movl    40(%esp),%edx
-       rorl    $2,%esi
        xorl    48(%esp),%edx
        xorl    %eax,%ebp
        xorl    8(%esp),%edx
        xorl    %ebx,%ebp
        xorl    28(%esp),%edx
        roll    $1,%edx
-       addl    %ecx,%ebp
+       addl    %ebp,%ecx
+       rorl    $2,%esi
+       movl    %edi,%ebp
+       roll    $5,%ebp
        movl    %edx,40(%esp)
-       movl    %edi,%ecx
-       roll    $5,%ecx
-       leal    3395469782(%edx,%ebp,1),%edx
-       addl    %ecx,%edx
+       leal    3395469782(%edx,%ecx,1),%edx
+       movl    44(%esp),%ecx
+       addl    %ebp,%edx
        # 20_39 75
 
        movl    %edi,%ebp
-       movl    44(%esp),%ecx
-       rorl    $2,%edi
        xorl    52(%esp),%ecx
        xorl    %esi,%ebp
        xorl    12(%esp),%ecx
        xorl    %eax,%ebp
        xorl    32(%esp),%ecx
        roll    $1,%ecx
-       addl    %ebx,%ebp
+       addl    %ebp,%ebx
+       rorl    $2,%edi
+       movl    %edx,%ebp
+       roll    $5,%ebp
        movl    %ecx,44(%esp)
-       movl    %edx,%ebx
-       roll    $5,%ebx
-       leal    3395469782(%ecx,%ebp,1),%ecx
-       addl    %ebx,%ecx
+       leal    3395469782(%ecx,%ebx,1),%ecx
+       movl    48(%esp),%ebx
+       addl    %ebp,%ecx
        # 20_39 76
 
        movl    %edx,%ebp
-       movl    48(%esp),%ebx
-       rorl    $2,%edx
        xorl    56(%esp),%ebx
        xorl    %edi,%ebp
        xorl    16(%esp),%ebx
        xorl    %esi,%ebp
        xorl    36(%esp),%ebx
        roll    $1,%ebx
-       addl    %eax,%ebp
+       addl    %ebp,%eax
+       rorl    $2,%edx
+       movl    %ecx,%ebp
+       roll    $5,%ebp
        movl    %ebx,48(%esp)
-       movl    %ecx,%eax
-       roll    $5,%eax
-       leal    3395469782(%ebx,%ebp,1),%ebx
-       addl    %eax,%ebx
+       leal    3395469782(%ebx,%eax,1),%ebx
+       movl    52(%esp),%eax
+       addl    %ebp,%ebx
        # 20_39 77
 
        movl    %ecx,%ebp
-       movl    52(%esp),%eax
-       rorl    $2,%ecx
        xorl    60(%esp),%eax
        xorl    %edx,%ebp
        xorl    20(%esp),%eax
        xorl    %edi,%ebp
        xorl    40(%esp),%eax
        roll    $1,%eax
-       addl    %esi,%ebp
-       movl    %eax,52(%esp)
-       movl    %ebx,%esi
-       roll    $5,%esi
-       leal    3395469782(%eax,%ebp,1),%eax
-       addl    %esi,%eax
+       addl    %ebp,%esi
+       rorl    $2,%ecx
+       movl    %ebx,%ebp
+       roll    $5,%ebp
+       leal    3395469782(%eax,%esi,1),%eax
+       movl    56(%esp),%esi
+       addl    %ebp,%eax
        # 20_39 78
 
        movl    %ebx,%ebp
-       movl    56(%esp),%esi
-       rorl    $2,%ebx
        xorl    (%esp),%esi
        xorl    %ecx,%ebp
        xorl    24(%esp),%esi
        xorl    %edx,%ebp
        xorl    44(%esp),%esi
        roll    $1,%esi
-       addl    %edi,%ebp
-       movl    %esi,56(%esp)
-       movl    %eax,%edi
-       roll    $5,%edi
-       leal    3395469782(%esi,%ebp,1),%esi
-       addl    %edi,%esi
+       addl    %ebp,%edi
+       rorl    $2,%ebx
+       movl    %eax,%ebp
+       roll    $5,%ebp
+       leal    3395469782(%esi,%edi,1),%esi
+       movl    60(%esp),%edi
+       addl    %ebp,%esi
        # 20_39 79
 
        movl    %eax,%ebp
-       movl    60(%esp),%edi
-       rorl    $2,%eax
        xorl    4(%esp),%edi
        xorl    %ebx,%ebp
        xorl    28(%esp),%edi
        xorl    %ecx,%ebp
        xorl    48(%esp),%edi
        roll    $1,%edi
-       addl    %edx,%ebp
-       movl    %edi,60(%esp)
-       movl    %esi,%edx
-       roll    $5,%edx
-       leal    3395469782(%edi,%ebp,1),%edi
-       addl    %edx,%edi
-       movl    84(%esp),%ebp
-       movl    88(%esp),%edx
+       addl    %ebp,%edx
+       rorl    $2,%eax
+       movl    %esi,%ebp
+       roll    $5,%ebp
+       leal    3395469782(%edi,%edx,1),%edi
+       addl    %ebp,%edi
+       movl    96(%esp),%ebp
+       movl    100(%esp),%edx
        addl    (%ebp),%edi
        addl    4(%ebp),%esi
        addl    8(%ebp),%eax
@@ -1501,14 +1439,14 @@ L000loop:
        movl    %edi,(%ebp)
        addl    $64,%edx
        movl    %esi,4(%ebp)
-       cmpl    92(%esp),%edx
+       cmpl    104(%esp),%edx
        movl    %eax,8(%ebp)
        movl    %ecx,%edi
        movl    %ebx,12(%ebp)
        movl    %edx,%esi
        movl    %ecx,16(%ebp)
        jb      L000loop
-       addl    $64,%esp
+       addl    $76,%esp
        popl    %edi
        popl    %esi
        popl    %ebx

diff --git a/deps/openssl/asm/x86-macosx-gas/sha/sha256-586.s b/deps/openssl/asm/x86-macosx-gas/sha/sha256-586.s
index 1190be7..67c7a96 100644 (file)
--- a/deps/openssl/asm/x86-macosx-gas/sha/sha256-586.s
+++ b/deps/openssl/asm/x86-macosx-gas/sha/sha256-586.s
@@ -95,31 +95,30 @@ L002loop:
 L00300_15:
        movl    92(%esp),%ebx
        movl    %edx,%ecx
-       rorl    $6,%ecx
-       movl    %edx,%edi
-       rorl    $11,%edi
+       rorl    $14,%ecx
        movl    20(%esp),%esi
-       xorl    %edi,%ecx
-       rorl    $14,%edi
-       xorl    %edi,%ecx
+       xorl    %edx,%ecx
+       rorl    $5,%ecx
+       xorl    %edx,%ecx
+       rorl    $6,%ecx
        movl    24(%esp),%edi
        addl    %ecx,%ebx
-       movl    %edx,16(%esp)
        xorl    %edi,%esi
+       movl    %edx,16(%esp)
        movl    %eax,%ecx
        andl    %edx,%esi
        movl    12(%esp),%edx
        xorl    %edi,%esi
        movl    %eax,%edi
        addl    %esi,%ebx
-       rorl    $2,%ecx
+       rorl    $9,%ecx
        addl    28(%esp),%ebx
-       rorl    $13,%edi
+       xorl    %eax,%ecx
+       rorl    $11,%ecx
        movl    4(%esp),%esi
-       xorl    %edi,%ecx
-       rorl    $9,%edi
+       xorl    %eax,%ecx
+       rorl    $2,%ecx
        addl    %ebx,%edx
-       xorl    %edi,%ecx
        movl    8(%esp),%edi
        addl    %ecx,%ebx
        movl    %eax,(%esp)
@@ -141,48 +140,46 @@ L00300_15:
 L00416_63:
        movl    %ebx,%esi
        movl    100(%esp),%ecx
-       shrl    $3,%ebx
-       rorl    $7,%esi
-       xorl    %esi,%ebx
        rorl    $11,%esi
        movl    %ecx,%edi
+       xorl    %ebx,%esi
+       rorl    $7,%esi
+       shrl    $3,%ebx
+       rorl    $2,%edi
        xorl    %esi,%ebx
-       shrl    $10,%ecx
-       movl    156(%esp),%esi
+       xorl    %ecx,%edi
        rorl    $17,%edi
-       xorl    %edi,%ecx
-       rorl    $2,%edi
-       addl    %esi,%ebx
+       shrl    $10,%ecx
+       addl    156(%esp),%ebx
        xorl    %ecx,%edi
-       addl    %edi,%ebx
-       movl    %edx,%ecx
        addl    120(%esp),%ebx
-       rorl    $6,%ecx
-       movl    %edx,%edi
-       rorl    $11,%edi
+       movl    %edx,%ecx
+       addl    %edi,%ebx
+       rorl    $14,%ecx
        movl    20(%esp),%esi
-       xorl    %edi,%ecx
-       rorl    $14,%edi
+       xorl    %edx,%ecx
+       rorl    $5,%ecx
        movl    %ebx,92(%esp)
-       xorl    %edi,%ecx
+       xorl    %edx,%ecx
+       rorl    $6,%ecx
        movl    24(%esp),%edi
        addl    %ecx,%ebx
-       movl    %edx,16(%esp)
        xorl    %edi,%esi
+       movl    %edx,16(%esp)
        movl    %eax,%ecx
        andl    %edx,%esi
        movl    12(%esp),%edx
        xorl    %edi,%esi
        movl    %eax,%edi
        addl    %esi,%ebx
-       rorl    $2,%ecx
+       rorl    $9,%ecx
        addl    28(%esp),%ebx
-       rorl    $13,%edi
+       xorl    %eax,%ecx
+       rorl    $11,%ecx
        movl    4(%esp),%esi
-       xorl    %edi,%ecx
-       rorl    $9,%edi
+       xorl    %eax,%ecx
+       rorl    $2,%ecx
        addl    %ebx,%edx
-       xorl    %edi,%ecx
        movl    8(%esp),%edi
        addl    %ecx,%ebx
        movl    %eax,(%esp)

diff --git a/deps/openssl/asm/x86-macosx-gas/x86cpuid.s b/deps/openssl/asm/x86-macosx-gas/x86cpuid.s
index b5e80f8..db36e6f 100644 (file)
--- a/deps/openssl/asm/x86-macosx-gas/x86cpuid.s
+++ b/deps/openssl/asm/x86-macosx-gas/x86cpuid.s
@@ -18,9 +18,9 @@ L_OPENSSL_ia32_cpuid_begin:
        pushfl
        popl    %eax
        xorl    %eax,%ecx
-       btl     $21,%ecx
-       jnc     L000done
        xorl    %eax,%eax
+       btl     $21,%ecx
+       jnc     L000nocpuid
        .byte   0x0f,0xa2
        movl    %eax,%edi
        xorl    %eax,%eax
@@ -46,7 +46,14 @@ L_OPENSSL_ia32_cpuid_begin:
        jnz     L001intel
        movl    $2147483648,%eax
        .byte   0x0f,0xa2
-       cmpl    $2147483656,%eax
+       cmpl    $2147483649,%eax
+       jb      L001intel
+       movl    %eax,%esi
+       movl    $2147483649,%eax
+       .byte   0x0f,0xa2
+       orl     %ecx,%ebp
+       andl    $2049,%ebp
+       cmpl    $2147483656,%esi
        jb      L001intel
        movl    $2147483656,%eax
        .byte   0x0f,0xa2
@@ -55,46 +62,68 @@ L_OPENSSL_ia32_cpuid_begin:
        movl    $1,%eax
        .byte   0x0f,0xa2
        btl     $28,%edx
-       jnc     L000done
+       jnc     L002generic
        shrl    $16,%ebx
        andl    $255,%ebx
        cmpl    %esi,%ebx
-       ja      L000done
+       ja      L002generic
        andl    $4026531839,%edx
-       jmp     L000done
+       jmp     L002generic
 L001intel:
        cmpl    $4,%edi
        movl    $-1,%edi
-       jb      L002nocacheinfo
+       jb      L003nocacheinfo
        movl    $4,%eax
        movl    $0,%ecx
        .byte   0x0f,0xa2
        movl    %eax,%edi
        shrl    $14,%edi
        andl    $4095,%edi
-L002nocacheinfo:
+L003nocacheinfo:
        movl    $1,%eax
        .byte   0x0f,0xa2
+       andl    $3220176895,%edx
        cmpl    $0,%ebp
-       jne     L003notP4
+       jne     L004notintel
+       orl     $1073741824,%edx
        andb    $15,%ah
        cmpb    $15,%ah
-       jne     L003notP4
+       jne     L004notintel
        orl     $1048576,%edx
-L003notP4:
+L004notintel:
        btl     $28,%edx
-       jnc     L000done
+       jnc     L002generic
        andl    $4026531839,%edx
        cmpl    $0,%edi
-       je      L000done
+       je      L002generic
        orl     $268435456,%edx
        shrl    $16,%ebx
        cmpb    $1,%bl
-       ja      L000done
+       ja      L002generic
        andl    $4026531839,%edx
-L000done:
-       movl    %edx,%eax
-       movl    %ecx,%edx
+L002generic:
+       andl    $2048,%ebp
+       andl    $4294965247,%ecx
+       movl    %edx,%esi
+       orl     %ecx,%ebp
+       btl     $27,%ecx
+       jnc     L005clear_avx
+       xorl    %ecx,%ecx
+.byte  15,1,208
+       andl    $6,%eax
+       cmpl    $6,%eax
+       je      L006done
+       cmpl    $2,%eax
+       je      L005clear_avx
+L007clear_xmm:
+       andl    $4261412861,%ebp
+       andl    $4278190079,%esi
+L005clear_avx:
+       andl    $4026525695,%ebp
+L006done:
+       movl    %esi,%eax
+       movl    %ebp,%edx
+L000nocpuid:
        popl    %edi
        popl    %esi
        popl    %ebx
@@ -106,26 +135,32 @@ _OPENSSL_rdtsc:
 L_OPENSSL_rdtsc_begin:
        xorl    %eax,%eax
        xorl    %edx,%edx
-       leal    _OPENSSL_ia32cap_P,%ecx
+       call    L008PIC_me_up
+L008PIC_me_up:
+       popl    %ecx
+       movl    L_OPENSSL_ia32cap_P$non_lazy_ptr-L008PIC_me_up(%ecx),%ecx
        btl     $4,(%ecx)
-       jnc     L004notsc
+       jnc     L009notsc
        .byte   0x0f,0x31
-L004notsc:
+L009notsc:
        ret
 .globl _OPENSSL_instrument_halt
 .align 4
 _OPENSSL_instrument_halt:
 L_OPENSSL_instrument_halt_begin:
-       leal    _OPENSSL_ia32cap_P,%ecx
+       call    L010PIC_me_up
+L010PIC_me_up:
+       popl    %ecx
+       movl    L_OPENSSL_ia32cap_P$non_lazy_ptr-L010PIC_me_up(%ecx),%ecx
        btl     $4,(%ecx)
-       jnc     L005nohalt
+       jnc     L011nohalt
 .long  2421723150
        andl    $3,%eax
-       jnz     L005nohalt
+       jnz     L011nohalt
        pushfl
        popl    %eax
        btl     $9,%eax
-       jnc     L005nohalt
+       jnc     L011nohalt
        .byte   0x0f,0x31
        pushl   %edx
        pushl   %eax
@@ -135,7 +170,7 @@ L_OPENSSL_instrument_halt_begin:
        sbbl    4(%esp),%edx
        addl    $8,%esp
        ret
-L005nohalt:
+L011nohalt:
        xorl    %eax,%eax
        xorl    %edx,%edx
        ret
@@ -146,21 +181,21 @@ L_OPENSSL_far_spin_begin:
        pushfl
        popl    %eax
        btl     $9,%eax
-       jnc     L006nospin
+       jnc     L012nospin
        movl    4(%esp),%eax
        movl    8(%esp),%ecx
 .long  2430111262
        xorl    %eax,%eax
        movl    (%ecx),%edx
-       jmp     L007spin
+       jmp     L013spin
 .align 4,0x90
-L007spin:
+L013spin:
        incl    %eax
        cmpl    (%ecx),%edx
-       je      L007spin
+       je      L013spin
 .long  529567888
        ret
-L006nospin:
+L012nospin:
        xorl    %eax,%eax
        xorl    %edx,%edx
        ret
@@ -170,12 +205,15 @@ _OPENSSL_wipe_cpu:
 L_OPENSSL_wipe_cpu_begin:
        xorl    %eax,%eax
        xorl    %edx,%edx
-       leal    _OPENSSL_ia32cap_P,%ecx
+       call    L014PIC_me_up
+L014PIC_me_up:
+       popl    %ecx
+       movl    L_OPENSSL_ia32cap_P$non_lazy_ptr-L014PIC_me_up(%ecx),%ecx
        movl    (%ecx),%ecx
        btl     $1,(%ecx)
-       jnc     L008no_x87
+       jnc     L015no_x87
 .long  4007259865,4007259865,4007259865,4007259865,2430851995
-L008no_x87:
+L015no_x87:
        leal    4(%esp),%eax
        ret
 .globl _OPENSSL_atomic_add
@@ -187,11 +225,11 @@ L_OPENSSL_atomic_add_begin:
        pushl   %ebx
        nop
        movl    (%edx),%eax
-L009spin:
+L016spin:
        leal    (%eax,%ecx,1),%ebx
        nop
 .long  447811568
-       jne     L009spin
+       jne     L016spin
        movl    %ebx,%eax
        popl    %ebx
        ret
@@ -228,34 +266,51 @@ L_OPENSSL_cleanse_begin:
        movl    8(%esp),%ecx
        xorl    %eax,%eax
        cmpl    $7,%ecx
-       jae     L010lot
+       jae     L017lot
        cmpl    $0,%ecx
-       je      L011ret
-L012little:
+       je      L018ret
+L019little:
        movb    %al,(%edx)
        subl    $1,%ecx
        leal    1(%edx),%edx
-       jnz     L012little
-L011ret:
+       jnz     L019little
+L018ret:
        ret
 .align 4,0x90
-L010lot:
+L017lot:
        testl   $3,%edx
-       jz      L013aligned
+       jz      L020aligned
        movb    %al,(%edx)
        leal    -1(%ecx),%ecx
        leal    1(%edx),%edx
-       jmp     L010lot
-L013aligned:
+       jmp     L017lot
+L020aligned:
        movl    %eax,(%edx)
        leal    -4(%ecx),%ecx
        testl   $-4,%ecx
        leal    4(%edx),%edx
-       jnz     L013aligned
+       jnz     L020aligned
        cmpl    $0,%ecx
-       jne     L012little
+       jne     L019little
+       ret
+.globl _OPENSSL_ia32_rdrand
+.align 4
+_OPENSSL_ia32_rdrand:
+L_OPENSSL_ia32_rdrand_begin:
+       movl    $8,%ecx
+L021loop:
+.byte  15,199,240
+       jc      L022break
+       loop    L021loop
+L022break:
+       cmpl    $0,%eax
+       cmovel  %ecx,%eax
        ret
-.comm  _OPENSSL_ia32cap_P,4
+.section __IMPORT,__pointers,non_lazy_symbol_pointers
+L_OPENSSL_ia32cap_P$non_lazy_ptr:
+.indirect_symbol       _OPENSSL_ia32cap_P
+.long  0
+.comm  _OPENSSL_ia32cap_P,8,2
 .mod_init_func
 .align 2
 .long   _OPENSSL_cpuid_setup

diff --git a/deps/openssl/asm/x86-win32-masm/aes/aes-586.asm b/deps/openssl/asm/x86-win32-masm/aes/aes-586.asm
index 22dd21f..e4ac96e 100644 (file)
--- a/deps/openssl/asm/x86-win32-masm/aes/aes-586.asm
+++ b/deps/openssl/asm/x86-win32-masm/aes/aes-586.asm
@@ -2975,14 +2975,14 @@ $L045exit:
        ret
 __x86_AES_set_encrypt_key ENDP
 ALIGN  16
-_AES_set_encrypt_key   PROC PUBLIC
-$L_AES_set_encrypt_key_begin::
+_private_AES_set_encrypt_key   PROC PUBLIC
+$L_private_AES_set_encrypt_key_begin::
        call    __x86_AES_set_encrypt_key
        ret
-_AES_set_encrypt_key ENDP
+_private_AES_set_encrypt_key ENDP
 ALIGN  16
-_AES_set_decrypt_key   PROC PUBLIC
-$L_AES_set_decrypt_key_begin::
+_private_AES_set_decrypt_key   PROC PUBLIC
+$L_private_AES_set_decrypt_key_begin::
        call    __x86_AES_set_encrypt_key
        cmp     eax,0
        je      $L054proceed
@@ -3211,12 +3211,12 @@ $L056permute:
        pop     ebx
        pop     ebp
        ret
-_AES_set_decrypt_key ENDP
+_private_AES_set_decrypt_key ENDP
 DB     65,69,83,32,102,111,114,32,120,56,54,44,32,67,82,89
 DB     80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114
 DB     111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
 .text$ ENDS
 .bss   SEGMENT 'BSS'
-COMM   _OPENSSL_ia32cap_P:DWORD
+COMM   _OPENSSL_ia32cap_P:QWORD
 .bss   ENDS
 END

diff --git a/deps/openssl/asm/x86-win32-masm/bf/bf-686.asm b/deps/openssl/asm/x86-win32-masm/bf/bf-686.asm
index a802e72..2883179 100644 (file)
--- a/deps/openssl/asm/x86-win32-masm/bf/bf-686.asm
+++ b/deps/openssl/asm/x86-win32-masm/bf/bf-686.asm
@@ -2,7 +2,7 @@ TITLE   bf-686.asm
 IF @Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
-.586
+.686
 .MODEL FLAT
 OPTION DOTNAME
 IF @Version LT 800

diff --git a/deps/openssl/asm/x86-win32-masm/bn/x86-mont.asm b/deps/openssl/asm/x86-win32-masm/bn/x86-mont.asm
index eaad4a0..031be4e 100644 (file)
--- a/deps/openssl/asm/x86-win32-masm/bn/x86-mont.asm
+++ b/deps/openssl/asm/x86-win32-masm/bn/x86-mont.asm
@@ -2,7 +2,7 @@ TITLE   ../openssl/crypto/bn/asm/x86-mont.asm
 IF @Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
-.586
+.686
 .MODEL FLAT
 OPTION DOTNAME
 IF @Version LT 800

diff --git a/deps/openssl/asm/x86-win32-masm/bn/x86.asm b/deps/openssl/asm/x86-win32-masm/bn/x86.asm
index d7051fa..2e7a0d4 100644 (file)
--- a/deps/openssl/asm/x86-win32-masm/bn/x86.asm
+++ b/deps/openssl/asm/x86-win32-masm/bn/x86.asm
@@ -2,7 +2,7 @@ TITLE   ../openssl/crypto/bn/asm/x86.asm
 IF @Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
-.586
+.686
 .MODEL FLAT
 OPTION DOTNAME
 IF @Version LT 800

diff --git a/deps/openssl/asm/x86-win32-masm/camellia/cmll-x86.asm b/deps/openssl/asm/x86-win32-masm/camellia/cmll-x86.asm
index acdf6a2..e32d281 100644 (file)
--- a/deps/openssl/asm/x86-win32-masm/camellia/cmll-x86.asm
+++ b/deps/openssl/asm/x86-win32-masm/camellia/cmll-x86.asm
@@ -2,7 +2,7 @@ TITLE   cmll-586.asm
 IF @Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
-.586
+.686
 .MODEL FLAT
 OPTION DOTNAME
 IF @Version LT 800
@@ -1532,8 +1532,8 @@ $L013done:
        ret
 _Camellia_Ekeygen ENDP
 ALIGN  16
-_Camellia_set_key      PROC PUBLIC
-$L_Camellia_set_key_begin::
+_private_Camellia_set_key      PROC PUBLIC
+$L_private_Camellia_set_key_begin::
        push    ebx
        mov     ecx,DWORD PTR 8[esp]
        mov     ebx,DWORD PTR 12[esp]
@@ -1563,7 +1563,7 @@ ALIGN     4
 $L014done:
        pop     ebx
        ret
-_Camellia_set_key ENDP
+_private_Camellia_set_key ENDP
 ALIGN  64
 $LCamellia_SIGMA::
 DD     2694735487,1003262091,3061508184,1286239154,3337565999,3914302142,1426019237,4057165596,283453434,3731369245,2958461122,3018244605,0,0,0,0

diff --git a/deps/openssl/asm/x86-win32-masm/cast/cast-586.asm b/deps/openssl/asm/x86-win32-masm/cast/cast-586.asm
index 1f2f070..6f85c34 100644 (file)
--- a/deps/openssl/asm/x86-win32-masm/cast/cast-586.asm
+++ b/deps/openssl/asm/x86-win32-masm/cast/cast-586.asm
@@ -2,7 +2,7 @@ TITLE   cast-586.asm
 IF @Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
-.586
+.686
 .MODEL FLAT
 OPTION DOTNAME
 IF @Version LT 800

diff --git a/deps/openssl/asm/x86-win32-masm/des/crypt586.asm b/deps/openssl/asm/x86-win32-masm/des/crypt586.asm
index 24e474d..4c82c7a 100644 (file)
--- a/deps/openssl/asm/x86-win32-masm/des/crypt586.asm
+++ b/deps/openssl/asm/x86-win32-masm/des/crypt586.asm
@@ -2,7 +2,7 @@ TITLE   crypt586.asm
 IF @Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
-.586
+.686
 .MODEL FLAT
 OPTION DOTNAME
 IF @Version LT 800

diff --git a/deps/openssl/asm/x86-win32-masm/des/des-586.asm b/deps/openssl/asm/x86-win32-masm/des/des-586.asm
index 3c630da..24f19a6 100644 (file)
--- a/deps/openssl/asm/x86-win32-masm/des/des-586.asm
+++ b/deps/openssl/asm/x86-win32-masm/des/des-586.asm
@@ -2,7 +2,7 @@ TITLE   des-586.asm
 IF @Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
-.586
+.686
 .MODEL FLAT
 OPTION DOTNAME
 IF @Version LT 800

diff --git a/deps/openssl/asm/x86-win32-masm/md5/md5-586.asm b/deps/openssl/asm/x86-win32-masm/md5/md5-586.asm
index c8edae7..8e263de 100644 (file)
--- a/deps/openssl/asm/x86-win32-masm/md5/md5-586.asm
+++ b/deps/openssl/asm/x86-win32-masm/md5/md5-586.asm
@@ -2,7 +2,7 @@ TITLE   ../openssl/crypto/md5/asm/md5-586.asm
 IF @Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
-.586
+.686
 .MODEL FLAT
 OPTION DOTNAME
 IF @Version LT 800

diff --git a/deps/openssl/asm/x86-win32-masm/rc4/rc4-586.asm b/deps/openssl/asm/x86-win32-masm/rc4/rc4-586.asm
index 3eb66f7..d179090 100644 (file)
--- a/deps/openssl/asm/x86-win32-masm/rc4/rc4-586.asm
+++ b/deps/openssl/asm/x86-win32-masm/rc4/rc4-586.asm
@@ -2,7 +2,14 @@ TITLE  rc4-586.asm
 IF @Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
-.586
+.686
+.XMM
+IF @Version LT 800
+XMMWORD STRUCT 16
+DQ     2 dup (?)
+XMMWORD        ENDS
+ENDIF
+
 .MODEL FLAT
 OPTION DOTNAME
 IF @Version LT 800
@@ -10,6 +17,7 @@ IF @Version LT 800
 ELSE
 .text$ SEGMENT ALIGN(64) 'CODE'
 ENDIF
+;EXTERN        _OPENSSL_ia32cap_P:NEAR
 ALIGN  16
 _RC4   PROC PUBLIC
 $L_RC4_begin::
@@ -37,11 +45,146 @@ $L_RC4_begin::
        mov     ecx,DWORD PTR [eax*4+edi]
        and     edx,-4
        jz      $L002loop1
-       lea     edx,DWORD PTR [edx*1+esi-4]
-       mov     DWORD PTR 28[esp],edx
+       test    edx,-8
        mov     DWORD PTR 32[esp],ebp
+       jz      $L003go4loop4
+       lea     ebp,DWORD PTR _OPENSSL_ia32cap_P
+       bt      DWORD PTR [ebp],26
+       jnc     $L003go4loop4
+       mov     ebp,DWORD PTR 32[esp]
+       and     edx,-8
+       lea     edx,DWORD PTR [edx*1+esi-8]
+       mov     DWORD PTR [edi-4],edx
+       add     bl,cl
+       mov     edx,DWORD PTR [ebx*4+edi]
+       mov     DWORD PTR [ebx*4+edi],ecx
+       mov     DWORD PTR [eax*4+edi],edx
+       inc     eax
+       add     edx,ecx
+       movzx   eax,al
+       movzx   edx,dl
+       movq    mm0,QWORD PTR [esi]
+       mov     ecx,DWORD PTR [eax*4+edi]
+       movd    mm2,DWORD PTR [edx*4+edi]
+       jmp     $L004loop_mmx_enter
+ALIGN  16
+$L005loop_mmx:
+       add     bl,cl
+       psllq   mm1,56
+       mov     edx,DWORD PTR [ebx*4+edi]
+       mov     DWORD PTR [ebx*4+edi],ecx
+       mov     DWORD PTR [eax*4+edi],edx
+       inc     eax
+       add     edx,ecx
+       movzx   eax,al
+       movzx   edx,dl
+       pxor    mm2,mm1
+       movq    mm0,QWORD PTR [esi]
+       movq    QWORD PTR [esi*1+ebp-8],mm2
+       mov     ecx,DWORD PTR [eax*4+edi]
+       movd    mm2,DWORD PTR [edx*4+edi]
+$L004loop_mmx_enter:
+       add     bl,cl
+       mov     edx,DWORD PTR [ebx*4+edi]
+       mov     DWORD PTR [ebx*4+edi],ecx
+       mov     DWORD PTR [eax*4+edi],edx
+       inc     eax
+       add     edx,ecx
+       movzx   eax,al
+       movzx   edx,dl
+       pxor    mm2,mm0
+       mov     ecx,DWORD PTR [eax*4+edi]
+       movd    mm1,DWORD PTR [edx*4+edi]
+       add     bl,cl
+       psllq   mm1,8
+       mov     edx,DWORD PTR [ebx*4+edi]
+       mov     DWORD PTR [ebx*4+edi],ecx
+       mov     DWORD PTR [eax*4+edi],edx
+       inc     eax
+       add     edx,ecx
+       movzx   eax,al
+       movzx   edx,dl
+       pxor    mm2,mm1
+       mov     ecx,DWORD PTR [eax*4+edi]
+       movd    mm1,DWORD PTR [edx*4+edi]
+       add     bl,cl
+       psllq   mm1,16
+       mov     edx,DWORD PTR [ebx*4+edi]
+       mov     DWORD PTR [ebx*4+edi],ecx
+       mov     DWORD PTR [eax*4+edi],edx
+       inc     eax
+       add     edx,ecx
+       movzx   eax,al
+       movzx   edx,dl
+       pxor    mm2,mm1
+       mov     ecx,DWORD PTR [eax*4+edi]
+       movd    mm1,DWORD PTR [edx*4+edi]
+       add     bl,cl
+       psllq   mm1,24
+       mov     edx,DWORD PTR [ebx*4+edi]
+       mov     DWORD PTR [ebx*4+edi],ecx
+       mov     DWORD PTR [eax*4+edi],edx
+       inc     eax
+       add     edx,ecx
+       movzx   eax,al
+       movzx   edx,dl
+       pxor    mm2,mm1
+       mov     ecx,DWORD PTR [eax*4+edi]
+       movd    mm1,DWORD PTR [edx*4+edi]
+       add     bl,cl
+       psllq   mm1,32
+       mov     edx,DWORD PTR [ebx*4+edi]
+       mov     DWORD PTR [ebx*4+edi],ecx
+       mov     DWORD PTR [eax*4+edi],edx
+       inc     eax
+       add     edx,ecx
+       movzx   eax,al
+       movzx   edx,dl
+       pxor    mm2,mm1
+       mov     ecx,DWORD PTR [eax*4+edi]
+       movd    mm1,DWORD PTR [edx*4+edi]
+       add     bl,cl
+       psllq   mm1,40
+       mov     edx,DWORD PTR [ebx*4+edi]
+       mov     DWORD PTR [ebx*4+edi],ecx
+       mov     DWORD PTR [eax*4+edi],edx
+       inc     eax
+       add     edx,ecx
+       movzx   eax,al
+       movzx   edx,dl
+       pxor    mm2,mm1
+       mov     ecx,DWORD PTR [eax*4+edi]
+       movd    mm1,DWORD PTR [edx*4+edi]
+       add     bl,cl
+       psllq   mm1,48
+       mov     edx,DWORD PTR [ebx*4+edi]
+       mov     DWORD PTR [ebx*4+edi],ecx
+       mov     DWORD PTR [eax*4+edi],edx
+       inc     eax
+       add     edx,ecx
+       movzx   eax,al
+       movzx   edx,dl
+       pxor    mm2,mm1
+       mov     ecx,DWORD PTR [eax*4+edi]
+       movd    mm1,DWORD PTR [edx*4+edi]
+       mov     edx,ebx
+       xor     ebx,ebx
+       mov     bl,dl
+       cmp     esi,DWORD PTR [edi-4]
+       lea     esi,DWORD PTR 8[esi]
+       jb      $L005loop_mmx
+       psllq   mm1,56
+       pxor    mm2,mm1
+       movq    QWORD PTR [esi*1+ebp-8],mm2
+       emms
+       cmp     esi,DWORD PTR 24[esp]
+       je      $L006done
+       jmp     $L002loop1
 ALIGN  16
-$L003loop4:
+$L003go4loop4:
+       lea     edx,DWORD PTR [edx*1+esi-4]
+       mov     DWORD PTR 28[esp],edx
+$L007loop4:
        add     bl,cl
        mov     edx,DWORD PTR [ebx*4+edi]
        mov     DWORD PTR [ebx*4+edi],ecx
@@ -87,9 +230,9 @@ $L003loop4:
        mov     DWORD PTR [esi*1+ecx],ebp
        lea     esi,DWORD PTR 4[esi]
        mov     ecx,DWORD PTR [eax*4+edi]
-       jb      $L003loop4
+       jb      $L007loop4
        cmp     esi,DWORD PTR 24[esp]
-       je      $L004done
+       je      $L006done
        mov     ebp,DWORD PTR 32[esp]
 ALIGN  16
 $L002loop1:
@@ -107,11 +250,11 @@ $L002loop1:
        cmp     esi,DWORD PTR 24[esp]
        mov     BYTE PTR [esi*1+ebp-1],dl
        jb      $L002loop1
-       jmp     $L004done
+       jmp     $L006done
 ALIGN  16
 $L001RC4_CHAR:
        movzx   ecx,BYTE PTR [eax*1+edi]
-$L005cloop1:
+$L008cloop1:
        add     bl,cl
        movzx   edx,BYTE PTR [ebx*1+edi]
        mov     BYTE PTR [ebx*1+edi],cl
@@ -124,10 +267,10 @@ $L005cloop1:
        movzx   ecx,BYTE PTR [eax*1+edi]
        cmp     esi,DWORD PTR 24[esp]
        mov     BYTE PTR [esi*1+ebp-1],dl
-       jb      $L005cloop1
-$L004done:
+       jb      $L008cloop1
+$L006done:
        dec     al
-       mov     BYTE PTR [edi-4],bl
+       mov     DWORD PTR [edi-4],ebx
        mov     BYTE PTR [edi-8],al
 $L000abort:
        pop     edi
@@ -136,10 +279,9 @@ $L000abort:
        pop     ebp
        ret
 _RC4 ENDP
-;EXTERN        _OPENSSL_ia32cap_P:NEAR
 ALIGN  16
-_RC4_set_key   PROC PUBLIC
-$L_RC4_set_key_begin::
+_private_RC4_set_key   PROC PUBLIC
+$L_private_RC4_set_key_begin::
        push    ebp
        push    ebx
        push    esi
@@ -154,53 +296,53 @@ $L_RC4_set_key_begin::
        xor     eax,eax
        mov     DWORD PTR [edi-4],ebp
        bt      DWORD PTR [edx],20
-       jc      $L006c1stloop
+       jc      $L009c1stloop
 ALIGN  16
-$L007w1stloop:
+$L010w1stloop:
        mov     DWORD PTR [eax*4+edi],eax
        add     al,1
-       jnc     $L007w1stloop
+       jnc     $L010w1stloop
        xor     ecx,ecx
        xor     edx,edx
 ALIGN  16
-$L008w2ndloop:
+$L011w2ndloop:
        mov     eax,DWORD PTR [ecx*4+edi]
        add     dl,BYTE PTR [ebp*1+esi]
        add     dl,al
        add     ebp,1
        mov     ebx,DWORD PTR [edx*4+edi]
-       jnz     $L009wnowrap
+       jnz     $L012wnowrap
        mov     ebp,DWORD PTR [edi-4]
-$L009wnowrap:
+$L012wnowrap:
        mov     DWORD PTR [edx*4+edi],eax
        mov     DWORD PTR [ecx*4+edi],ebx
        add     cl,1
-       jnc     $L008w2ndloop
-       jmp     $L010exit
+       jnc     $L011w2ndloop
+       jmp     $L013exit
 ALIGN  16
-$L006c1stloop:
+$L009c1stloop:
        mov     BYTE PTR [eax*1+edi],al
        add     al,1
-       jnc     $L006c1stloop
+       jnc     $L009c1stloop
        xor     ecx,ecx
        xor     edx,edx
        xor     ebx,ebx
 ALIGN  16
-$L011c2ndloop:
+$L014c2ndloop:
        mov     al,BYTE PTR [ecx*1+edi]
        add     dl,BYTE PTR [ebp*1+esi]
        add     dl,al
        add     ebp,1
        mov     bl,BYTE PTR [edx*1+edi]
-       jnz     $L012cnowrap
+       jnz     $L015cnowrap
        mov     ebp,DWORD PTR [edi-4]
-$L012cnowrap:
+$L015cnowrap:
        mov     BYTE PTR [edx*1+edi],al
        mov     BYTE PTR [ecx*1+edi],bl
        add     cl,1
-       jnc     $L011c2ndloop
+       jnc     $L014c2ndloop
        mov     DWORD PTR 256[edi],-1
-$L010exit:
+$L013exit:
        xor     eax,eax
        mov     DWORD PTR [edi-8],eax
        mov     DWORD PTR [edi-4],eax
@@ -209,24 +351,31 @@ $L010exit:
        pop     ebx
        pop     ebp
        ret
-_RC4_set_key ENDP
+_private_RC4_set_key ENDP
 ALIGN  16
 _RC4_options   PROC PUBLIC
 $L_RC4_options_begin::
-       call    $L013pic_point
-$L013pic_point:
+       call    $L016pic_point
+$L016pic_point:
        pop     eax
-       lea     eax,DWORD PTR ($L014opts-$L013pic_point)[eax]
+       lea     eax,DWORD PTR ($L017opts-$L016pic_point)[eax]
        lea     edx,DWORD PTR _OPENSSL_ia32cap_P
-       bt      DWORD PTR [edx],20
-       jnc     $L015skip
+       mov     edx,DWORD PTR [edx]
+       bt      edx,20
+       jc      $L0181xchar
+       bt      edx,26
+       jnc     $L019ret
+       add     eax,25
+       ret
+$L0181xchar:
        add     eax,12
-$L015skip:
+$L019ret:
        ret
 ALIGN  64
-$L014opts:
+$L017opts:
 DB     114,99,52,40,52,120,44,105,110,116,41,0
 DB     114,99,52,40,49,120,44,99,104,97,114,41,0
+DB     114,99,52,40,56,120,44,109,109,120,41,0
 DB     82,67,52,32,102,111,114,32,120,56,54,44,32,67,82,89
 DB     80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114
 DB     111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
@@ -234,6 +383,6 @@ ALIGN       64
 _RC4_options ENDP
 .text$ ENDS
 .bss   SEGMENT 'BSS'
-COMM   _OPENSSL_ia32cap_P:DWORD
+COMM   _OPENSSL_ia32cap_P:QWORD
 .bss   ENDS
 END

diff --git a/deps/openssl/asm/x86-win32-masm/rc5/rc5-586.asm b/deps/openssl/asm/x86-win32-masm/rc5/rc5-586.asm
index e699d91..7ce7411 100644 (file)
--- a/deps/openssl/asm/x86-win32-masm/rc5/rc5-586.asm
+++ b/deps/openssl/asm/x86-win32-masm/rc5/rc5-586.asm
@@ -2,7 +2,7 @@ TITLE   rc5-586.asm
 IF @Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
-.586
+.686
 .MODEL FLAT
 OPTION DOTNAME
 IF @Version LT 800

diff --git a/deps/openssl/asm/x86-win32-masm/ripemd/rmd-586.asm b/deps/openssl/asm/x86-win32-masm/ripemd/rmd-586.asm
index 8fa61f8..7f6458c 100644 (file)
--- a/deps/openssl/asm/x86-win32-masm/ripemd/rmd-586.asm
+++ b/deps/openssl/asm/x86-win32-masm/ripemd/rmd-586.asm
@@ -2,7 +2,7 @@ TITLE   ../openssl/crypto/ripemd/asm/rmd-586.asm
 IF @Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
-.586
+.686
 .MODEL FLAT
 OPTION DOTNAME
 IF @Version LT 800

diff --git a/deps/openssl/asm/x86-win32-masm/sha/sha1-586.asm b/deps/openssl/asm/x86-win32-masm/sha/sha1-586.asm
index ce9f8d5..878b1d3 100644 (file)
--- a/deps/openssl/asm/x86-win32-masm/sha/sha1-586.asm
+++ b/deps/openssl/asm/x86-win32-masm/sha/sha1-586.asm
@@ -2,7 +2,7 @@ TITLE   sha1-586.asm
 IF @Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
-.586
+.686
 .MODEL FLAT
 OPTION DOTNAME
 IF @Version LT 800
@@ -20,11 +20,12 @@ $L_sha1_block_data_order_begin::
        mov     ebp,DWORD PTR 20[esp]
        mov     esi,DWORD PTR 24[esp]
        mov     eax,DWORD PTR 28[esp]
-       sub     esp,64
+       sub     esp,76
        shl     eax,6
        add     eax,esi
-       mov     DWORD PTR 92[esp],eax
+       mov     DWORD PTR 104[esp],eax
        mov     edi,DWORD PTR 16[ebp]
+       jmp     $L000loop
 ALIGN  16
 $L000loop:
        mov     eax,DWORD PTR [esi]
@@ -75,7 +76,7 @@ $L000loop:
        mov     DWORD PTR 52[esp],ebx
        mov     DWORD PTR 56[esp],ecx
        mov     DWORD PTR 60[esp],edx
-       mov     DWORD PTR 88[esp],esi
+       mov     DWORD PTR 100[esp],esi
        mov     eax,DWORD PTR [ebp]
        mov     ebx,DWORD PTR 4[ebp]
        mov     ecx,DWORD PTR 8[ebp]
@@ -86,10 +87,10 @@ $L000loop:
        rol     ebp,5
        xor     esi,edx
        add     ebp,edi
-       and     esi,ebx
        mov     edi,DWORD PTR [esp]
-       xor     esi,edx
+       and     esi,ebx
        ror     ebx,2
+       xor     esi,edx
        lea     ebp,DWORD PTR 1518500249[edi*1+ebp]
        add     ebp,esi
        ; 00_15 1
@@ -98,10 +99,10 @@ $L000loop:
        rol     ebp,5
        xor     edi,ecx
        add     ebp,edx
-       and     edi,eax
        mov     edx,DWORD PTR 4[esp]
-       xor     edi,ecx
+       and     edi,eax
        ror     eax,2
+       xor     edi,ecx
        lea     ebp,DWORD PTR 1518500249[edx*1+ebp]
        add     ebp,edi
        ; 00_15 2
@@ -110,10 +111,10 @@ $L000loop:
        rol     ebp,5
        xor     edx,ebx
        add     ebp,ecx
-       and     edx,esi
        mov     ecx,DWORD PTR 8[esp]
-       xor     edx,ebx
+       and     edx,esi
        ror     esi,2
+       xor     edx,ebx
        lea     ebp,DWORD PTR 1518500249[ecx*1+ebp]
        add     ebp,edx
        ; 00_15 3
@@ -122,10 +123,10 @@ $L000loop:
        rol     ebp,5
        xor     ecx,eax
        add     ebp,ebx
-       and     ecx,edi
        mov     ebx,DWORD PTR 12[esp]
-       xor     ecx,eax
+       and     ecx,edi
        ror     edi,2
+       xor     ecx,eax
        lea     ebp,DWORD PTR 1518500249[ebx*1+ebp]
        add     ebp,ecx
        ; 00_15 4
@@ -134,10 +135,10 @@ $L000loop:
        rol     ebp,5
        xor     ebx,esi
        add     ebp,eax
-       and     ebx,edx
        mov     eax,DWORD PTR 16[esp]
-       xor     ebx,esi
+       and     ebx,edx
        ror     edx,2
+       xor     ebx,esi
        lea     ebp,DWORD PTR 1518500249[eax*1+ebp]
        add     ebp,ebx
        ; 00_15 5
@@ -146,10 +147,10 @@ $L000loop:
        rol     ebp,5
        xor     eax,edi
        add     ebp,esi
-       and     eax,ecx
        mov     esi,DWORD PTR 20[esp]
-       xor     eax,edi
+       and     eax,ecx
        ror     ecx,2
+       xor     eax,edi
        lea     ebp,DWORD PTR 1518500249[esi*1+ebp]
        add     ebp,eax
        ; 00_15 6
@@ -158,10 +159,10 @@ $L000loop:
        rol     ebp,5
        xor     esi,edx
        add     ebp,edi
-       and     esi,ebx
        mov     edi,DWORD PTR 24[esp]
-       xor     esi,edx
+       and     esi,ebx
        ror     ebx,2
+       xor     esi,edx
        lea     ebp,DWORD PTR 1518500249[edi*1+ebp]
        add     ebp,esi
        ; 00_15 7
@@ -170,10 +171,10 @@ $L000loop:
        rol     ebp,5
        xor     edi,ecx
        add     ebp,edx
-       and     edi,eax
        mov     edx,DWORD PTR 28[esp]
-       xor     edi,ecx
+       and     edi,eax
        ror     eax,2
+       xor     edi,ecx
        lea     ebp,DWORD PTR 1518500249[edx*1+ebp]
        add     ebp,edi
        ; 00_15 8
@@ -182,10 +183,10 @@ $L000loop:
        rol     ebp,5
        xor     edx,ebx
        add     ebp,ecx
-       and     edx,esi
        mov     ecx,DWORD PTR 32[esp]
-       xor     edx,ebx
+       and     edx,esi
        ror     esi,2
+       xor     edx,ebx
        lea     ebp,DWORD PTR 1518500249[ecx*1+ebp]
        add     ebp,edx
        ; 00_15 9
@@ -194,10 +195,10 @@ $L000loop:
        rol     ebp,5
        xor     ecx,eax
        add     ebp,ebx
-       and     ecx,edi
        mov     ebx,DWORD PTR 36[esp]
-       xor     ecx,eax
+       and     ecx,edi
        ror     edi,2
+       xor     ecx,eax
        lea     ebp,DWORD PTR 1518500249[ebx*1+ebp]
        add     ebp,ecx
        ; 00_15 10
@@ -206,10 +207,10 @@ $L000loop:
        rol     ebp,5
        xor     ebx,esi
        add     ebp,eax
-       and     ebx,edx
        mov     eax,DWORD PTR 40[esp]
-       xor     ebx,esi
+       and     ebx,edx
        ror     edx,2
+       xor     ebx,esi
        lea     ebp,DWORD PTR 1518500249[eax*1+ebp]
        add     ebp,ebx
        ; 00_15 11
@@ -218,10 +219,10 @@ $L000loop:
        rol     ebp,5
        xor     eax,edi
        add     ebp,esi
-       and     eax,ecx
        mov     esi,DWORD PTR 44[esp]
-       xor     eax,edi
+       and     eax,ecx
        ror     ecx,2
+       xor     eax,edi
        lea     ebp,DWORD PTR 1518500249[esi*1+ebp]
        add     ebp,eax
        ; 00_15 12
@@ -230,10 +231,10 @@ $L000loop:
        rol     ebp,5
        xor     esi,edx
        add     ebp,edi
-       and     esi,ebx
        mov     edi,DWORD PTR 48[esp]
-       xor     esi,edx
+       and     esi,ebx
        ror     ebx,2
+       xor     esi,edx
        lea     ebp,DWORD PTR 1518500249[edi*1+ebp]
        add     ebp,esi
        ; 00_15 13
@@ -242,10 +243,10 @@ $L000loop:
        rol     ebp,5
        xor     edi,ecx
        add     ebp,edx
-       and     edi,eax
        mov     edx,DWORD PTR 52[esp]
-       xor     edi,ecx
+       and     edi,eax
        ror     eax,2
+       xor     edi,ecx
        lea     ebp,DWORD PTR 1518500249[edx*1+ebp]
        add     ebp,edi
        ; 00_15 14
@@ -254,10 +255,10 @@ $L000loop:
        rol     ebp,5
        xor     edx,ebx
        add     ebp,ecx
-       and     edx,esi
        mov     ecx,DWORD PTR 56[esp]
-       xor     edx,ebx
+       and     edx,esi
        ror     esi,2
+       xor     edx,ebx
        lea     ebp,DWORD PTR 1518500249[ecx*1+ebp]
        add     ebp,edx
        ; 00_15 15
@@ -266,1162 +267,1099 @@ $L000loop:
        rol     ebp,5
        xor     ecx,eax
        add     ebp,ebx
-       and     ecx,edi
        mov     ebx,DWORD PTR 60[esp]
-       xor     ecx,eax
+       and     ecx,edi
        ror     edi,2
+       xor     ecx,eax
        lea     ebp,DWORD PTR 1518500249[ebx*1+ebp]
+       mov     ebx,DWORD PTR [esp]
        add     ecx,ebp
        ; 16_19 16
-       mov     ebx,DWORD PTR [esp]
        mov     ebp,edi
        xor     ebx,DWORD PTR 8[esp]
        xor     ebp,esi
        xor     ebx,DWORD PTR 32[esp]
        and     ebp,edx
-       ror     edx,2
        xor     ebx,DWORD PTR 52[esp]
        rol     ebx,1
        xor     ebp,esi
+       add     eax,ebp
+       mov     ebp,ecx
+       ror     edx,2
        mov     DWORD PTR [esp],ebx
+       rol     ebp,5
        lea     ebx,DWORD PTR 1518500249[eax*1+ebx]
-       mov     eax,ecx
-       rol     eax,5
+       mov     eax,DWORD PTR 4[esp]
        add     ebx,ebp
-       add     ebx,eax
        ; 16_19 17
-       mov     eax,DWORD PTR 4[esp]
        mov     ebp,edx
        xor     eax,DWORD PTR 12[esp]
        xor     ebp,edi
        xor     eax,DWORD PTR 36[esp]
        and     ebp,ecx
-       ror     ecx,2
        xor     eax,DWORD PTR 56[esp]
        rol     eax,1
        xor     ebp,edi
+       add     esi,ebp
+       mov     ebp,ebx
+       ror     ecx,2
        mov     DWORD PTR 4[esp],eax
+       rol     ebp,5
        lea     eax,DWORD PTR 1518500249[esi*1+eax]
-       mov     esi,ebx
-       rol     esi,5
+       mov     esi,DWORD PTR 8[esp]
        add     eax,ebp
-       add     eax,esi
        ; 16_19 18
-       mov     esi,DWORD PTR 8[esp]
        mov     ebp,ecx
        xor     esi,DWORD PTR 16[esp]
        xor     ebp,edx
        xor     esi,DWORD PTR 40[esp]
        and     ebp,ebx
-       ror     ebx,2
        xor     esi,DWORD PTR 60[esp]
        rol     esi,1
        xor     ebp,edx
+       add     edi,ebp
+       mov     ebp,eax
+       ror     ebx,2
        mov     DWORD PTR 8[esp],esi
+       rol     ebp,5
        lea     esi,DWORD PTR 1518500249[edi*1+esi]
-       mov     edi,eax
-       rol     edi,5
+       mov     edi,DWORD PTR 12[esp]
        add     esi,ebp
-       add     esi,edi
        ; 16_19 19
-       mov     edi,DWORD PTR 12[esp]
        mov     ebp,ebx
        xor     edi,DWORD PTR 20[esp]
        xor     ebp,ecx
        xor     edi,DWORD PTR 44[esp]
        and     ebp,eax
-       ror     eax,2
        xor     edi,DWORD PTR [esp]
        rol     edi,1
        xor     ebp,ecx
+       add     edx,ebp
+       mov     ebp,esi
+       ror     eax,2
        mov     DWORD PTR 12[esp],edi
+       rol     ebp,5
        lea     edi,DWORD PTR 1518500249[edx*1+edi]
-       mov     edx,esi
-       rol     edx,5
+       mov     edx,DWORD PTR 16[esp]
        add     edi,ebp
-       add     edi,edx
        ; 20_39 20
        mov     ebp,esi
-       mov     edx,DWORD PTR 16[esp]
-       ror     esi,2
        xor     edx,DWORD PTR 24[esp]
        xor     ebp,eax
        xor     edx,DWORD PTR 48[esp]
        xor     ebp,ebx
        xor     edx,DWORD PTR 4[esp]
        rol     edx,1
-       add     ebp,ecx
+       add     ecx,ebp
+       ror     esi,2
+       mov     ebp,edi
+       rol     ebp,5
        mov     DWORD PTR 16[esp],edx
-       mov     ecx,edi
-       rol     ecx,5
-       lea     edx,DWORD PTR 1859775393[ebp*1+edx]
-       add     edx,ecx
+       lea     edx,DWORD PTR 1859775393[ecx*1+edx]
+       mov     ecx,DWORD PTR 20[esp]
+       add     edx,ebp
        ; 20_39 21
        mov     ebp,edi
-       mov     ecx,DWORD PTR 20[esp]
-       ror     edi,2
        xor     ecx,DWORD PTR 28[esp]
        xor     ebp,esi
        xor     ecx,DWORD PTR 52[esp]
        xor     ebp,eax
        xor     ecx,DWORD PTR 8[esp]
        rol     ecx,1
-       add     ebp,ebx
+       add     ebx,ebp
+       ror     edi,2
+       mov     ebp,edx
+       rol     ebp,5
        mov     DWORD PTR 20[esp],ecx
-       mov     ebx,edx
-       rol     ebx,5
-       lea     ecx,DWORD PTR 1859775393[ebp*1+ecx]
-       add     ecx,ebx
+       lea     ecx,DWORD PTR 1859775393[ebx*1+ecx]
+       mov     ebx,DWORD PTR 24[esp]
+       add     ecx,ebp
        ; 20_39 22
        mov     ebp,edx
-       mov     ebx,DWORD PTR 24[esp]
-       ror     edx,2
        xor     ebx,DWORD PTR 32[esp]
        xor     ebp,edi
        xor     ebx,DWORD PTR 56[esp]
        xor     ebp,esi
        xor     ebx,DWORD PTR 12[esp]
        rol     ebx,1
-       add     ebp,eax
+       add     eax,ebp
+       ror     edx,2
+       mov     ebp,ecx
+       rol     ebp,5
        mov     DWORD PTR 24[esp],ebx
-       mov     eax,ecx
-       rol     eax,5
-       lea     ebx,DWORD PTR 1859775393[ebp*1+ebx]
-       add     ebx,eax
+       lea     ebx,DWORD PTR 1859775393[eax*1+ebx]
+       mov     eax,DWORD PTR 28[esp]
+       add     ebx,ebp
        ; 20_39 23
        mov     ebp,ecx
-       mov     eax,DWORD PTR 28[esp]
-       ror     ecx,2
        xor     eax,DWORD PTR 36[esp]
        xor     ebp,edx
        xor     eax,DWORD PTR 60[esp]
        xor     ebp,edi
        xor     eax,DWORD PTR 16[esp]
        rol     eax,1
-       add     ebp,esi
+       add     esi,ebp
+       ror     ecx,2
+       mov     ebp,ebx
+       rol     ebp,5
        mov     DWORD PTR 28[esp],eax
-       mov     esi,ebx
-       rol     esi,5
-       lea     eax,DWORD PTR 1859775393[ebp*1+eax]
-       add     eax,esi
+       lea     eax,DWORD PTR 1859775393[esi*1+eax]
+       mov     esi,DWORD PTR 32[esp]
+       add     eax,ebp
        ; 20_39 24
        mov     ebp,ebx
-       mov     esi,DWORD PTR 32[esp]
-       ror     ebx,2
        xor     esi,DWORD PTR 40[esp]
        xor     ebp,ecx
        xor     esi,DWORD PTR [esp]
        xor     ebp,edx
        xor     esi,DWORD PTR 20[esp]
        rol     esi,1
-       add     ebp,edi
+       add     edi,ebp
+       ror     ebx,2
+       mov     ebp,eax
+       rol     ebp,5
        mov     DWORD PTR 32[esp],esi
-       mov     edi,eax
-       rol     edi,5
-       lea     esi,DWORD PTR 1859775393[ebp*1+esi]
-       add     esi,edi
+       lea     esi,DWORD PTR 1859775393[edi*1+esi]
+       mov     edi,DWORD PTR 36[esp]
+       add     esi,ebp
        ; 20_39 25
        mov     ebp,eax
-       mov     edi,DWORD PTR 36[esp]
-       ror     eax,2
        xor     edi,DWORD PTR 44[esp]
        xor     ebp,ebx
        xor     edi,DWORD PTR 4[esp]
        xor     ebp,ecx
        xor     edi,DWORD PTR 24[esp]
        rol     edi,1
-       add     ebp,edx
+       add     edx,ebp
+       ror     eax,2
+       mov     ebp,esi
+       rol     ebp,5
        mov     DWORD PTR 36[esp],edi
-       mov     edx,esi
-       rol     edx,5
-       lea     edi,DWORD PTR 1859775393[ebp*1+edi]
-       add     edi,edx
+       lea     edi,DWORD PTR 1859775393[edx*1+edi]
+       mov     edx,DWORD PTR 40[esp]
+       add     edi,ebp
        ; 20_39 26
        mov     ebp,esi
-       mov     edx,DWORD PTR 40[esp]
-       ror     esi,2
        xor     edx,DWORD PTR 48[esp]
        xor     ebp,eax
        xor     edx,DWORD PTR 8[esp]
        xor     ebp,ebx
        xor     edx,DWORD PTR 28[esp]
        rol     edx,1
-       add     ebp,ecx
+       add     ecx,ebp
+       ror     esi,2
+       mov     ebp,edi
+       rol     ebp,5
        mov     DWORD PTR 40[esp],edx
-       mov     ecx,edi
-       rol     ecx,5
-       lea     edx,DWORD PTR 1859775393[ebp*1+edx]
-       add     edx,ecx
+       lea     edx,DWORD PTR 1859775393[ecx*1+edx]
+       mov     ecx,DWORD PTR 44[esp]
+       add     edx,ebp
        ; 20_39 27
        mov     ebp,edi
-       mov     ecx,DWORD PTR 44[esp]
-       ror     edi,2
        xor     ecx,DWORD PTR 52[esp]
        xor     ebp,esi
        xor     ecx,DWORD PTR 12[esp]
        xor     ebp,eax
        xor     ecx,DWORD PTR 32[esp]
        rol     ecx,1
-       add     ebp,ebx
+       add     ebx,ebp
+       ror     edi,2
+       mov     ebp,edx
+       rol     ebp,5
        mov     DWORD PTR 44[esp],ecx
-       mov     ebx,edx
-       rol     ebx,5
-       lea     ecx,DWORD PTR 1859775393[ebp*1+ecx]
-       add     ecx,ebx
+       lea     ecx,DWORD PTR 1859775393[ebx*1+ecx]
+       mov     ebx,DWORD PTR 48[esp]
+       add     ecx,ebp
        ; 20_39 28
        mov     ebp,edx
-       mov     ebx,DWORD PTR 48[esp]
-       ror     edx,2
        xor     ebx,DWORD PTR 56[esp]
        xor     ebp,edi
        xor     ebx,DWORD PTR 16[esp]
        xor     ebp,esi
        xor     ebx,DWORD PTR 36[esp]
        rol     ebx,1
-       add     ebp,eax
+       add     eax,ebp
+       ror     edx,2
+       mov     ebp,ecx
+       rol     ebp,5
        mov     DWORD PTR 48[esp],ebx
-       mov     eax,ecx
-       rol     eax,5
-       lea     ebx,DWORD PTR 1859775393[ebp*1+ebx]
-       add     ebx,eax
+       lea     ebx,DWORD PTR 1859775393[eax*1+ebx]
+       mov     eax,DWORD PTR 52[esp]
+       add     ebx,ebp
        ; 20_39 29
        mov     ebp,ecx
-       mov     eax,DWORD PTR 52[esp]
-       ror     ecx,2
        xor     eax,DWORD PTR 60[esp]
        xor     ebp,edx
        xor     eax,DWORD PTR 20[esp]
        xor     ebp,edi
        xor     eax,DWORD PTR 40[esp]
        rol     eax,1
-       add     ebp,esi
+       add     esi,ebp
+       ror     ecx,2
+       mov     ebp,ebx
+       rol     ebp,5
        mov     DWORD PTR 52[esp],eax
-       mov     esi,ebx
-       rol     esi,5
-       lea     eax,DWORD PTR 1859775393[ebp*1+eax]
-       add     eax,esi
+       lea     eax,DWORD PTR 1859775393[esi*1+eax]
+       mov     esi,DWORD PTR 56[esp]
+       add     eax,ebp
        ; 20_39 30
        mov     ebp,ebx
-       mov     esi,DWORD PTR 56[esp]
-       ror     ebx,2
        xor     esi,DWORD PTR [esp]
        xor     ebp,ecx
        xor     esi,DWORD PTR 24[esp]
        xor     ebp,edx
        xor     esi,DWORD PTR 44[esp]
        rol     esi,1
-       add     ebp,edi
+       add     edi,ebp
+       ror     ebx,2
+       mov     ebp,eax
+       rol     ebp,5
        mov     DWORD PTR 56[esp],esi
-       mov     edi,eax
-       rol     edi,5
-       lea     esi,DWORD PTR 1859775393[ebp*1+esi]
-       add     esi,edi
+       lea     esi,DWORD PTR 1859775393[edi*1+esi]
+       mov     edi,DWORD PTR 60[esp]
+       add     esi,ebp
        ; 20_39 31
        mov     ebp,eax
-       mov     edi,DWORD PTR 60[esp]
-       ror     eax,2
        xor     edi,DWORD PTR 4[esp]
        xor     ebp,ebx
        xor     edi,DWORD PTR 28[esp]
        xor     ebp,ecx
        xor     edi,DWORD PTR 48[esp]
        rol     edi,1
-       add     ebp,edx
+       add     edx,ebp
+       ror     eax,2
+       mov     ebp,esi
+       rol     ebp,5
        mov     DWORD PTR 60[esp],edi
-       mov     edx,esi
-       rol     edx,5
-       lea     edi,DWORD PTR 1859775393[ebp*1+edi]
-       add     edi,edx
+       lea     edi,DWORD PTR 1859775393[edx*1+edi]
+       mov     edx,DWORD PTR [esp]
+       add     edi,ebp
        ; 20_39 32
        mov     ebp,esi
-       mov     edx,DWORD PTR [esp]
-       ror     esi,2
        xor     edx,DWORD PTR 8[esp]
        xor     ebp,eax
        xor     edx,DWORD PTR 32[esp]
        xor     ebp,ebx
        xor     edx,DWORD PTR 52[esp]
        rol     edx,1
-       add     ebp,ecx
+       add     ecx,ebp
+       ror     esi,2
+       mov     ebp,edi
+       rol     ebp,5
        mov     DWORD PTR [esp],edx
-       mov     ecx,edi
-       rol     ecx,5
-       lea     edx,DWORD PTR 1859775393[ebp*1+edx]
-       add     edx,ecx
+       lea     edx,DWORD PTR 1859775393[ecx*1+edx]
+       mov     ecx,DWORD PTR 4[esp]
+       add     edx,ebp
        ; 20_39 33
        mov     ebp,edi
-       mov     ecx,DWORD PTR 4[esp]
-       ror     edi,2
        xor     ecx,DWORD PTR 12[esp]
        xor     ebp,esi
        xor     ecx,DWORD PTR 36[esp]
        xor     ebp,eax
        xor     ecx,DWORD PTR 56[esp]
        rol     ecx,1
-       add     ebp,ebx
+       add     ebx,ebp
+       ror     edi,2
+       mov     ebp,edx
+       rol     ebp,5
        mov     DWORD PTR 4[esp],ecx
-       mov     ebx,edx
-       rol     ebx,5
-       lea     ecx,DWORD PTR 1859775393[ebp*1+ecx]
-       add     ecx,ebx
+       lea     ecx,DWORD PTR 1859775393[ebx*1+ecx]
+       mov     ebx,DWORD PTR 8[esp]
+       add     ecx,ebp
        ; 20_39 34
        mov     ebp,edx
-       mov     ebx,DWORD PTR 8[esp]
-       ror     edx,2
        xor     ebx,DWORD PTR 16[esp]
        xor     ebp,edi
        xor     ebx,DWORD PTR 40[esp]
        xor     ebp,esi
        xor     ebx,DWORD PTR 60[esp]
        rol     ebx,1
-       add     ebp,eax
+       add     eax,ebp
+       ror     edx,2
+       mov     ebp,ecx
+       rol     ebp,5
        mov     DWORD PTR 8[esp],ebx
-       mov     eax,ecx
-       rol     eax,5
-       lea     ebx,DWORD PTR 1859775393[ebp*1+ebx]
-       add     ebx,eax
+       lea     ebx,DWORD PTR 1859775393[eax*1+ebx]
+       mov     eax,DWORD PTR 12[esp]
+       add     ebx,ebp
        ; 20_39 35
        mov     ebp,ecx
-       mov     eax,DWORD PTR 12[esp]
-       ror     ecx,2
        xor     eax,DWORD PTR 20[esp]
        xor     ebp,edx
        xor     eax,DWORD PTR 44[esp]
        xor     ebp,edi
        xor     eax,DWORD PTR [esp]
        rol     eax,1
-       add     ebp,esi
+       add     esi,ebp
+       ror     ecx,2
+       mov     ebp,ebx
+       rol     ebp,5
        mov     DWORD PTR 12[esp],eax
-       mov     esi,ebx
-       rol     esi,5
-       lea     eax,DWORD PTR 1859775393[ebp*1+eax]
-       add     eax,esi
+       lea     eax,DWORD PTR 1859775393[esi*1+eax]
+       mov     esi,DWORD PTR 16[esp]
+       add     eax,ebp
        ; 20_39 36
        mov     ebp,ebx
-       mov     esi,DWORD PTR 16[esp]
-       ror     ebx,2
        xor     esi,DWORD PTR 24[esp]
        xor     ebp,ecx
        xor     esi,DWORD PTR 48[esp]
        xor     ebp,edx
        xor     esi,DWORD PTR 4[esp]
        rol     esi,1
-       add     ebp,edi
+       add     edi,ebp
+       ror     ebx,2
+       mov     ebp,eax
+       rol     ebp,5
        mov     DWORD PTR 16[esp],esi
-       mov     edi,eax
-       rol     edi,5
-       lea     esi,DWORD PTR 1859775393[ebp*1+esi]
-       add     esi,edi
+       lea     esi,DWORD PTR 1859775393[edi*1+esi]
+       mov     edi,DWORD PTR 20[esp]
+       add     esi,ebp
        ; 20_39 37
        mov     ebp,eax
-       mov     edi,DWORD PTR 20[esp]
-       ror     eax,2
        xor     edi,DWORD PTR 28[esp]
        xor     ebp,ebx
        xor     edi,DWORD PTR 52[esp]
        xor     ebp,ecx
        xor     edi,DWORD PTR 8[esp]
        rol     edi,1
-       add     ebp,edx
+       add     edx,ebp
+       ror     eax,2
+       mov     ebp,esi
+       rol     ebp,5
        mov     DWORD PTR 20[esp],edi
-       mov     edx,esi
-       rol     edx,5
-       lea     edi,DWORD PTR 1859775393[ebp*1+edi]
-       add     edi,edx
+       lea     edi,DWORD PTR 1859775393[edx*1+edi]
+       mov     edx,DWORD PTR 24[esp]
+       add     edi,ebp
        ; 20_39 38
        mov     ebp,esi
-       mov     edx,DWORD PTR 24[esp]
-       ror     esi,2
        xor     edx,DWORD PTR 32[esp]
        xor     ebp,eax
        xor     edx,DWORD PTR 56[esp]
        xor     ebp,ebx
        xor     edx,DWORD PTR 12[esp]
        rol     edx,1
-       add     ebp,ecx
+       add     ecx,ebp
+       ror     esi,2
+       mov     ebp,edi
+       rol     ebp,5
        mov     DWORD PTR 24[esp],edx
-       mov     ecx,edi
-       rol     ecx,5
-       lea     edx,DWORD PTR 1859775393[ebp*1+edx]
-       add     edx,ecx
+       lea     edx,DWORD PTR 1859775393[ecx*1+edx]
+       mov     ecx,DWORD PTR 28[esp]
+       add     edx,ebp
        ; 20_39 39
        mov     ebp,edi
-       mov     ecx,DWORD PTR 28[esp]
-       ror     edi,2
        xor     ecx,DWORD PTR 36[esp]
        xor     ebp,esi
        xor     ecx,DWORD PTR 60[esp]
        xor     ebp,eax
        xor     ecx,DWORD PTR 16[esp]
        rol     ecx,1
-       add     ebp,ebx
+       add     ebx,ebp
+       ror     edi,2
+       mov     ebp,edx
+       rol     ebp,5
        mov     DWORD PTR 28[esp],ecx
-       mov     ebx,edx
-       rol     ebx,5
-       lea     ecx,DWORD PTR 1859775393[ebp*1+ecx]
-       add     ecx,ebx
-       ; 40_59 40
+       lea     ecx,DWORD PTR 1859775393[ebx*1+ecx]
        mov     ebx,DWORD PTR 32[esp]
-       mov     ebp,DWORD PTR 40[esp]
-       xor     ebx,ebp
-       mov     ebp,DWORD PTR [esp]
-       xor     ebx,ebp
-       mov     ebp,DWORD PTR 20[esp]
-       xor     ebx,ebp
-       mov     ebp,edx
+       add     ecx,ebp
+       ; 40_59 40
+       mov     ebp,edi
+       xor     ebx,DWORD PTR 40[esp]
+       xor     ebp,esi
+       xor     ebx,DWORD PTR [esp]
+       and     ebp,edx
+       xor     ebx,DWORD PTR 20[esp]
        rol     ebx,1
-       or      ebp,edi
-       mov     DWORD PTR 32[esp],ebx
-       and     ebp,esi
-       lea     ebx,DWORD PTR 2400959708[eax*1+ebx]
-       mov     eax,edx
+       add     ebp,eax
        ror     edx,2
-       and     eax,edi
-       or      ebp,eax
        mov     eax,ecx
        rol     eax,5
-       add     ebx,ebp
+       mov     DWORD PTR 32[esp],ebx
+       lea     ebx,DWORD PTR 2400959708[ebp*1+ebx]
+       mov     ebp,edi
        add     ebx,eax
-       ; 40_59 41
+       and     ebp,esi
        mov     eax,DWORD PTR 36[esp]
-       mov     ebp,DWORD PTR 44[esp]
-       xor     eax,ebp
-       mov     ebp,DWORD PTR 4[esp]
-       xor     eax,ebp
-       mov     ebp,DWORD PTR 24[esp]
-       xor     eax,ebp
-       mov     ebp,ecx
+       add     ebx,ebp
+       ; 40_59 41
+       mov     ebp,edx
+       xor     eax,DWORD PTR 44[esp]
+       xor     ebp,edi
+       xor     eax,DWORD PTR 4[esp]
+       and     ebp,ecx
+       xor     eax,DWORD PTR 24[esp]
        rol     eax,1
-       or      ebp,edx
-       mov     DWORD PTR 36[esp],eax
-       and     ebp,edi
-       lea     eax,DWORD PTR 2400959708[esi*1+eax]
-       mov     esi,ecx
+       add     ebp,esi
        ror     ecx,2
-       and     esi,edx
-       or      ebp,esi
        mov     esi,ebx
        rol     esi,5
-       add     eax,ebp
+       mov     DWORD PTR 36[esp],eax
+       lea     eax,DWORD PTR 2400959708[ebp*1+eax]
+       mov     ebp,edx
        add     eax,esi
-       ; 40_59 42
+       and     ebp,edi
        mov     esi,DWORD PTR 40[esp]
-       mov     ebp,DWORD PTR 48[esp]
-       xor     esi,ebp
-       mov     ebp,DWORD PTR 8[esp]
-       xor     esi,ebp
-       mov     ebp,DWORD PTR 28[esp]
-       xor     esi,ebp
-       mov     ebp,ebx
+       add     eax,ebp
+       ; 40_59 42
+       mov     ebp,ecx
+       xor     esi,DWORD PTR 48[esp]
+       xor     ebp,edx
+       xor     esi,DWORD PTR 8[esp]
+       and     ebp,ebx
+       xor     esi,DWORD PTR 28[esp]
        rol     esi,1
-       or      ebp,ecx
-       mov     DWORD PTR 40[esp],esi
-       and     ebp,edx
-       lea     esi,DWORD PTR 2400959708[edi*1+esi]
-       mov     edi,ebx
+       add     ebp,edi
        ror     ebx,2
-       and     edi,ecx
-       or      ebp,edi
        mov     edi,eax
        rol     edi,5
-       add     esi,ebp
+       mov     DWORD PTR 40[esp],esi
+       lea     esi,DWORD PTR 2400959708[ebp*1+esi]
+       mov     ebp,ecx
        add     esi,edi
-       ; 40_59 43
+       and     ebp,edx
        mov     edi,DWORD PTR 44[esp]
-       mov     ebp,DWORD PTR 52[esp]
-       xor     edi,ebp
-       mov     ebp,DWORD PTR 12[esp]
-       xor     edi,ebp
-       mov     ebp,DWORD PTR 32[esp]
-       xor     edi,ebp
-       mov     ebp,eax
+       add     esi,ebp
+       ; 40_59 43
+       mov     ebp,ebx
+       xor     edi,DWORD PTR 52[esp]
+       xor     ebp,ecx
+       xor     edi,DWORD PTR 12[esp]
+       and     ebp,eax
+       xor     edi,DWORD PTR 32[esp]
        rol     edi,1
-       or      ebp,ebx
-       mov     DWORD PTR 44[esp],edi
-       and     ebp,ecx
-       lea     edi,DWORD PTR 2400959708[edx*1+edi]
-       mov     edx,eax
+       add     ebp,edx
        ror     eax,2
-       and     edx,ebx
-       or      ebp,edx
        mov     edx,esi
        rol     edx,5
-       add     edi,ebp
+       mov     DWORD PTR 44[esp],edi
+       lea     edi,DWORD PTR 2400959708[ebp*1+edi]
+       mov     ebp,ebx
        add     edi,edx
-       ; 40_59 44
+       and     ebp,ecx
        mov     edx,DWORD PTR 48[esp]
-       mov     ebp,DWORD PTR 56[esp]
-       xor     edx,ebp
-       mov     ebp,DWORD PTR 16[esp]
-       xor     edx,ebp
-       mov     ebp,DWORD PTR 36[esp]
-       xor     edx,ebp
-       mov     ebp,esi
+       add     edi,ebp
+       ; 40_59 44
+       mov     ebp,eax
+       xor     edx,DWORD PTR 56[esp]
+       xor     ebp,ebx
+       xor     edx,DWORD PTR 16[esp]
+       and     ebp,esi
+       xor     edx,DWORD PTR 36[esp]
        rol     edx,1
-       or      ebp,eax
-       mov     DWORD PTR 48[esp],edx
-       and     ebp,ebx
-       lea     edx,DWORD PTR 2400959708[ecx*1+edx]
-       mov     ecx,esi
+       add     ebp,ecx
        ror     esi,2
-       and     ecx,eax
-       or      ebp,ecx
        mov     ecx,edi
        rol     ecx,5
-       add     edx,ebp
+       mov     DWORD PTR 48[esp],edx
+       lea     edx,DWORD PTR 2400959708[ebp*1+edx]
+       mov     ebp,eax
        add     edx,ecx
-       ; 40_59 45
+       and     ebp,ebx
        mov     ecx,DWORD PTR 52[esp]
-       mov     ebp,DWORD PTR 60[esp]
-       xor     ecx,ebp
-       mov     ebp,DWORD PTR 20[esp]
-       xor     ecx,ebp
-       mov     ebp,DWORD PTR 40[esp]
-       xor     ecx,ebp
-       mov     ebp,edi
+       add     edx,ebp
+       ; 40_59 45
+       mov     ebp,esi
+       xor     ecx,DWORD PTR 60[esp]
+       xor     ebp,eax
+       xor     ecx,DWORD PTR 20[esp]
+       and     ebp,edi
+       xor     ecx,DWORD PTR 40[esp]
        rol     ecx,1
-       or      ebp,esi
-       mov     DWORD PTR 52[esp],ecx
-       and     ebp,eax
-       lea     ecx,DWORD PTR 2400959708[ebx*1+ecx]
-       mov     ebx,edi
+       add     ebp,ebx
        ror     edi,2
-       and     ebx,esi
-       or      ebp,ebx
        mov     ebx,edx
        rol     ebx,5
-       add     ecx,ebp
+       mov     DWORD PTR 52[esp],ecx
+       lea     ecx,DWORD PTR 2400959708[ebp*1+ecx]
+       mov     ebp,esi
        add     ecx,ebx
-       ; 40_59 46
+       and     ebp,eax
        mov     ebx,DWORD PTR 56[esp]
-       mov     ebp,DWORD PTR [esp]
-       xor     ebx,ebp
-       mov     ebp,DWORD PTR 24[esp]
-       xor     ebx,ebp
-       mov     ebp,DWORD PTR 44[esp]
-       xor     ebx,ebp
-       mov     ebp,edx
+       add     ecx,ebp
+       ; 40_59 46
+       mov     ebp,edi
+       xor     ebx,DWORD PTR [esp]
+       xor     ebp,esi
+       xor     ebx,DWORD PTR 24[esp]
+       and     ebp,edx
+       xor     ebx,DWORD PTR 44[esp]
        rol     ebx,1
-       or      ebp,edi
-       mov     DWORD PTR 56[esp],ebx
-       and     ebp,esi
-       lea     ebx,DWORD PTR 2400959708[eax*1+ebx]
-       mov     eax,edx
+       add     ebp,eax
        ror     edx,2
-       and     eax,edi
-       or      ebp,eax
        mov     eax,ecx
        rol     eax,5
-       add     ebx,ebp
+       mov     DWORD PTR 56[esp],ebx
+       lea     ebx,DWORD PTR 2400959708[ebp*1+ebx]
+       mov     ebp,edi
        add     ebx,eax
-       ; 40_59 47
+       and     ebp,esi
        mov     eax,DWORD PTR 60[esp]
-       mov     ebp,DWORD PTR 4[esp]
-       xor     eax,ebp
-       mov     ebp,DWORD PTR 28[esp]
-       xor     eax,ebp
-       mov     ebp,DWORD PTR 48[esp]
-       xor     eax,ebp
-       mov     ebp,ecx
+       add     ebx,ebp
+       ; 40_59 47
+       mov     ebp,edx
+       xor     eax,DWORD PTR 4[esp]
+       xor     ebp,edi
+       xor     eax,DWORD PTR 28[esp]
+       and     ebp,ecx
+       xor     eax,DWORD PTR 48[esp]
        rol     eax,1
-       or      ebp,edx
-       mov     DWORD PTR 60[esp],eax
-       and     ebp,edi
-       lea     eax,DWORD PTR 2400959708[esi*1+eax]
-       mov     esi,ecx
+       add     ebp,esi
        ror     ecx,2
-       and     esi,edx
-       or      ebp,esi
        mov     esi,ebx
        rol     esi,5
-       add     eax,ebp
+       mov     DWORD PTR 60[esp],eax
+       lea     eax,DWORD PTR 2400959708[ebp*1+eax]
+       mov     ebp,edx
        add     eax,esi
-       ; 40_59 48
+       and     ebp,edi
        mov     esi,DWORD PTR [esp]
-       mov     ebp,DWORD PTR 8[esp]
-       xor     esi,ebp
-       mov     ebp,DWORD PTR 32[esp]
-       xor     esi,ebp
-       mov     ebp,DWORD PTR 52[esp]
-       xor     esi,ebp
-       mov     ebp,ebx
+       add     eax,ebp
+       ; 40_59 48
+       mov     ebp,ecx
+       xor     esi,DWORD PTR 8[esp]
+       xor     ebp,edx
+       xor     esi,DWORD PTR 32[esp]
+       and     ebp,ebx
+       xor     esi,DWORD PTR 52[esp]
        rol     esi,1
-       or      ebp,ecx
-       mov     DWORD PTR [esp],esi
-       and     ebp,edx
-       lea     esi,DWORD PTR 2400959708[edi*1+esi]
-       mov     edi,ebx
+       add     ebp,edi
        ror     ebx,2
-       and     edi,ecx
-       or      ebp,edi
        mov     edi,eax
        rol     edi,5
-       add     esi,ebp
+       mov     DWORD PTR [esp],esi
+       lea     esi,DWORD PTR 2400959708[ebp*1+esi]
+       mov     ebp,ecx
        add     esi,edi
-       ; 40_59 49
+       and     ebp,edx
        mov     edi,DWORD PTR 4[esp]
-       mov     ebp,DWORD PTR 12[esp]
-       xor     edi,ebp
-       mov     ebp,DWORD PTR 36[esp]
-       xor     edi,ebp
-       mov     ebp,DWORD PTR 56[esp]
-       xor     edi,ebp
-       mov     ebp,eax
+       add     esi,ebp
+       ; 40_59 49
+       mov     ebp,ebx
+       xor     edi,DWORD PTR 12[esp]
+       xor     ebp,ecx
+       xor     edi,DWORD PTR 36[esp]
+       and     ebp,eax
+       xor     edi,DWORD PTR 56[esp]
        rol     edi,1
-       or      ebp,ebx
-       mov     DWORD PTR 4[esp],edi
-       and     ebp,ecx
-       lea     edi,DWORD PTR 2400959708[edx*1+edi]
-       mov     edx,eax
+       add     ebp,edx
        ror     eax,2
-       and     edx,ebx
-       or      ebp,edx
        mov     edx,esi
        rol     edx,5
-       add     edi,ebp
+       mov     DWORD PTR 4[esp],edi
+       lea     edi,DWORD PTR 2400959708[ebp*1+edi]
+       mov     ebp,ebx
        add     edi,edx
-       ; 40_59 50
+       and     ebp,ecx
        mov     edx,DWORD PTR 8[esp]
-       mov     ebp,DWORD PTR 16[esp]
-       xor     edx,ebp
-       mov     ebp,DWORD PTR 40[esp]
-       xor     edx,ebp
-       mov     ebp,DWORD PTR 60[esp]
-       xor     edx,ebp
-       mov     ebp,esi
+       add     edi,ebp
+       ; 40_59 50
+       mov     ebp,eax
+       xor     edx,DWORD PTR 16[esp]
+       xor     ebp,ebx
+       xor     edx,DWORD PTR 40[esp]
+       and     ebp,esi
+       xor     edx,DWORD PTR 60[esp]
        rol     edx,1
-       or      ebp,eax
-       mov     DWORD PTR 8[esp],edx
-       and     ebp,ebx
-       lea     edx,DWORD PTR 2400959708[ecx*1+edx]
-       mov     ecx,esi
+       add     ebp,ecx
        ror     esi,2
-       and     ecx,eax
-       or      ebp,ecx
        mov     ecx,edi
        rol     ecx,5
-       add     edx,ebp
+       mov     DWORD PTR 8[esp],edx
+       lea     edx,DWORD PTR 2400959708[ebp*1+edx]
+       mov     ebp,eax
        add     edx,ecx
-       ; 40_59 51
+       and     ebp,ebx
        mov     ecx,DWORD PTR 12[esp]
-       mov     ebp,DWORD PTR 20[esp]
-       xor     ecx,ebp
-       mov     ebp,DWORD PTR 44[esp]
-       xor     ecx,ebp
-       mov     ebp,DWORD PTR [esp]
-       xor     ecx,ebp
-       mov     ebp,edi
+       add     edx,ebp
+       ; 40_59 51
+       mov     ebp,esi
+       xor     ecx,DWORD PTR 20[esp]
+       xor     ebp,eax
+       xor     ecx,DWORD PTR 44[esp]
+       and     ebp,edi
+       xor     ecx,DWORD PTR [esp]
        rol     ecx,1
-       or      ebp,esi
-       mov     DWORD PTR 12[esp],ecx
-       and     ebp,eax
-       lea     ecx,DWORD PTR 2400959708[ebx*1+ecx]
-       mov     ebx,edi
+       add     ebp,ebx
        ror     edi,2
-       and     ebx,esi
-       or      ebp,ebx
        mov     ebx,edx
        rol     ebx,5
-       add     ecx,ebp
+       mov     DWORD PTR 12[esp],ecx
+       lea     ecx,DWORD PTR 2400959708[ebp*1+ecx]
+       mov     ebp,esi
        add     ecx,ebx
-       ; 40_59 52
+       and     ebp,eax
        mov     ebx,DWORD PTR 16[esp]
-       mov     ebp,DWORD PTR 24[esp]
-       xor     ebx,ebp
-       mov     ebp,DWORD PTR 48[esp]
-       xor     ebx,ebp
-       mov     ebp,DWORD PTR 4[esp]
-       xor     ebx,ebp
-       mov     ebp,edx
+       add     ecx,ebp
+       ; 40_59 52
+       mov     ebp,edi
+       xor     ebx,DWORD PTR 24[esp]
+       xor     ebp,esi
+       xor     ebx,DWORD PTR 48[esp]
+       and     ebp,edx
+       xor     ebx,DWORD PTR 4[esp]
        rol     ebx,1
-       or      ebp,edi
-       mov     DWORD PTR 16[esp],ebx
-       and     ebp,esi
-       lea     ebx,DWORD PTR 2400959708[eax*1+ebx]
-       mov     eax,edx
+       add     ebp,eax
        ror     edx,2
-       and     eax,edi
-       or      ebp,eax
        mov     eax,ecx
        rol     eax,5
-       add     ebx,ebp
+       mov     DWORD PTR 16[esp],ebx
+       lea     ebx,DWORD PTR 2400959708[ebp*1+ebx]
+       mov     ebp,edi
        add     ebx,eax
-       ; 40_59 53
+       and     ebp,esi
        mov     eax,DWORD PTR 20[esp]
-       mov     ebp,DWORD PTR 28[esp]
-       xor     eax,ebp
-       mov     ebp,DWORD PTR 52[esp]
-       xor     eax,ebp
-       mov     ebp,DWORD PTR 8[esp]
-       xor     eax,ebp
-       mov     ebp,ecx
+       add     ebx,ebp
+       ; 40_59 53
+       mov     ebp,edx
+       xor     eax,DWORD PTR 28[esp]
+       xor     ebp,edi
+       xor     eax,DWORD PTR 52[esp]
+       and     ebp,ecx
+       xor     eax,DWORD PTR 8[esp]
        rol     eax,1
-       or      ebp,edx
-       mov     DWORD PTR 20[esp],eax
-       and     ebp,edi
-       lea     eax,DWORD PTR 2400959708[esi*1+eax]
-       mov     esi,ecx
+       add     ebp,esi
        ror     ecx,2
-       and     esi,edx
-       or      ebp,esi
        mov     esi,ebx
        rol     esi,5
-       add     eax,ebp
+       mov     DWORD PTR 20[esp],eax
+       lea     eax,DWORD PTR 2400959708[ebp*1+eax]
+       mov     ebp,edx
        add     eax,esi
-       ; 40_59 54
+       and     ebp,edi
        mov     esi,DWORD PTR 24[esp]
-       mov     ebp,DWORD PTR 32[esp]
-       xor     esi,ebp
-       mov     ebp,DWORD PTR 56[esp]
-       xor     esi,ebp
-       mov     ebp,DWORD PTR 12[esp]
-       xor     esi,ebp
-       mov     ebp,ebx
+       add     eax,ebp
+       ; 40_59 54
+       mov     ebp,ecx
+       xor     esi,DWORD PTR 32[esp]
+       xor     ebp,edx
+       xor     esi,DWORD PTR 56[esp]
+       and     ebp,ebx
+       xor     esi,DWORD PTR 12[esp]
        rol     esi,1
-       or      ebp,ecx
-       mov     DWORD PTR 24[esp],esi
-       and     ebp,edx
-       lea     esi,DWORD PTR 2400959708[edi*1+esi]
-       mov     edi,ebx
+       add     ebp,edi
        ror     ebx,2
-       and     edi,ecx
-       or      ebp,edi
        mov     edi,eax
        rol     edi,5
-       add     esi,ebp
+       mov     DWORD PTR 24[esp],esi
+       lea     esi,DWORD PTR 2400959708[ebp*1+esi]
+       mov     ebp,ecx
        add     esi,edi
-       ; 40_59 55
+       and     ebp,edx
        mov     edi,DWORD PTR 28[esp]
-       mov     ebp,DWORD PTR 36[esp]
-       xor     edi,ebp
-       mov     ebp,DWORD PTR 60[esp]
-       xor     edi,ebp
-       mov     ebp,DWORD PTR 16[esp]
-       xor     edi,ebp
-       mov     ebp,eax
+       add     esi,ebp
+       ; 40_59 55
+       mov     ebp,ebx
+       xor     edi,DWORD PTR 36[esp]
+       xor     ebp,ecx
+       xor     edi,DWORD PTR 60[esp]
+       and     ebp,eax
+       xor     edi,DWORD PTR 16[esp]
        rol     edi,1
-       or      ebp,ebx
-       mov     DWORD PTR 28[esp],edi
-       and     ebp,ecx
-       lea     edi,DWORD PTR 2400959708[edx*1+edi]
-       mov     edx,eax
+       add     ebp,edx
        ror     eax,2
-       and     edx,ebx
-       or      ebp,edx
        mov     edx,esi
        rol     edx,5
-       add     edi,ebp
+       mov     DWORD PTR 28[esp],edi
+       lea     edi,DWORD PTR 2400959708[ebp*1+edi]
+       mov     ebp,ebx
        add     edi,edx
-       ; 40_59 56
+       and     ebp,ecx
        mov     edx,DWORD PTR 32[esp]
-       mov     ebp,DWORD PTR 40[esp]
-       xor     edx,ebp
-       mov     ebp,DWORD PTR [esp]
-       xor     edx,ebp
-       mov     ebp,DWORD PTR 20[esp]
-       xor     edx,ebp
-       mov     ebp,esi
+       add     edi,ebp
+       ; 40_59 56
+       mov     ebp,eax
+       xor     edx,DWORD PTR 40[esp]
+       xor     ebp,ebx
+       xor     edx,DWORD PTR [esp]
+       and     ebp,esi
+       xor     edx,DWORD PTR 20[esp]
        rol     edx,1
-       or      ebp,eax
-       mov     DWORD PTR 32[esp],edx
-       and     ebp,ebx
-       lea     edx,DWORD PTR 2400959708[ecx*1+edx]
-       mov     ecx,esi
+       add     ebp,ecx
        ror     esi,2
-       and     ecx,eax
-       or      ebp,ecx
        mov     ecx,edi
        rol     ecx,5
-       add     edx,ebp
+       mov     DWORD PTR 32[esp],edx
+       lea     edx,DWORD PTR 2400959708[ebp*1+edx]
+       mov     ebp,eax
        add     edx,ecx
-       ; 40_59 57
+       and     ebp,ebx
        mov     ecx,DWORD PTR 36[esp]
-       mov     ebp,DWORD PTR 44[esp]
-       xor     ecx,ebp
-       mov     ebp,DWORD PTR 4[esp]
-       xor     ecx,ebp
-       mov     ebp,DWORD PTR 24[esp]
-       xor     ecx,ebp
-       mov     ebp,edi
+       add     edx,ebp
+       ; 40_59 57
+       mov     ebp,esi
+       xor     ecx,DWORD PTR 44[esp]
+       xor     ebp,eax
+       xor     ecx,DWORD PTR 4[esp]
+       and     ebp,edi
+       xor     ecx,DWORD PTR 24[esp]
        rol     ecx,1
-       or      ebp,esi
-       mov     DWORD PTR 36[esp],ecx
-       and     ebp,eax
-       lea     ecx,DWORD PTR 2400959708[ebx*1+ecx]
-       mov     ebx,edi
+       add     ebp,ebx
        ror     edi,2
-       and     ebx,esi
-       or      ebp,ebx
        mov     ebx,edx
        rol     ebx,5
-       add     ecx,ebp
+       mov     DWORD PTR 36[esp],ecx
+       lea     ecx,DWORD PTR 2400959708[ebp*1+ecx]
+       mov     ebp,esi
        add     ecx,ebx
-       ; 40_59 58
+       and     ebp,eax
        mov     ebx,DWORD PTR 40[esp]
-       mov     ebp,DWORD PTR 48[esp]
-       xor     ebx,ebp
-       mov     ebp,DWORD PTR 8[esp]
-       xor     ebx,ebp
-       mov     ebp,DWORD PTR 28[esp]
-       xor     ebx,ebp
-       mov     ebp,edx
+       add     ecx,ebp
+       ; 40_59 58
+       mov     ebp,edi
+       xor     ebx,DWORD PTR 48[esp]
+       xor     ebp,esi
+       xor     ebx,DWORD PTR 8[esp]
+       and     ebp,edx
+       xor     ebx,DWORD PTR 28[esp]
        rol     ebx,1
-       or      ebp,edi
-       mov     DWORD PTR 40[esp],ebx
-       and     ebp,esi
-       lea     ebx,DWORD PTR 2400959708[eax*1+ebx]
-       mov     eax,edx
+       add     ebp,eax
        ror     edx,2
-       and     eax,edi
-       or      ebp,eax
        mov     eax,ecx
        rol     eax,5
-       add     ebx,ebp
+       mov     DWORD PTR 40[esp],ebx
+       lea     ebx,DWORD PTR 2400959708[ebp*1+ebx]
+       mov     ebp,edi
        add     ebx,eax
-       ; 40_59 59
+       and     ebp,esi
        mov     eax,DWORD PTR 44[esp]
-       mov     ebp,DWORD PTR 52[esp]
-       xor     eax,ebp
-       mov     ebp,DWORD PTR 12[esp]
-       xor     eax,ebp
-       mov     ebp,DWORD PTR 32[esp]
-       xor     eax,ebp
-       mov     ebp,ecx
+       add     ebx,ebp
+       ; 40_59 59
+       mov     ebp,edx
+       xor     eax,DWORD PTR 52[esp]
+       xor     ebp,edi
+       xor     eax,DWORD PTR 12[esp]
+       and     ebp,ecx
+       xor     eax,DWORD PTR 32[esp]
        rol     eax,1
-       or      ebp,edx
-       mov     DWORD PTR 44[esp],eax
-       and     ebp,edi
-       lea     eax,DWORD PTR 2400959708[esi*1+eax]
-       mov     esi,ecx
+       add     ebp,esi
        ror     ecx,2
-       and     esi,edx
-       or      ebp,esi
        mov     esi,ebx
        rol     esi,5
-       add     eax,ebp
+       mov     DWORD PTR 44[esp],eax
+       lea     eax,DWORD PTR 2400959708[ebp*1+eax]
+       mov     ebp,edx
        add     eax,esi
+       and     ebp,edi
+       mov     esi,DWORD PTR 48[esp]
+       add     eax,ebp
        ; 20_39 60
        mov     ebp,ebx
-       mov     esi,DWORD PTR 48[esp]
-       ror     ebx,2
        xor     esi,DWORD PTR 56[esp]
        xor     ebp,ecx
        xor     esi,DWORD PTR 16[esp]
        xor     ebp,edx
        xor     esi,DWORD PTR 36[esp]
        rol     esi,1
-       add     ebp,edi
+       add     edi,ebp
+       ror     ebx,2
+       mov     ebp,eax
+       rol     ebp,5
        mov     DWORD PTR 48[esp],esi
-       mov     edi,eax
-       rol     edi,5
-       lea     esi,DWORD PTR 3395469782[ebp*1+esi]
-       add     esi,edi
+       lea     esi,DWORD PTR 3395469782[edi*1+esi]
+       mov     edi,DWORD PTR 52[esp]
+       add     esi,ebp
        ; 20_39 61
        mov     ebp,eax
-       mov     edi,DWORD PTR 52[esp]
-       ror     eax,2
        xor     edi,DWORD PTR 60[esp]
        xor     ebp,ebx
        xor     edi,DWORD PTR 20[esp]
        xor     ebp,ecx
        xor     edi,DWORD PTR 40[esp]
        rol     edi,1
-       add     ebp,edx
+       add     edx,ebp
+       ror     eax,2
+       mov     ebp,esi
+       rol     ebp,5
        mov     DWORD PTR 52[esp],edi
-       mov     edx,esi
-       rol     edx,5
-       lea     edi,DWORD PTR 3395469782[ebp*1+edi]
-       add     edi,edx
+       lea     edi,DWORD PTR 3395469782[edx*1+edi]
+       mov     edx,DWORD PTR 56[esp]
+       add     edi,ebp
        ; 20_39 62
        mov     ebp,esi
-       mov     edx,DWORD PTR 56[esp]
-       ror     esi,2
        xor     edx,DWORD PTR [esp]
        xor     ebp,eax
        xor     edx,DWORD PTR 24[esp]
        xor     ebp,ebx
        xor     edx,DWORD PTR 44[esp]
        rol     edx,1
-       add     ebp,ecx
+       add     ecx,ebp
+       ror     esi,2
+       mov     ebp,edi
+       rol     ebp,5
        mov     DWORD PTR 56[esp],edx
-       mov     ecx,edi
-       rol     ecx,5
-       lea     edx,DWORD PTR 3395469782[ebp*1+edx]
-       add     edx,ecx
+       lea     edx,DWORD PTR 3395469782[ecx*1+edx]
+       mov     ecx,DWORD PTR 60[esp]
+       add     edx,ebp
        ; 20_39 63
        mov     ebp,edi
-       mov     ecx,DWORD PTR 60[esp]
-       ror     edi,2
        xor     ecx,DWORD PTR 4[esp]
        xor     ebp,esi
        xor     ecx,DWORD PTR 28[esp]
        xor     ebp,eax
        xor     ecx,DWORD PTR 48[esp]
        rol     ecx,1
-       add     ebp,ebx
+       add     ebx,ebp
+       ror     edi,2
+       mov     ebp,edx
+       rol     ebp,5
        mov     DWORD PTR 60[esp],ecx
-       mov     ebx,edx
-       rol     ebx,5
-       lea     ecx,DWORD PTR 3395469782[ebp*1+ecx]
-       add     ecx,ebx
+       lea     ecx,DWORD PTR 3395469782[ebx*1+ecx]
+       mov     ebx,DWORD PTR [esp]
+       add     ecx,ebp
        ; 20_39 64
        mov     ebp,edx
-       mov     ebx,DWORD PTR [esp]
-       ror     edx,2
        xor     ebx,DWORD PTR 8[esp]
        xor     ebp,edi
        xor     ebx,DWORD PTR 32[esp]
        xor     ebp,esi
        xor     ebx,DWORD PTR 52[esp]
        rol     ebx,1
-       add     ebp,eax
+       add     eax,ebp
+       ror     edx,2
+       mov     ebp,ecx
+       rol     ebp,5
        mov     DWORD PTR [esp],ebx
-       mov     eax,ecx
-       rol     eax,5
-       lea     ebx,DWORD PTR 3395469782[ebp*1+ebx]
-       add     ebx,eax
+       lea     ebx,DWORD PTR 3395469782[eax*1+ebx]
+       mov     eax,DWORD PTR 4[esp]
+       add     ebx,ebp
        ; 20_39 65
        mov     ebp,ecx
-       mov     eax,DWORD PTR 4[esp]
-       ror     ecx,2
        xor     eax,DWORD PTR 12[esp]
        xor     ebp,edx
        xor     eax,DWORD PTR 36[esp]
        xor     ebp,edi
        xor     eax,DWORD PTR 56[esp]
        rol     eax,1
-       add     ebp,esi
+       add     esi,ebp
+       ror     ecx,2
+       mov     ebp,ebx
+       rol     ebp,5
        mov     DWORD PTR 4[esp],eax
-       mov     esi,ebx
-       rol     esi,5
-       lea     eax,DWORD PTR 3395469782[ebp*1+eax]
-       add     eax,esi
+       lea     eax,DWORD PTR 3395469782[esi*1+eax]
+       mov     esi,DWORD PTR 8[esp]
+       add     eax,ebp
        ; 20_39 66
        mov     ebp,ebx
-       mov     esi,DWORD PTR 8[esp]
-       ror     ebx,2
        xor     esi,DWORD PTR 16[esp]
        xor     ebp,ecx
        xor     esi,DWORD PTR 40[esp]
        xor     ebp,edx
        xor     esi,DWORD PTR 60[esp]
        rol     esi,1
-       add     ebp,edi
+       add     edi,ebp
+       ror     ebx,2
+       mov     ebp,eax
+       rol     ebp,5
        mov     DWORD PTR 8[esp],esi
-       mov     edi,eax
-       rol     edi,5
-       lea     esi,DWORD PTR 3395469782[ebp*1+esi]
-       add     esi,edi
+       lea     esi,DWORD PTR 3395469782[edi*1+esi]
+       mov     edi,DWORD PTR 12[esp]
+       add     esi,ebp
        ; 20_39 67
        mov     ebp,eax
-       mov     edi,DWORD PTR 12[esp]
-       ror     eax,2
        xor     edi,DWORD PTR 20[esp]
        xor     ebp,ebx
        xor     edi,DWORD PTR 44[esp]
        xor     ebp,ecx
        xor     edi,DWORD PTR [esp]
        rol     edi,1
-       add     ebp,edx
+       add     edx,ebp
+       ror     eax,2
+       mov     ebp,esi
+       rol     ebp,5
        mov     DWORD PTR 12[esp],edi
-       mov     edx,esi
-       rol     edx,5
-       lea     edi,DWORD PTR 3395469782[ebp*1+edi]
-       add     edi,edx
+       lea     edi,DWORD PTR 3395469782[edx*1+edi]
+       mov     edx,DWORD PTR 16[esp]
+       add     edi,ebp
        ; 20_39 68
        mov     ebp,esi
-       mov     edx,DWORD PTR 16[esp]
-       ror     esi,2
        xor     edx,DWORD PTR 24[esp]
        xor     ebp,eax
        xor     edx,DWORD PTR 48[esp]
        xor     ebp,ebx
        xor     edx,DWORD PTR 4[esp]
        rol     edx,1
-       add     ebp,ecx
+       add     ecx,ebp
+       ror     esi,2
+       mov     ebp,edi
+       rol     ebp,5
        mov     DWORD PTR 16[esp],edx
-       mov     ecx,edi
-       rol     ecx,5
-       lea     edx,DWORD PTR 3395469782[ebp*1+edx]
-       add     edx,ecx
+       lea     edx,DWORD PTR 3395469782[ecx*1+edx]
+       mov     ecx,DWORD PTR 20[esp]
+       add     edx,ebp
        ; 20_39 69
        mov     ebp,edi
-       mov     ecx,DWORD PTR 20[esp]
-       ror     edi,2
        xor     ecx,DWORD PTR 28[esp]
        xor     ebp,esi
        xor     ecx,DWORD PTR 52[esp]
        xor     ebp,eax
        xor     ecx,DWORD PTR 8[esp]
        rol     ecx,1
-       add     ebp,ebx
+       add     ebx,ebp
+       ror     edi,2
+       mov     ebp,edx
+       rol     ebp,5
        mov     DWORD PTR 20[esp],ecx
-       mov     ebx,edx
-       rol     ebx,5
-       lea     ecx,DWORD PTR 3395469782[ebp*1+ecx]
-       add     ecx,ebx
+       lea     ecx,DWORD PTR 3395469782[ebx*1+ecx]
+       mov     ebx,DWORD PTR 24[esp]
+       add     ecx,ebp
        ; 20_39 70
        mov     ebp,edx
-       mov     ebx,DWORD PTR 24[esp]
-       ror     edx,2
        xor     ebx,DWORD PTR 32[esp]
        xor     ebp,edi
        xor     ebx,DWORD PTR 56[esp]
        xor     ebp,esi
        xor     ebx,DWORD PTR 12[esp]
        rol     ebx,1
-       add     ebp,eax
+       add     eax,ebp
+       ror     edx,2
+       mov     ebp,ecx
+       rol     ebp,5
        mov     DWORD PTR 24[esp],ebx
-       mov     eax,ecx
-       rol     eax,5
-       lea     ebx,DWORD PTR 3395469782[ebp*1+ebx]
-       add     ebx,eax
+       lea     ebx,DWORD PTR 3395469782[eax*1+ebx]
+       mov     eax,DWORD PTR 28[esp]
+       add     ebx,ebp
        ; 20_39 71
        mov     ebp,ecx
-       mov     eax,DWORD PTR 28[esp]
-       ror     ecx,2
        xor     eax,DWORD PTR 36[esp]
        xor     ebp,edx
        xor     eax,DWORD PTR 60[esp]
        xor     ebp,edi
        xor     eax,DWORD PTR 16[esp]
        rol     eax,1
-       add     ebp,esi
+       add     esi,ebp
+       ror     ecx,2
+       mov     ebp,ebx
+       rol     ebp,5
        mov     DWORD PTR 28[esp],eax
-       mov     esi,ebx
-       rol     esi,5
-       lea     eax,DWORD PTR 3395469782[ebp*1+eax]
-       add     eax,esi
+       lea     eax,DWORD PTR 3395469782[esi*1+eax]
+       mov     esi,DWORD PTR 32[esp]
+       add     eax,ebp
        ; 20_39 72
        mov     ebp,ebx
-       mov     esi,DWORD PTR 32[esp]
-       ror     ebx,2
        xor     esi,DWORD PTR 40[esp]
        xor     ebp,ecx
        xor     esi,DWORD PTR [esp]
        xor     ebp,edx
        xor     esi,DWORD PTR 20[esp]
        rol     esi,1
-       add     ebp,edi
+       add     edi,ebp
+       ror     ebx,2
+       mov     ebp,eax
+       rol     ebp,5
        mov     DWORD PTR 32[esp],esi
-       mov     edi,eax
-       rol     edi,5
-       lea     esi,DWORD PTR 3395469782[ebp*1+esi]
-       add     esi,edi
+       lea     esi,DWORD PTR 3395469782[edi*1+esi]
+       mov     edi,DWORD PTR 36[esp]
+       add     esi,ebp
        ; 20_39 73
        mov     ebp,eax
-       mov     edi,DWORD PTR 36[esp]
-       ror     eax,2
        xor     edi,DWORD PTR 44[esp]
        xor     ebp,ebx
        xor     edi,DWORD PTR 4[esp]
        xor     ebp,ecx
        xor     edi,DWORD PTR 24[esp]
        rol     edi,1
-       add     ebp,edx
+       add     edx,ebp
+       ror     eax,2
+       mov     ebp,esi
+       rol     ebp,5
        mov     DWORD PTR 36[esp],edi
-       mov     edx,esi
-       rol     edx,5
-       lea     edi,DWORD PTR 3395469782[ebp*1+edi]
-       add     edi,edx
+       lea     edi,DWORD PTR 3395469782[edx*1+edi]
+       mov     edx,DWORD PTR 40[esp]
+       add     edi,ebp
        ; 20_39 74
        mov     ebp,esi
-       mov     edx,DWORD PTR 40[esp]
-       ror     esi,2
        xor     edx,DWORD PTR 48[esp]
        xor     ebp,eax
        xor     edx,DWORD PTR 8[esp]
        xor     ebp,ebx
        xor     edx,DWORD PTR 28[esp]
        rol     edx,1
-       add     ebp,ecx
+       add     ecx,ebp
+       ror     esi,2
+       mov     ebp,edi
+       rol     ebp,5
        mov     DWORD PTR 40[esp],edx
-       mov     ecx,edi
-       rol     ecx,5
-       lea     edx,DWORD PTR 3395469782[ebp*1+edx]
-       add     edx,ecx
+       lea     edx,DWORD PTR 3395469782[ecx*1+edx]
+       mov     ecx,DWORD PTR 44[esp]
+       add     edx,ebp
        ; 20_39 75
        mov     ebp,edi
-       mov     ecx,DWORD PTR 44[esp]
-       ror     edi,2
        xor     ecx,DWORD PTR 52[esp]
        xor     ebp,esi
        xor     ecx,DWORD PTR 12[esp]
        xor     ebp,eax
        xor     ecx,DWORD PTR 32[esp]
        rol     ecx,1
-       add     ebp,ebx
+       add     ebx,ebp
+       ror     edi,2
+       mov     ebp,edx
+       rol     ebp,5
        mov     DWORD PTR 44[esp],ecx
-       mov     ebx,edx
-       rol     ebx,5
-       lea     ecx,DWORD PTR 3395469782[ebp*1+ecx]
-       add     ecx,ebx
+       lea     ecx,DWORD PTR 3395469782[ebx*1+ecx]
+       mov     ebx,DWORD PTR 48[esp]
+       add     ecx,ebp
        ; 20_39 76
        mov     ebp,edx
-       mov     ebx,DWORD PTR 48[esp]
-       ror     edx,2
        xor     ebx,DWORD PTR 56[esp]
        xor     ebp,edi
        xor     ebx,DWORD PTR 16[esp]
        xor     ebp,esi
        xor     ebx,DWORD PTR 36[esp]
        rol     ebx,1
-       add     ebp,eax
+       add     eax,ebp
+       ror     edx,2
+       mov     ebp,ecx
+       rol     ebp,5
        mov     DWORD PTR 48[esp],ebx
-       mov     eax,ecx
-       rol     eax,5
-       lea     ebx,DWORD PTR 3395469782[ebp*1+ebx]
-       add     ebx,eax
+       lea     ebx,DWORD PTR 3395469782[eax*1+ebx]
+       mov     eax,DWORD PTR 52[esp]
+       add     ebx,ebp
        ; 20_39 77
        mov     ebp,ecx
-       mov     eax,DWORD PTR 52[esp]
-       ror     ecx,2
        xor     eax,DWORD PTR 60[esp]
        xor     ebp,edx
        xor     eax,DWORD PTR 20[esp]
        xor     ebp,edi
        xor     eax,DWORD PTR 40[esp]
        rol     eax,1
-       add     ebp,esi
-       mov     DWORD PTR 52[esp],eax
-       mov     esi,ebx
-       rol     esi,5
-       lea     eax,DWORD PTR 3395469782[ebp*1+eax]
-       add     eax,esi
-       ; 20_39 78
+       add     esi,ebp
+       ror     ecx,2
        mov     ebp,ebx
+       rol     ebp,5
+       lea     eax,DWORD PTR 3395469782[esi*1+eax]
        mov     esi,DWORD PTR 56[esp]
-       ror     ebx,2
+       add     eax,ebp
+       ; 20_39 78
+       mov     ebp,ebx
        xor     esi,DWORD PTR [esp]
        xor     ebp,ecx
        xor     esi,DWORD PTR 24[esp]
        xor     ebp,edx
        xor     esi,DWORD PTR 44[esp]
        rol     esi,1
-       add     ebp,edi
-       mov     DWORD PTR 56[esp],esi
-       mov     edi,eax
-       rol     edi,5
-       lea     esi,DWORD PTR 3395469782[ebp*1+esi]
-       add     esi,edi
-       ; 20_39 79
+       add     edi,ebp
+       ror     ebx,2
        mov     ebp,eax
+       rol     ebp,5
+       lea     esi,DWORD PTR 3395469782[edi*1+esi]
        mov     edi,DWORD PTR 60[esp]
-       ror     eax,2
+       add     esi,ebp
+       ; 20_39 79
+       mov     ebp,eax
        xor     edi,DWORD PTR 4[esp]
        xor     ebp,ebx
        xor     edi,DWORD PTR 28[esp]
        xor     ebp,ecx
        xor     edi,DWORD PTR 48[esp]
        rol     edi,1
-       add     ebp,edx
-       mov     DWORD PTR 60[esp],edi
-       mov     edx,esi
-       rol     edx,5
-       lea     edi,DWORD PTR 3395469782[ebp*1+edi]
-       add     edi,edx
-       mov     ebp,DWORD PTR 84[esp]
-       mov     edx,DWORD PTR 88[esp]
+       add     edx,ebp
+       ror     eax,2
+       mov     ebp,esi
+       rol     ebp,5
+       lea     edi,DWORD PTR 3395469782[edx*1+edi]
+       add     edi,ebp
+       mov     ebp,DWORD PTR 96[esp]
+       mov     edx,DWORD PTR 100[esp]
        add     edi,DWORD PTR [ebp]
        add     esi,DWORD PTR 4[ebp]
        add     eax,DWORD PTR 8[ebp]
@@ -1430,14 +1368,14 @@ $L000loop:
        mov     DWORD PTR [ebp],edi
        add     edx,64
        mov     DWORD PTR 4[ebp],esi
-       cmp     edx,DWORD PTR 92[esp]
+       cmp     edx,DWORD PTR 104[esp]
        mov     DWORD PTR 8[ebp],eax
        mov     edi,ecx
        mov     DWORD PTR 12[ebp],ebx
        mov     esi,edx
        mov     DWORD PTR 16[ebp],ecx
        jb      $L000loop
-       add     esp,64
+       add     esp,76
        pop     edi
        pop     esi
        pop     ebx

diff --git a/deps/openssl/asm/x86-win32-masm/sha/sha256-586.asm b/deps/openssl/asm/x86-win32-masm/sha/sha256-586.asm
index 75b1dc8..577c38f 100644 (file)
--- a/deps/openssl/asm/x86-win32-masm/sha/sha256-586.asm
+++ b/deps/openssl/asm/x86-win32-masm/sha/sha256-586.asm
@@ -2,7 +2,7 @@ TITLE   sha512-586.asm
 IF @Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
-.586
+.686
 .MODEL FLAT
 OPTION DOTNAME
 IF @Version LT 800
@@ -104,31 +104,30 @@ ALIGN     16
 $L00300_15:
        mov     ebx,DWORD PTR 92[esp]
        mov     ecx,edx
-       ror     ecx,6
-       mov     edi,edx
-       ror     edi,11
+       ror     ecx,14
        mov     esi,DWORD PTR 20[esp]
-       xor     ecx,edi
-       ror     edi,14
-       xor     ecx,edi
+       xor     ecx,edx
+       ror     ecx,5
+       xor     ecx,edx
+       ror     ecx,6
        mov     edi,DWORD PTR 24[esp]
        add     ebx,ecx
-       mov     DWORD PTR 16[esp],edx
        xor     esi,edi
+       mov     DWORD PTR 16[esp],edx
        mov     ecx,eax
        and     esi,edx
        mov     edx,DWORD PTR 12[esp]
        xor     esi,edi
        mov     edi,eax
        add     ebx,esi
-       ror     ecx,2
+       ror     ecx,9
        add     ebx,DWORD PTR 28[esp]
-       ror     edi,13
+       xor     ecx,eax
+       ror     ecx,11
        mov     esi,DWORD PTR 4[esp]
-       xor     ecx,edi
-       ror     edi,9
+       xor     ecx,eax
+       ror     ecx,2
        add     edx,ebx
-       xor     ecx,edi
        mov     edi,DWORD PTR 8[esp]
        add     ebx,ecx
        mov     DWORD PTR [esp],eax
@@ -150,48 +149,46 @@ ALIGN     16
 $L00416_63:
        mov     esi,ebx
        mov     ecx,DWORD PTR 100[esp]
-       shr     ebx,3
-       ror     esi,7
-       xor     ebx,esi
        ror     esi,11
        mov     edi,ecx
+       xor     esi,ebx
+       ror     esi,7
+       shr     ebx,3
+       ror     edi,2
        xor     ebx,esi
-       shr     ecx,10
-       mov     esi,DWORD PTR 156[esp]
+       xor     edi,ecx
        ror     edi,17
-       xor     ecx,edi
-       ror     edi,2
-       add     ebx,esi
+       shr     ecx,10
+       add     ebx,DWORD PTR 156[esp]
        xor     edi,ecx
-       add     ebx,edi
-       mov     ecx,edx
        add     ebx,DWORD PTR 120[esp]
-       ror     ecx,6
-       mov     edi,edx
-       ror     edi,11
+       mov     ecx,edx
+       add     ebx,edi
+       ror     ecx,14
        mov     esi,DWORD PTR 20[esp]
-       xor     ecx,edi
-       ror     edi,14
+       xor     ecx,edx
+       ror     ecx,5
        mov     DWORD PTR 92[esp],ebx
-       xor     ecx,edi
+       xor     ecx,edx
+       ror     ecx,6
        mov     edi,DWORD PTR 24[esp]
        add     ebx,ecx
-       mov     DWORD PTR 16[esp],edx
        xor     esi,edi
+       mov     DWORD PTR 16[esp],edx
        mov     ecx,eax
        and     esi,edx
        mov     edx,DWORD PTR 12[esp]
        xor     esi,edi
        mov     edi,eax
        add     ebx,esi
-       ror     ecx,2
+       ror     ecx,9
        add     ebx,DWORD PTR 28[esp]
-       ror     edi,13
+       xor     ecx,eax
+       ror     ecx,11
        mov     esi,DWORD PTR 4[esp]
-       xor     ecx,edi
-       ror     edi,9
+       xor     ecx,eax
+       ror     ecx,2
        add     edx,ebx
-       xor     ecx,edi
        mov     edi,DWORD PTR 8[esp]
        add     ebx,ecx
        mov     DWORD PTR [esp],eax

diff --git a/deps/openssl/asm/x86-win32-masm/sha/sha512-586.asm b/deps/openssl/asm/x86-win32-masm/sha/sha512-586.asm
index 9f32497..98c1c07 100644 (file)
--- a/deps/openssl/asm/x86-win32-masm/sha/sha512-586.asm
+++ b/deps/openssl/asm/x86-win32-masm/sha/sha512-586.asm
@@ -2,7 +2,7 @@ TITLE   sha512-586.asm
 IF @Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
-.586
+.686
 .MODEL FLAT
 OPTION DOTNAME
 IF @Version LT 800

diff --git a/deps/openssl/asm/x86-win32-masm/x86cpuid.asm b/deps/openssl/asm/x86-win32-masm/x86cpuid.asm
index 7e663d6..b9b1c25 100644 (file)
--- a/deps/openssl/asm/x86-win32-masm/x86cpuid.asm
+++ b/deps/openssl/asm/x86-win32-masm/x86cpuid.asm
@@ -2,7 +2,7 @@ TITLE   x86cpuid.asm
 IF @Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
-.586
+.686
 .MODEL FLAT
 OPTION DOTNAME
 IF @Version LT 800
@@ -27,9 +27,9 @@ $L_OPENSSL_ia32_cpuid_begin::
        pushfd
        pop     eax
        xor     ecx,eax
-       bt      ecx,21
-       jnc     $L000done
        xor     eax,eax
+       bt      ecx,21
+       jnc     $L000nocpuid
        cpuid
        mov     edi,eax
        xor     eax,eax
@@ -55,7 +55,14 @@ $L_OPENSSL_ia32_cpuid_begin::
        jnz     $L001intel
        mov     eax,2147483648
        cpuid
-       cmp     eax,2147483656
+       cmp     eax,2147483649
+       jb      $L001intel
+       mov     esi,eax
+       mov     eax,2147483649
+       cpuid
+       or      ebp,ecx
+       and     ebp,2049
+       cmp     esi,2147483656
        jb      $L001intel
        mov     eax,2147483656
        cpuid
@@ -64,46 +71,68 @@ $L_OPENSSL_ia32_cpuid_begin::
        mov     eax,1
        cpuid
        bt      edx,28
-       jnc     $L000done
+       jnc     $L002generic
        shr     ebx,16
        and     ebx,255
        cmp     ebx,esi
-       ja      $L000done
+       ja      $L002generic
        and     edx,4026531839
-       jmp     $L000done
+       jmp     $L002generic
 $L001intel:
        cmp     edi,4
        mov     edi,-1
-       jb      $L002nocacheinfo
+       jb      $L003nocacheinfo
        mov     eax,4
        mov     ecx,0
        cpuid
        mov     edi,eax
        shr     edi,14
        and     edi,4095
-$L002nocacheinfo:
+$L003nocacheinfo:
        mov     eax,1
        cpuid
+       and     edx,3220176895
        cmp     ebp,0
-       jne     $L003notP4
+       jne     $L004notintel
+       or      edx,1073741824
        and     ah,15
        cmp     ah,15
-       jne     $L003notP4
+       jne     $L004notintel
        or      edx,1048576
-$L003notP4:
+$L004notintel:
        bt      edx,28
-       jnc     $L000done
+       jnc     $L002generic
        and     edx,4026531839
        cmp     edi,0
-       je      $L000done
+       je      $L002generic
        or      edx,268435456
        shr     ebx,16
        cmp     bl,1
-       ja      $L000done
+       ja      $L002generic
        and     edx,4026531839
-$L000done:
-       mov     eax,edx
-       mov     edx,ecx
+$L002generic:
+       and     ebp,2048
+       and     ecx,4294965247
+       mov     esi,edx
+       or      ebp,ecx
+       bt      ecx,27
+       jnc     $L005clear_avx
+       xor     ecx,ecx
+DB     15,1,208
+       and     eax,6
+       cmp     eax,6
+       je      $L006done
+       cmp     eax,2
+       je      $L005clear_avx
+$L007clear_xmm:
+       and     ebp,4261412861
+       and     esi,4278190079
+$L005clear_avx:
+       and     ebp,4026525695
+$L006done:
+       mov     eax,esi
+       mov     edx,ebp
+$L000nocpuid:
        pop     edi
        pop     esi
        pop     ebx
@@ -118,9 +147,9 @@ $L_OPENSSL_rdtsc_begin::
        xor     edx,edx
        lea     ecx,DWORD PTR _OPENSSL_ia32cap_P
        bt      DWORD PTR [ecx],4
-       jnc     $L004notsc
+       jnc     $L008notsc
        rdtsc
-$L004notsc:
+$L008notsc:
        ret
 _OPENSSL_rdtsc ENDP
 ALIGN  16
@@ -128,14 +157,14 @@ _OPENSSL_instrument_halt  PROC PUBLIC
 $L_OPENSSL_instrument_halt_begin::
        lea     ecx,DWORD PTR _OPENSSL_ia32cap_P
        bt      DWORD PTR [ecx],4
-       jnc     $L005nohalt
+       jnc     $L009nohalt
 DD     2421723150
        and     eax,3
-       jnz     $L005nohalt
+       jnz     $L009nohalt
        pushfd
        pop     eax
        bt      eax,9
-       jnc     $L005nohalt
+       jnc     $L009nohalt
        rdtsc
        push    edx
        push    eax
@@ -145,7 +174,7 @@ DD  2421723150
        sbb     edx,DWORD PTR 4[esp]
        add     esp,8
        ret
-$L005nohalt:
+$L009nohalt:
        xor     eax,eax
        xor     edx,edx
        ret
@@ -156,21 +185,21 @@ $L_OPENSSL_far_spin_begin::
        pushfd
        pop     eax
        bt      eax,9
-       jnc     $L006nospin
+       jnc     $L010nospin
        mov     eax,DWORD PTR 4[esp]
        mov     ecx,DWORD PTR 8[esp]
 DD     2430111262
        xor     eax,eax
        mov     edx,DWORD PTR [ecx]
-       jmp     $L007spin
+       jmp     $L011spin
 ALIGN  16
-$L007spin:
+$L011spin:
        inc     eax
        cmp     edx,DWORD PTR [ecx]
-       je      $L007spin
+       je      $L011spin
 DD     529567888
        ret
-$L006nospin:
+$L010nospin:
        xor     eax,eax
        xor     edx,edx
        ret
@@ -183,9 +212,9 @@ $L_OPENSSL_wipe_cpu_begin::
        lea     ecx,DWORD PTR _OPENSSL_ia32cap_P
        mov     ecx,DWORD PTR [ecx]
        bt      DWORD PTR [ecx],1
-       jnc     $L008no_x87
+       jnc     $L012no_x87
 DD     4007259865,4007259865,4007259865,4007259865,2430851995
-$L008no_x87:
+$L012no_x87:
        lea     eax,DWORD PTR 4[esp]
        ret
 _OPENSSL_wipe_cpu ENDP
@@ -197,11 +226,11 @@ $L_OPENSSL_atomic_add_begin::
        push    ebx
        nop
        mov     eax,DWORD PTR [edx]
-$L009spin:
+$L013spin:
        lea     ebx,DWORD PTR [ecx*1+eax]
        nop
 DD     447811568
-       jne     $L009spin
+       jne     $L013spin
        mov     eax,ebx
        pop     ebx
        ret
@@ -238,37 +267,50 @@ $L_OPENSSL_cleanse_begin::
        mov     ecx,DWORD PTR 8[esp]
        xor     eax,eax
        cmp     ecx,7
-       jae     $L010lot
+       jae     $L014lot
        cmp     ecx,0
-       je      $L011ret
-$L012little:
+       je      $L015ret
+$L016little:
        mov     BYTE PTR [edx],al
        sub     ecx,1
        lea     edx,DWORD PTR 1[edx]
-       jnz     $L012little
-$L011ret:
+       jnz     $L016little
+$L015ret:
        ret
 ALIGN  16
-$L010lot:
+$L014lot:
        test    edx,3
-       jz      $L013aligned
+       jz      $L017aligned
        mov     BYTE PTR [edx],al
        lea     ecx,DWORD PTR [ecx-1]
        lea     edx,DWORD PTR 1[edx]
-       jmp     $L010lot
-$L013aligned:
+       jmp     $L014lot
+$L017aligned:
        mov     DWORD PTR [edx],eax
        lea     ecx,DWORD PTR [ecx-4]
        test    ecx,-4
        lea     edx,DWORD PTR 4[edx]
-       jnz     $L013aligned
+       jnz     $L017aligned
        cmp     ecx,0
-       jne     $L012little
+       jne     $L016little
        ret
 _OPENSSL_cleanse ENDP
+ALIGN  16
+_OPENSSL_ia32_rdrand   PROC PUBLIC
+$L_OPENSSL_ia32_rdrand_begin::
+       mov     ecx,8
+$L018loop:
+DB     15,199,240
+       jc      $L019break
+       loop    $L018loop
+$L019break:
+       cmp     eax,0
+       cmove   eax,ecx
+       ret
+_OPENSSL_ia32_rdrand ENDP
 .text$ ENDS
 .bss   SEGMENT 'BSS'
-COMM   _OPENSSL_ia32cap_P:DWORD
+COMM   _OPENSSL_ia32cap_P:QWORD
 .bss   ENDS
 .CRT$XCU       SEGMENT DWORD PUBLIC 'DATA'
 EXTERN _OPENSSL_cpuid_setup:NEAR

diff --git a/deps/openssl/config/android/openssl/opensslconf.h b/deps/openssl/config/android/openssl/opensslconf.h
deleted file mode 100644 (file)
index 9280eb2..0000000
--- a/deps/openssl/config/android/openssl/opensslconf.h
+++ /dev/null
@@ -1,253 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_CMS
-# define OPENSSL_NO_CMS
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-#ifndef OPENSSL_NO_SHA0
-# define OPENSSL_NO_SHA0
-#endif
-#ifndef OPENSSL_NO_WHRLPOOL
-# define OPENSSL_NO_WHRLPOOL
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_THREADS
-# define OPENSSL_THREADS
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAST) && !defined(NO_CAST)
-#  define NO_CAST
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_MD2) && !defined(NO_MD2)
-#  define NO_MD2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-# if defined(OPENSSL_NO_SHA0) && !defined(NO_SHA0)
-#  define NO_SHA0
-# endif
-# if defined(OPENSSL_NO_STORE) && !defined(NO_STORE)
-#  define NO_STORE
-# endif
-# if defined(OPENSSL_NO_WHRLPOOL) && !defined(NO_WHRLPOOL)
-#  define NO_WHRLPOOL
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned char
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#define BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#define BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )             /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )      /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )      /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )         /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )                /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )         /* 68K */
-  /* Unknown */
-#elif defined( __dgux )                /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )         /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)       /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */

diff --git a/deps/openssl/config/k8/openssl/opensslconf-posix.h b/deps/openssl/config/k8/openssl/opensslconf-posix.h
deleted file mode 100644 (file)
index 1a6058f..0000000
--- a/deps/openssl/config/k8/openssl/opensslconf-posix.h
+++ /dev/null
@@ -1,273 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CMS
-# define OPENSSL_NO_CMS
-#endif
-#ifndef OPENSSL_NO_FIPS
-# define OPENSSL_NO_FIPS
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_THREADS
-# define OPENSSL_THREADS
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
-#  define NO_CMS
-# endif
-# if defined(OPENSSL_NO_FIPS) && !defined(NO_FIPS)
-#  define NO_FIPS
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-#ifdef OPENSSL_DOING_MAKEDEPEND
-
-/* Include any symbols here that have to be explicitly set to enable a feature
- * that should be visible to makedepend.
- *
- * [Our "make depend" doesn't actually look at this, we use actual build settings
- * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
- */
-
-#ifndef OPENSSL_FIPS
-#define OPENSSL_FIPS
-#endif
-
-#endif
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-#if !defined(SWIG)
-#include <unistd.h>
-#endif
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#define SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#undef THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
-
-#if defined( sun )             /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )      /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )      /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )         /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )                /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )         /* 68K */
-  /* Unknown */
-#elif defined( __dgux )                /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )         /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)       /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */

diff --git a/deps/openssl/config/k8/openssl/opensslconf-win32.h b/deps/openssl/config/k8/openssl/opensslconf-win32.h
deleted file mode 100644 (file)
index 8a37db9..0000000
--- a/deps/openssl/config/k8/openssl/opensslconf-win32.h
+++ /dev/null
@@ -1,262 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_SYSNAME_WIN32
-# define OPENSSL_SYSNAME_WIN32
-#endif
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CMS
-# define OPENSSL_NO_CMS
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_THREADS
-# define OPENSSL_THREADS
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
-#  define NO_CMS
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-#ifdef OPENSSL_DOING_MAKEDEPEND
-
-/* Include any symbols here that have to be explicitly set to enable a feature
- * that should be visible to makedepend.
- *
- * [Our "make depend" doesn't actually look at this, we use actual build settings
- * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
- */
-
-#ifndef OPENSSL_FIPS
-#define OPENSSL_FIPS
-#endif
-
-#endif
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "ssl/lib/engines"
-#define OPENSSLDIR "ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-#define OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long long
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#define SIXTY_FOUR_BIT
-#undef THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
-
-#if defined( sun )             /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )      /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )      /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )         /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )                /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )         /* 68K */
-  /* Unknown */
-#elif defined( __dgux )                /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )         /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)       /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */

diff --git a/deps/openssl/config/k8/openssl/opensslconf.h b/deps/openssl/config/k8/openssl/opensslconf.h
deleted file mode 100644 (file)
index 0ea58de..0000000
--- a/deps/openssl/config/k8/openssl/opensslconf.h
+++ /dev/null
@@ -1,5 +0,0 @@
-#ifdef WIN32
-#include "opensslconf-win32.h"
-#else
-#include "opensslconf-posix.h"
-#endif

diff --git a/deps/openssl/config/piii/openssl/opensslconf-posix.h b/deps/openssl/config/piii/openssl/opensslconf-posix.h
deleted file mode 100644 (file)
index 36e305a..0000000
--- a/deps/openssl/config/piii/openssl/opensslconf-posix.h
+++ /dev/null
@@ -1,273 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CMS
-# define OPENSSL_NO_CMS
-#endif
-#ifndef OPENSSL_NO_FIPS
-# define OPENSSL_NO_FIPS
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_THREADS
-# define OPENSSL_THREADS
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
-#  define NO_CMS
-# endif
-# if defined(OPENSSL_NO_FIPS) && !defined(NO_FIPS)
-#  define NO_FIPS
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-#ifdef OPENSSL_DOING_MAKEDEPEND
-
-/* Include any symbols here that have to be explicitly set to enable a feature
- * that should be visible to makedepend.
- *
- * [Our "make depend" doesn't actually look at this, we use actual build settings
- * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
- */
-
-#ifndef OPENSSL_FIPS
-#define OPENSSL_FIPS
-#endif
-
-#endif
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "/usr/local/ssl/lib/engines"
-#define OPENSSLDIR "/usr/local/ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-#if !defined(SWIG)
-#include <unistd.h>
-#endif
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#define BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#define RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#define DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#define DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
-
-#if defined( sun )             /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )      /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )      /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )         /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )                /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )         /* 68K */
-  /* Unknown */
-#elif defined( __dgux )                /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )         /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)       /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */

diff --git a/deps/openssl/config/piii/openssl/opensslconf-win32.h b/deps/openssl/config/piii/openssl/opensslconf-win32.h
deleted file mode 100644 (file)
index 529aec6..0000000
--- a/deps/openssl/config/piii/openssl/opensslconf-win32.h
+++ /dev/null
@@ -1,274 +0,0 @@
-/* opensslconf.h */
-/* WARNING: Generated automatically from opensslconf.h.in by Configure. */
-
-/* OpenSSL was configured with the following options: */
-#ifndef OPENSSL_SYSNAME_WIN32
-# define OPENSSL_SYSNAME_WIN32
-#endif
-#ifndef OPENSSL_DOING_MAKEDEPEND
-
-
-#ifndef OPENSSL_NO_CAMELLIA
-# define OPENSSL_NO_CAMELLIA
-#endif
-#ifndef OPENSSL_NO_CAPIENG
-# define OPENSSL_NO_CAPIENG
-#endif
-#ifndef OPENSSL_NO_CMS
-# define OPENSSL_NO_CMS
-#endif
-#ifndef OPENSSL_NO_FIPS
-# define OPENSSL_NO_FIPS
-#endif
-#ifndef OPENSSL_NO_GMP
-# define OPENSSL_NO_GMP
-#endif
-#ifndef OPENSSL_NO_IDEA
-# define OPENSSL_NO_IDEA
-#endif
-#ifndef OPENSSL_NO_JPAKE
-# define OPENSSL_NO_JPAKE
-#endif
-#ifndef OPENSSL_NO_KRB5
-# define OPENSSL_NO_KRB5
-#endif
-#ifndef OPENSSL_NO_MDC2
-# define OPENSSL_NO_MDC2
-#endif
-#ifndef OPENSSL_NO_RC5
-# define OPENSSL_NO_RC5
-#endif
-#ifndef OPENSSL_NO_RFC3779
-# define OPENSSL_NO_RFC3779
-#endif
-#ifndef OPENSSL_NO_SEED
-# define OPENSSL_NO_SEED
-#endif
-
-#endif /* OPENSSL_DOING_MAKEDEPEND */
-
-#ifndef OPENSSL_THREADS
-# define OPENSSL_THREADS
-#endif
-#ifndef OPENSSL_NO_DYNAMIC_ENGINE
-# define OPENSSL_NO_DYNAMIC_ENGINE
-#endif
-
-/* The OPENSSL_NO_* macros are also defined as NO_* if the application
-   asks for it.  This is a transient feature that is provided for those
-   who haven't had the time to do the appropriate changes in their
-   applications.  */
-#ifdef OPENSSL_ALGORITHM_DEFINES
-# if defined(OPENSSL_NO_CAMELLIA) && !defined(NO_CAMELLIA)
-#  define NO_CAMELLIA
-# endif
-# if defined(OPENSSL_NO_CAPIENG) && !defined(NO_CAPIENG)
-#  define NO_CAPIENG
-# endif
-# if defined(OPENSSL_NO_CMS) && !defined(NO_CMS)
-#  define NO_CMS
-# endif
-# if defined(OPENSSL_NO_FIPS) && !defined(NO_FIPS)
-#  define NO_FIPS
-# endif
-# if defined(OPENSSL_NO_GMP) && !defined(NO_GMP)
-#  define NO_GMP
-# endif
-# if defined(OPENSSL_NO_IDEA) && !defined(NO_IDEA)
-#  define NO_IDEA
-# endif
-# if defined(OPENSSL_NO_JPAKE) && !defined(NO_JPAKE)
-#  define NO_JPAKE
-# endif
-# if defined(OPENSSL_NO_KRB5) && !defined(NO_KRB5)
-#  define NO_KRB5
-# endif
-# if defined(OPENSSL_NO_MDC2) && !defined(NO_MDC2)
-#  define NO_MDC2
-# endif
-# if defined(OPENSSL_NO_RC5) && !defined(NO_RC5)
-#  define NO_RC5
-# endif
-# if defined(OPENSSL_NO_RFC3779) && !defined(NO_RFC3779)
-#  define NO_RFC3779
-# endif
-# if defined(OPENSSL_NO_SEED) && !defined(NO_SEED)
-#  define NO_SEED
-# endif
-#endif
-
-/* crypto/opensslconf.h.in */
-
-#ifdef OPENSSL_DOING_MAKEDEPEND
-
-/* Include any symbols here that have to be explicitly set to enable a feature
- * that should be visible to makedepend.
- *
- * [Our "make depend" doesn't actually look at this, we use actual build settings
- * instead; we want to make it easy to remove subdirectories with disabled algorithms.]
- */
-
-#ifndef OPENSSL_FIPS
-#define OPENSSL_FIPS
-#endif
-
-#endif
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define ENGINESDIR "ssl/lib/engines"
-#define OPENSSLDIR "ssl"
-#endif
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-#define OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#define BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#define RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
-
-#if defined( sun )             /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )      /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )      /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )         /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )                /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )         /* 68K */
-  /* Unknown */
-#elif defined( __dgux )                /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )         /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)       /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */

diff --git a/deps/openssl/config/piii/openssl/opensslconf.h b/deps/openssl/config/piii/openssl/opensslconf.h
deleted file mode 100644 (file)
index 0ea58de..0000000
--- a/deps/openssl/config/piii/openssl/opensslconf.h
+++ /dev/null
@@ -1,5 +0,0 @@
-#ifdef WIN32
-#include "opensslconf-win32.h"
-#else
-#include "opensslconf-posix.h"
-#endif

diff --git a/deps/openssl/openssl.gyp b/deps/openssl/openssl.gyp
index dba4c8a..77af4de 100644 (file)
--- a/deps/openssl/openssl.gyp
+++ b/deps/openssl/openssl.gyp
@@ -3,27 +3,26 @@
 # found in the LICENSE file.
 
 {
+  'variables': {
+    'is_clang': 0,
+    'gcc_version': 0,
+  },
+
   'targets': [
     {
       'target_name': 'openssl',
       'type': '<(library)',
       'defines': [
+        # No clue what these are for.
         'L_ENDIAN',
-        'OPENSSL_THREADS',
         'PURIFY',
         '_REENTRANT',
-        # We do not use TLS over UDP on Chromium so far.
-        'OPENSSL_NO_DTLS1',
-        'OPENSSL_NO_SOCK',
-        'OPENSSL_NO_DGRAM',
-        # Work around brain dead SunOS linker.
-        'OPENSSL_NO_GOST',
-        'OPENSSL_NO_HW_PADLOCK',
-        'OPENSSL_NO_CAMELLIA',
-        'OPENSSL_NO_CMS',
-        'OPENSSL_NO_MDC2',
-        'OPENSSL_NO_SEED',
-        'OPENSSL_NO_IDEA',
+
+        # Heartbeat is a TLS extension, that couldn't be turned off or
+        # asked to be not advertised. Unfortunately this is unacceptable for
+        # Microsoft's IIS, which seems to be ignoring whole ClientHello after
+        # seeing this extension.
+        'OPENSSL_NO_HEARTBEATS',
       ],
       'sources': [
         'openssl/ssl/bio_ssl.c',
@@ -33,6 +32,7 @@
         'openssl/ssl/d1_lib.c',
         'openssl/ssl/d1_meth.c',
         'openssl/ssl/d1_pkt.c',
+        'openssl/ssl/d1_srtp.c',
         'openssl/ssl/d1_srvr.c',
         'openssl/ssl/kssl.c',
         'openssl/ssl/s23_clnt.c',
@@ -53,6 +53,7 @@
         'openssl/ssl/s3_meth.c',
         'openssl/ssl/s3_pkt.c',
         'openssl/ssl/s3_srvr.c',
+        'openssl/ssl/s3_cbc.c',
         'openssl/ssl/ssl_algs.c',
         'openssl/ssl/ssl_asn1.c',
         'openssl/ssl/ssl_cert.c',
@@ -70,7 +71,7 @@
         'openssl/ssl/t1_meth.c',
         'openssl/ssl/t1_reneg.c',
         'openssl/ssl/t1_srvr.c',
-
+        'openssl/ssl/tls_srp.c',
         'openssl/crypto/aes/aes_cfb.c',
         'openssl/crypto/aes/aes_ctr.c',
         'openssl/crypto/aes/aes_ecb.c',
@@ -204,12 +205,35 @@
         'openssl/crypto/bn/bn_sqr.c',
         'openssl/crypto/bn/bn_sqrt.c',
         'openssl/crypto/bn/bn_word.c',
+        'openssl/crypto/bn/bn_x931p.c',
         'openssl/crypto/buffer/buf_err.c',
+        'openssl/crypto/buffer/buf_str.c',
         'openssl/crypto/buffer/buffer.c',
+        'openssl/crypto/camellia/cmll_cfb.c',
+        'openssl/crypto/camellia/cmll_ctr.c',
+        'openssl/crypto/camellia/cmll_ecb.c',
+        'openssl/crypto/camellia/cmll_ofb.c',
+        'openssl/crypto/camellia/cmll_utl.c',
         'openssl/crypto/cast/c_cfb64.c',
         'openssl/crypto/cast/c_ecb.c',
         'openssl/crypto/cast/c_ofb64.c',
         'openssl/crypto/cast/c_skey.c',
+        'openssl/crypto/cmac/cm_ameth.c',
+        'openssl/crypto/cmac/cm_pmeth.c',
+        'openssl/crypto/cmac/cmac.c',
+        'openssl/crypto/cms/cms_asn1.c',
+        'openssl/crypto/cms/cms_att.c',
+        'openssl/crypto/cms/cms_cd.c',
+        'openssl/crypto/cms/cms_dd.c',
+        'openssl/crypto/cms/cms_enc.c',
+        'openssl/crypto/cms/cms_env.c',
+        'openssl/crypto/cms/cms_err.c',
+        'openssl/crypto/cms/cms_ess.c',
+        'openssl/crypto/cms/cms_io.c',
+        'openssl/crypto/cms/cms_lib.c',
+        'openssl/crypto/cms/cms_pwri.c',
+        'openssl/crypto/cms/cms_sd.c',
+        'openssl/crypto/cms/cms_smime.c',
         'openssl/crypto/comp/c_rle.c',
         'openssl/crypto/comp/c_zlib.c',
         'openssl/crypto/comp/comp_err.c',
@@ -271,15 +295,20 @@
         'openssl/crypto/dsa/dsa_sign.c',
         'openssl/crypto/dsa/dsa_vrf.c',
         'openssl/crypto/dso/dso_beos.c',
+        'openssl/crypto/dso/dso_dl.c',
+        'openssl/crypto/dso/dso_dlfcn.c',
         'openssl/crypto/dso/dso_err.c',
         'openssl/crypto/dso/dso_lib.c',
         'openssl/crypto/dso/dso_null.c',
         'openssl/crypto/dso/dso_openssl.c',
+        'openssl/crypto/dso/dso_vms.c',
+        'openssl/crypto/dso/dso_win32.c',
         'openssl/crypto/ebcdic.c',
         'openssl/crypto/ec/ec2_mult.c',
+        'openssl/crypto/ec/ec2_oct.c',
         'openssl/crypto/ec/ec2_smpl.c',
-        'openssl/crypto/ec/ec_asn1.c',
         'openssl/crypto/ec/ec_ameth.c',
+        'openssl/crypto/ec/ec_asn1.c',
         'openssl/crypto/ec/ec_check.c',
         'openssl/crypto/ec/ec_curve.c',
         'openssl/crypto/ec/ec_cvt.c',
@@ -287,11 +316,17 @@
         'openssl/crypto/ec/ec_key.c',
         'openssl/crypto/ec/ec_lib.c',
         'openssl/crypto/ec/ec_mult.c',
+        'openssl/crypto/ec/ec_oct.c',
         'openssl/crypto/ec/ec_pmeth.c',
         'openssl/crypto/ec/ec_print.c',
         'openssl/crypto/ec/eck_prn.c',
         'openssl/crypto/ec/ecp_mont.c',
         'openssl/crypto/ec/ecp_nist.c',
+        'openssl/crypto/ec/ecp_nistp224.c',
+        'openssl/crypto/ec/ecp_nistp256.c',
+        'openssl/crypto/ec/ecp_nistp521.c',
+        'openssl/crypto/ec/ecp_nistputil.c',
+        'openssl/crypto/ec/ecp_oct.c',
         'openssl/crypto/ec/ecp_smpl.c',
         'openssl/crypto/ecdh/ech_err.c',
         'openssl/crypto/ecdh/ech_key.c',
@@ -315,6 +350,8 @@
         'openssl/crypto/engine/eng_list.c',
         'openssl/crypto/engine/eng_openssl.c',
         'openssl/crypto/engine/eng_pkey.c',
+        'openssl/crypto/engine/eng_rdrand.c',
+        'openssl/crypto/engine/eng_rsax.c',
         'openssl/crypto/engine/eng_table.c',
         'openssl/crypto/engine/tb_asnmth.c',
         'openssl/crypto/engine/tb_cipher.c',
@@ -339,20 +376,27 @@
         'openssl/crypto/evp/c_alld.c',
         'openssl/crypto/evp/digest.c',
         'openssl/crypto/evp/e_aes.c',
+        'openssl/crypto/evp/e_aes_cbc_hmac_sha1.c',
         'openssl/crypto/evp/e_bf.c',
+        'openssl/crypto/evp/e_camellia.c',
         'openssl/crypto/evp/e_cast.c',
         'openssl/crypto/evp/e_des.c',
         'openssl/crypto/evp/e_des3.c',
+        'openssl/crypto/evp/e_idea.c',
         'openssl/crypto/evp/e_null.c',
         'openssl/crypto/evp/e_old.c',
         'openssl/crypto/evp/e_rc2.c',
         'openssl/crypto/evp/e_rc4.c',
+        'openssl/crypto/evp/e_rc4_hmac_md5.c',
         'openssl/crypto/evp/e_rc5.c',
+        'openssl/crypto/evp/e_seed.c',
         'openssl/crypto/evp/e_xcbc_d.c',
         'openssl/crypto/evp/encode.c',
         'openssl/crypto/evp/evp_acnf.c',
+        'openssl/crypto/evp/evp_cnf.c',
         'openssl/crypto/evp/evp_enc.c',
         'openssl/crypto/evp/evp_err.c',
+        'openssl/crypto/evp/evp_fips.c',
         'openssl/crypto/evp/evp_key.c',
         'openssl/crypto/evp/evp_lib.c',
         'openssl/crypto/evp/evp_pbe.c',
@@ -363,6 +407,7 @@
         'openssl/crypto/evp/m_md2.c',
         'openssl/crypto/evp/m_md4.c',
         'openssl/crypto/evp/m_md5.c',
+        'openssl/crypto/evp/m_mdc2.c',
         'openssl/crypto/evp/m_null.c',
         'openssl/crypto/evp/m_ripemd.c',
         'openssl/crypto/evp/m_sha.c',
@@ -383,24 +428,39 @@
         'openssl/crypto/evp/pmeth_gn.c',
         'openssl/crypto/evp/pmeth_lib.c',
         'openssl/crypto/ex_data.c',
+        'openssl/crypto/fips_ers.c',
         'openssl/crypto/hmac/hm_ameth.c',
         'openssl/crypto/hmac/hm_pmeth.c',
         'openssl/crypto/hmac/hmac.c',
+        'openssl/crypto/idea/i_cbc.c',
+        'openssl/crypto/idea/i_cfb64.c',
+        'openssl/crypto/idea/i_ecb.c',
+        'openssl/crypto/idea/i_ofb64.c',
+        'openssl/crypto/idea/i_skey.c',
         'openssl/crypto/krb5/krb5_asn.c',
         'openssl/crypto/lhash/lh_stats.c',
         'openssl/crypto/lhash/lhash.c',
+        'openssl/crypto/md2/md2_dgst.c',
+        'openssl/crypto/md2/md2_one.c',
         'openssl/crypto/md4/md4_dgst.c',
         'openssl/crypto/md4/md4_one.c',
         'openssl/crypto/md5/md5_dgst.c',
         'openssl/crypto/md5/md5_one.c',
+        'openssl/crypto/mdc2/mdc2_one.c',
+        'openssl/crypto/mdc2/mdc2dgst.c',
         'openssl/crypto/mem.c',
         'openssl/crypto/mem_dbg.c',
         'openssl/crypto/modes/cbc128.c',
+        'openssl/crypto/modes/ccm128.c',
         'openssl/crypto/modes/cfb128.c',
         'openssl/crypto/modes/ctr128.c',
         'openssl/crypto/modes/cts128.c',
+        'openssl/crypto/modes/gcm128.c',
         'openssl/crypto/modes/ofb128.c',
+        'openssl/crypto/modes/xts128.c',
         'openssl/crypto/o_dir.c',
+        'openssl/crypto/o_fips.c',
+        'openssl/crypto/o_init.c',
         'openssl/crypto/o_str.c',
         'openssl/crypto/o_time.c',
         'openssl/crypto/objects/o_names.c',
@@ -467,11 +527,13 @@
         'openssl/crypto/rc2/rc2_skey.c',
         'openssl/crypto/rc2/rc2cfb64.c',
         'openssl/crypto/rc2/rc2ofb64.c',
+        'openssl/crypto/rc4/rc4_utl.c',
         'openssl/crypto/ripemd/rmd_dgst.c',
         'openssl/crypto/ripemd/rmd_one.c',
         'openssl/crypto/rsa/rsa_ameth.c',
         'openssl/crypto/rsa/rsa_asn1.c',
         'openssl/crypto/rsa/rsa_chk.c',
+        'openssl/crypto/rsa/rsa_crpt.c',
         'openssl/crypto/rsa/rsa_depr.c',
         'openssl/crypto/rsa/rsa_eay.c',
         'openssl/crypto/rsa/rsa_err.c',
@@ -488,13 +550,24 @@
         'openssl/crypto/rsa/rsa_sign.c',
         'openssl/crypto/rsa/rsa_ssl.c',
         'openssl/crypto/rsa/rsa_x931.c',
+        'openssl/crypto/seed/seed.c',
+        'openssl/crypto/seed/seed_cbc.c',
+        'openssl/crypto/seed/seed_cfb.c',
+        'openssl/crypto/seed/seed_ecb.c',
+        'openssl/crypto/seed/seed_ofb.c',
         'openssl/crypto/sha/sha1_one.c',
         'openssl/crypto/sha/sha1dgst.c',
         'openssl/crypto/sha/sha256.c',
         'openssl/crypto/sha/sha512.c',
         'openssl/crypto/sha/sha_dgst.c',
         'openssl/crypto/sha/sha_one.c',
+        'openssl/crypto/srp/srp_lib.c',
+        'openssl/crypto/srp/srp_vfy.c',
         'openssl/crypto/stack/stack.c',
+        'openssl/crypto/store/str_err.c',
+        'openssl/crypto/store/str_lib.c',
+        'openssl/crypto/store/str_mem.c',
+        'openssl/crypto/store/str_meth.c',
         'openssl/crypto/ts/ts_asn1.c',
         'openssl/crypto/ts/ts_conf.c',
         'openssl/crypto/ts/ts_err.c',
@@ -585,25 +658,32 @@
         'openssl/engines/e_sureware.c',
         'openssl/engines/e_ubsec.c'
       ],
+      'sources/': [
+        ['exclude', 'md2/.*$'],
+        ['exclude', 'store/.*$']
+      ],
       'conditions': [
         ['target_arch!="ia32" and target_arch!="x64"', {
           # Disable asm
           'defines': [
             'OPENSSL_NO_ASM'
-          ],
+           ],
           'sources': [
             'openssl/crypto/aes/aes_cbc.c',
             'openssl/crypto/aes/aes_core.c',
             'openssl/crypto/bf/bf_enc.c',
             'openssl/crypto/bn/bn_asm.c',
             'openssl/crypto/cast/c_enc.c',
+            'openssl/crypto/camellia/camellia.c',
+            'openssl/crypto/camellia/cmll_cbc.c',
+            'openssl/crypto/camellia/cmll_misc.c',
             'openssl/crypto/des/des_enc.c',
             'openssl/crypto/des/fcrypt_b.c',
             'openssl/crypto/mem_clr.c',
             'openssl/crypto/rc4/rc4_enc.c',
             'openssl/crypto/rc4/rc4_skey.c',
             'openssl/crypto/whrlpool/wp_block.c'
-          ]
+         ]
         }, {
           # Enable asm
           'defines': [
@@ -624,6 +704,7 @@
             ['OS!="win" and OS!="mac" and target_arch=="ia32"', {
               'sources': [
                 'asm/x86-elf-gas/aes/aes-586.s',
+                'asm/x86-elf-gas/aes/aesni-x86.s',
                 'asm/x86-elf-gas/bf/bf-686.s',
                 'asm/x86-elf-gas/bn/x86-mont.s',
                 'asm/x86-elf-gas/bn/x86.s',
@@ -646,10 +727,14 @@
             ['OS!="win" and OS!="mac" and target_arch=="x64"', {
               'sources': [
                 'asm/x64-elf-gas/aes/aes-x86_64.s',
+                'asm/x64-elf-gas/aes/aesni-x86_64.s',
+                'asm/x64-elf-gas/aes/aesni-sha1-x86_64.s',
+                'asm/x64-elf-gas/bn/modexp512-x86_64.s',
                 'asm/x64-elf-gas/bn/x86_64-mont.s',
                 'asm/x64-elf-gas/camellia/cmll-x86_64.s',
                 'asm/x64-elf-gas/md5/md5-x86_64.s',
                 'asm/x64-elf-gas/rc4/rc4-x86_64.s',
+                'asm/x64-elf-gas/rc4/rc4-md5-x86_64.s',
                 'asm/x64-elf-gas/sha/sha1-x86_64.s',
                 'asm/x64-elf-gas/sha/sha512-x86_64.s',
                 'asm/x64-elf-gas/whrlpool/wp-x86_64.s',
@@ -657,15 +742,17 @@
                 # Non-generated asm
                 'openssl/crypto/bn/asm/x86_64-gcc.c',
                 # No asm available
+                'openssl/crypto/bf/bf_enc.c',
                 'openssl/crypto/cast/c_enc.c',
+                'openssl/crypto/camellia/cmll_misc.c',
                 'openssl/crypto/des/des_enc.c',
-                'openssl/crypto/bf/bf_enc.c',
                 'openssl/crypto/des/fcrypt_b.c'
               ]
             }],
             ['OS=="mac" and target_arch=="ia32"', {
               'sources': [
                 'asm/x86-macosx-gas/aes/aes-586.s',
+                'asm/x86-macosx-gas/aes/aesni-x86.s',
                 'asm/x86-macosx-gas/bf/bf-686.s',
                 'asm/x86-macosx-gas/bn/x86-mont.s',
                 'asm/x86-macosx-gas/bn/x86.s',
@@ -688,10 +775,14 @@
             ['OS=="mac" and target_arch=="x64"', {
               'sources': [
                 'asm/x64-macosx-gas/aes/aes-x86_64.s',
+                'asm/x64-macosx-gas/aes/aesni-x86_64.s',
+                'asm/x64-macosx-gas/aes/aesni-sha1-x86_64.s',
+                'asm/x64-macosx-gas/bn/modexp512-x86_64.s',
                 'asm/x64-macosx-gas/bn/x86_64-mont.s',
                 'asm/x64-macosx-gas/camellia/cmll-x86_64.s',
                 'asm/x64-macosx-gas/md5/md5-x86_64.s',
                 'asm/x64-macosx-gas/rc4/rc4-x86_64.s',
+                'asm/x64-macosx-gas/rc4/rc4-md5-x86_64.s',
                 'asm/x64-macosx-gas/sha/sha1-x86_64.s',
                 'asm/x64-macosx-gas/sha/sha512-x86_64.s',
                 'asm/x64-macosx-gas/whrlpool/wp-x86_64.s',
@@ -699,15 +790,17 @@
                 # Non-generated asm
                 'openssl/crypto/bn/asm/x86_64-gcc.c',
                 # No asm available
+                'openssl/crypto/bf/bf_enc.c',
                 'openssl/crypto/cast/c_enc.c',
+                'openssl/crypto/camellia/cmll_misc.c',
                 'openssl/crypto/des/des_enc.c',
-                'openssl/crypto/bf/bf_enc.c',
                 'openssl/crypto/des/fcrypt_b.c'
               ]
             }],
             ['OS=="win" and target_arch=="ia32"', {
               'sources': [
                 'asm/x86-win32-masm/aes/aes-586.asm',
+                'asm/x86-win32-masm/aes/aesni-x86.asm',
                 'asm/x86-win32-masm/bf/bf-686.asm',
                 'asm/x86-win32-masm/bn/x86-mont.asm',
                 'asm/x86-win32-masm/bn/x86.asm',
@@ -749,10 +842,14 @@
             ['OS=="win" and target_arch=="x64"', {
               'sources': [
                 'asm/x64-win32-masm/aes/aes-x86_64.asm',
+                'asm/x64-win32-masm/aes/aesni-x86_64.asm',
+                'asm/x64-win32-masm/aes/aesni-sha1-x86_64.asm',
+                'asm/x64-win32-masm/bn/modexp512-x86_64.asm',
                 'asm/x64-win32-masm/bn/x86_64-mont.asm',
                 'asm/x64-win32-masm/camellia/cmll-x86_64.asm',
                 'asm/x64-win32-masm/md5/md5-x86_64.asm',
                 'asm/x64-win32-masm/rc4/rc4-x86_64.asm',
+                'asm/x64-win32-masm/rc4/rc4-md5-x86_64.asm',
                 'asm/x64-win32-masm/sha/sha1-x86_64.asm',
                 'asm/x64-win32-masm/sha/sha512-x86_64.asm',
                 'asm/x64-win32-masm/whrlpool/wp-x86_64.asm',
@@ -760,9 +857,10 @@
                 # Non-generated asm
                 'openssl/crypto/bn/asm/x86_64-win32-masm.asm',
                 # No asm available
+                'openssl/crypto/bf/bf_enc.c',
                 'openssl/crypto/cast/c_enc.c',
+                'openssl/crypto/camellia/cmll_misc.c',
                 'openssl/crypto/des/des_enc.c',
-                'openssl/crypto/bf/bf_enc.c',
                 'openssl/crypto/des/fcrypt_b.c'
               ],
               'rules': [
@@ -789,8 +887,14 @@
         ['OS=="win"', {
           'defines': [
             'MK1MF_BUILD',
-            'WIN32_LEAN_AND_MEAN',
-          ]
+            'WIN32_LEAN_AND_MEAN'
+          ],
+          'link_settings': {
+            'libraries': [
+              '-lgdi32.lib',
+              '-luser32.lib',
+            ]
+          }
         }, {
           'defines': [
             # ENGINESDIR must be defined if OPENSSLDIR is.
@@ -800,40 +904,31 @@
             'OPENSSLDIR="/etc/ssl"',
             'TERMIOS',
           ],
+          'cflags': ['-Wno-missing-field-initializers'],
+        }],
+        ['is_clang==1 or gcc_version>=43', {
+          'cflags': ['-Wno-old-style-declaration'],
         }],
         ['OS=="solaris"', {
           'defines': ['__EXTENSIONS__'],
         }],
-        ['target_arch=="ia32"', {
-          'variables': {'openssl_config_path': 'config/piii'},
-        }],
-        ['target_arch=="x64"', {
-          'variables': {'openssl_config_path': 'config/k8'},
-        }],
         ['target_arch=="arm"', {
-          'variables': {'openssl_config_path': 'config/android'},
+          'sources': ['openssl/crypto/armcap.c'],
         }],
       ],
-      'sources/': [
-        ['exclude', 'camellia/.*$'],
-        ['exclude', 'cms/.*$'],
-        ['exclude', 'mdc2/.*$'],
-      ],
       'include_dirs': [
         '.',
         'openssl',
         'openssl/crypto',
         'openssl/crypto/asn1',
         'openssl/crypto/evp',
+        'openssl/crypto/md2',
+        'openssl/crypto/modes',
         'openssl/crypto/store',
         'openssl/include',
-        '<@(openssl_config_path)',
       ],
       'direct_dependent_settings': {
-        'include_dirs': [
-          'openssl/include',
-          '<@(openssl_config_path)',
-        ],
+        'include_dirs': ['openssl/include'],
       },
     },
   ],

diff --git a/deps/openssl/openssl/CHANGES b/deps/openssl/openssl/CHANGES
index 03e744a..ca82ad2 100644 (file)
--- a/deps/openssl/openssl/CHANGES
+++ b/deps/openssl/openssl/CHANGES
@@ -2,6 +2,434 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
+
+  *)
+
+ Changes between 1.0.1c and 1.0.1d [5 Feb 2013]
+
+  *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+
+     This addresses the flaw in CBC record processing discovered by 
+     Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+     at: http://www.isg.rhul.ac.uk/tls/     
+
+     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+     Security Group at Royal Holloway, University of London
+     (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+     Emilia Käsper for the initial patch.
+     (CVE-2013-0169)
+     [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+
+  *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
+     ciphersuites which can be exploited in a denial of service attack.
+     Thanks go to and to Adam Langley <agl@chromium.org> for discovering
+     and detecting this bug and to Wolfgang Ettlinger
+     <wolfgang.ettlinger@gmail.com> for independently discovering this issue.
+     (CVE-2012-2686)
+     [Adam Langley]
+
+  *) Return an error when checking OCSP signatures when key is NULL.
+     This fixes a DoS attack. (CVE-2013-0166)
+     [Steve Henson]
+
+  *) Make openssl verify return errors.
+     [Chris Palmer <palmer@google.com> and Ben Laurie]
+
+  *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+     the right response is stapled. Also change SSL_get_certificate()
+     so it returns the certificate actually sent.
+     See http://rt.openssl.org/Ticket/Display.html?id=2836.
+     [Rob Stradling <rob.stradling@comodo.com>]
+
+  *) Fix possible deadlock when decoding public keys.
+     [Steve Henson]
+
+  *) Don't use TLS 1.0 record version number in initial client hello
+     if renegotiating.
+     [Steve Henson]
+
+ Changes between 1.0.1b and 1.0.1c [10 May 2012]
+
+  *) Sanity check record length before skipping explicit IV in TLS
+     1.2, 1.1 and DTLS to fix DoS attack.
+
+     Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+     fuzzing as a service testing platform.
+     (CVE-2012-2333)
+     [Steve Henson]
+
+  *) Initialise tkeylen properly when encrypting CMS messages.
+     Thanks to Solar Designer of Openwall for reporting this issue.
+     [Steve Henson]
+
+  *) In FIPS mode don't try to use composite ciphers as they are not
+     approved.
+     [Steve Henson]
+
+ Changes between 1.0.1a and 1.0.1b [26 Apr 2012]
+
+  *) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and
+     1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately
+     mean any application compiled against OpenSSL 1.0.0 headers setting
+     SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disablng
+     TLS 1.1 also. Fix this by changing the value of SSL_OP_NO_TLSv1_1 to
+     0x10000000L Any application which was previously compiled against
+     OpenSSL 1.0.1 or 1.0.1a headers and which cares about SSL_OP_NO_TLSv1_1
+     will need to be recompiled as a result. Letting be results in
+     inability to disable specifically TLS 1.1 and in client context,
+     in unlike event, limit maximum offered version to TLS 1.0 [see below].
+     [Steve Henson]
+
+  *) In order to ensure interoperabilty SSL_OP_NO_protocolX does not
+     disable just protocol X, but all protocols above X *if* there are
+     protocols *below* X still enabled. In more practical terms it means
+     that if application wants to disable TLS1.0 in favor of TLS1.1 and
+     above, it's not sufficient to pass SSL_OP_NO_TLSv1, one has to pass
+     SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. This applies to
+     client side.
+     [Andy Polyakov]
+
+ Changes between 1.0.1 and 1.0.1a [19 Apr 2012]
+
+  *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+     BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+     in CRYPTO_realloc_clean.
+
+     Thanks to Tavis Ormandy, Google Security Team, for discovering this
+     issue and to Adam Langley <agl@chromium.org> for fixing it.
+     (CVE-2012-2110)
+     [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+
+  *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
+     [Adam Langley]
+
+  *) Workarounds for some broken servers that "hang" if a client hello
+     record length exceeds 255 bytes.
+
+     1. Do not use record version number > TLS 1.0 in initial client
+        hello: some (but not all) hanging servers will now work.
+     2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate
+       the number of ciphers sent in the client hello. This should be
+        set to an even number, such as 50, for example by passing:
+        -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure.
+        Most broken servers should now work.
+     3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable
+       TLS 1.2 client support entirely.
+     [Steve Henson]
+
+  *) Fix SEGV in Vector Permutation AES module observed in OpenSSH.
+     [Andy Polyakov]
+
+ Changes between 1.0.0h and 1.0.1  [14 Mar 2012]
+
+  *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
+     STRING form instead of a DigestInfo.
+     [Steve Henson]
+
+  *) The format used for MDC2 RSA signatures is inconsistent between EVP
+     and the RSA_sign/RSA_verify functions. This was made more apparent when
+     OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular
+     those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect 
+     the correct format in RSA_verify so both forms transparently work.
+     [Steve Henson]
+
+  *) Some servers which support TLS 1.0 can choke if we initially indicate
+     support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
+     encrypted premaster secret. As a workaround use the maximum pemitted
+     client version in client hello, this should keep such servers happy
+     and still work with previous versions of OpenSSL.
+     [Steve Henson]
+
+  *) Add support for TLS/DTLS heartbeats.
+     [Robin Seggelmann <seggelmann@fh-muenster.de>]
+
+  *) Add support for SCTP.
+     [Robin Seggelmann <seggelmann@fh-muenster.de>]
+
+  *) Improved PRNG seeding for VOS.
+     [Paul Green <Paul.Green@stratus.com>]
+
+  *) Extensive assembler packs updates, most notably:
+
+       - x86[_64]:     AES-NI, PCLMULQDQ, RDRAND support;
+       - x86[_64]:     SSSE3 support (SHA1, vector-permutation AES);
+       - x86_64:       bit-sliced AES implementation;
+       - ARM:          NEON support, contemporary platforms optimizations;
+       - s390x:        z196 support;
+       - *:            GHASH and GF(2^m) multiplication implementations;
+
+     [Andy Polyakov]
+
+  *) Make TLS-SRP code conformant with RFC 5054 API cleanup
+     (removal of unnecessary code)
+     [Peter Sylvester <peter.sylvester@edelweb.fr>]
+
+  *) Add TLS key material exporter from RFC 5705.
+     [Eric Rescorla]
+
+  *) Add DTLS-SRTP negotiation from RFC 5764.
+     [Eric Rescorla]
+
+  *) Add Next Protocol Negotiation,
+     http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be
+     disabled with a no-npn flag to config or Configure. Code donated
+     by Google.
+     [Adam Langley <agl@google.com> and Ben Laurie]
+
+  *) Add optional 64-bit optimized implementations of elliptic curves NIST-P224,
+     NIST-P256, NIST-P521, with constant-time single point multiplication on
+     typical inputs. Compiler support for the nonstandard type __uint128_t is
+     required to use this (present in gcc 4.4 and later, for 64-bit builds).
+     Code made available under Apache License version 2.0.
+
+     Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command
+     line to include this in your build of OpenSSL, and run "make depend" (or
+     "make update"). This enables the following EC_METHODs:
+
+         EC_GFp_nistp224_method()
+         EC_GFp_nistp256_method()
+         EC_GFp_nistp521_method()
+
+     EC_GROUP_new_by_curve_name() will automatically use these (while
+     EC_GROUP_new_curve_GFp() currently prefers the more flexible
+     implementations).
+     [Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
+
+  *) Use type ossl_ssize_t instad of ssize_t which isn't available on
+     all platforms. Move ssize_t definition from e_os.h to the public
+     header file e_os2.h as it now appears in public header file cms.h
+     [Steve Henson]
+
+  *) New -sigopt option to the ca, req and x509 utilities. Additional
+     signature parameters can be passed using this option and in
+     particular PSS. 
+     [Steve Henson]
+
+  *) Add RSA PSS signing function. This will generate and set the
+     appropriate AlgorithmIdentifiers for PSS based on those in the
+     corresponding EVP_MD_CTX structure. No application support yet.
+     [Steve Henson]
+
+  *) Support for companion algorithm specific ASN1 signing routines.
+     New function ASN1_item_sign_ctx() signs a pre-initialised
+     EVP_MD_CTX structure and sets AlgorithmIdentifiers based on
+     the appropriate parameters.
+     [Steve Henson]
+
+  *) Add new algorithm specific ASN1 verification initialisation function
+     to EVP_PKEY_ASN1_METHOD: this is not in EVP_PKEY_METHOD since the ASN1
+     handling will be the same no matter what EVP_PKEY_METHOD is used.
+     Add a PSS handler to support verification of PSS signatures: checked
+     against a number of sample certificates.
+     [Steve Henson]
+
+  *) Add signature printing for PSS. Add PSS OIDs.
+     [Steve Henson, Martin Kaiser <lists@kaiser.cx>]
+
+  *) Add algorithm specific signature printing. An individual ASN1 method
+     can now print out signatures instead of the standard hex dump. 
+
+     More complex signatures (e.g. PSS) can print out more meaningful
+     information. Include DSA version that prints out the signature
+     parameters r, s.
+     [Steve Henson]
+
+  *) Password based recipient info support for CMS library: implementing
+     RFC3211.
+     [Steve Henson]
+
+  *) Split password based encryption into PBES2 and PBKDF2 functions. This
+     neatly separates the code into cipher and PBE sections and is required
+     for some algorithms that split PBES2 into separate pieces (such as
+     password based CMS).
+     [Steve Henson]
+
+  *) Session-handling fixes:
+     - Fix handling of connections that are resuming with a session ID,
+       but also support Session Tickets.
+     - Fix a bug that suppressed issuing of a new ticket if the client
+       presented a ticket with an expired session.
+     - Try to set the ticket lifetime hint to something reasonable.
+     - Make tickets shorter by excluding irrelevant information.
+     - On the client side, don't ignore renewed tickets.
+     [Adam Langley, Bodo Moeller (Google)]
+
+  *) Fix PSK session representation.
+     [Bodo Moeller]
+
+  *) Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.
+
+     This work was sponsored by Intel.
+     [Andy Polyakov]
+
+  *) Add GCM support to TLS library. Some custom code is needed to split
+     the IV between the fixed (from PRF) and explicit (from TLS record)
+     portions. This adds all GCM ciphersuites supported by RFC5288 and 
+     RFC5289. Generalise some AES* cipherstrings to inlclude GCM and
+     add a special AESGCM string for GCM only.
+     [Steve Henson]
+
+  *) Expand range of ctrls for AES GCM. Permit setting invocation
+     field on decrypt and retrieval of invocation field only on encrypt.
+     [Steve Henson]
+
+  *) Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support.
+     As required by RFC5289 these ciphersuites cannot be used if for
+     versions of TLS earlier than 1.2.
+     [Steve Henson]
+
+  *) For FIPS capable OpenSSL interpret a NULL default public key method
+     as unset and return the appopriate default but do *not* set the default.
+     This means we can return the appopriate method in applications that
+     swicth between FIPS and non-FIPS modes.
+     [Steve Henson]
+
+  *) Redirect HMAC and CMAC operations to FIPS module in FIPS mode. If an
+     ENGINE is used then we cannot handle that in the FIPS module so we
+     keep original code iff non-FIPS operations are allowed.
+     [Steve Henson]
+
+  *) Add -attime option to openssl utilities.
+     [Peter Eckersley <pde@eff.org>, Ben Laurie and Steve Henson]
+
+  *) Redirect DSA and DH operations to FIPS module in FIPS mode.
+     [Steve Henson]
+
+  *) Redirect ECDSA and ECDH operations to FIPS module in FIPS mode. Also use
+     FIPS EC methods unconditionally for now.
+     [Steve Henson]
+
+  *) New build option no-ec2m to disable characteristic 2 code.
+     [Steve Henson]
+
+  *) Backport libcrypto audit of return value checking from 1.1.0-dev; not
+     all cases can be covered as some introduce binary incompatibilities.
+     [Steve Henson]
+
+  *) Redirect RSA operations to FIPS module including keygen,
+     encrypt, decrypt, sign and verify. Block use of non FIPS RSA methods.
+     [Steve Henson]
+
+  *) Add similar low level API blocking to ciphers.
+     [Steve Henson]
+
+  *) Low level digest APIs are not approved in FIPS mode: any attempt
+     to use these will cause a fatal error. Applications that *really* want
+     to use them can use the private_* version instead.
+     [Steve Henson]
+
+  *) Redirect cipher operations to FIPS module for FIPS builds. 
+     [Steve Henson]
+
+  *) Redirect digest operations to FIPS module for FIPS builds. 
+     [Steve Henson]
+
+  *) Update build system to add "fips" flag which will link in fipscanister.o
+     for static and shared library builds embedding a signature if needed.
+     [Steve Henson]
+
+  *) Output TLS supported curves in preference order instead of numerical
+     order. This is currently hardcoded for the highest order curves first.
+     This should be configurable so applications can judge speed vs strength.
+     [Steve Henson]
+
+  *) Add TLS v1.2 server support for client authentication. 
+     [Steve Henson]
+
+  *) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers
+     and enable MD5.
+     [Steve Henson]
+
+  *) Functions FIPS_mode_set() and FIPS_mode() which call the underlying
+     FIPS modules versions.
+     [Steve Henson]
+
+  *) Add TLS v1.2 client side support for client authentication. Keep cache
+     of handshake records longer as we don't know the hash algorithm to use
+     until after the certificate request message is received.
+     [Steve Henson]
+
+  *) Initial TLS v1.2 client support. Add a default signature algorithms
+     extension including all the algorithms we support. Parse new signature
+     format in client key exchange. Relax some ECC signing restrictions for
+     TLS v1.2 as indicated in RFC5246.
+     [Steve Henson]
+
+  *) Add server support for TLS v1.2 signature algorithms extension. Switch
+     to new signature format when needed using client digest preference.
+     All server ciphersuites should now work correctly in TLS v1.2. No client
+     support yet and no support for client certificates.
+     [Steve Henson]
+
+  *) Initial TLS v1.2 support. Add new SHA256 digest to ssl code, switch
+     to SHA256 for PRF when using TLS v1.2 and later. Add new SHA256 based
+     ciphersuites. At present only RSA key exchange ciphersuites work with
+     TLS v1.2. Add new option for TLS v1.2 replacing the old and obsolete
+     SSL_OP_PKCS1_CHECK flags with SSL_OP_NO_TLSv1_2. New TLSv1.2 methods
+     and version checking.
+     [Steve Henson]
+
+  *) New option OPENSSL_NO_SSL_INTERN. If an application can be compiled
+     with this defined it will not be affected by any changes to ssl internal
+     structures. Add several utility functions to allow openssl application
+     to work with OPENSSL_NO_SSL_INTERN defined.
+     [Steve Henson]
+
+  *) Add SRP support.
+     [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie]
+
+  *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
+     [Steve Henson]
+
+  *) Permit abbreviated handshakes when renegotiating using the function
+     SSL_renegotiate_abbreviated().
+     [Robin Seggelmann <seggelmann@fh-muenster.de>]
+
+  *) Add call to ENGINE_register_all_complete() to
+     ENGINE_load_builtin_engines(), so some implementations get used
+     automatically instead of needing explicit application support.
+     [Steve Henson]
+
+  *) Add support for TLS key exporter as described in RFC5705.
+     [Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson]
+
+  *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
+     a few changes are required:
+
+       Add SSL_OP_NO_TLSv1_1 flag.
+       Add TLSv1_1 methods.
+       Update version checking logic to handle version 1.1.
+       Add explicit IV handling (ported from DTLS code).
+       Add command line options to s_client/s_server.
+     [Steve Henson]
+
+ Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
+
+  *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
+     in CMS and PKCS7 code. When RSA decryption fails use a random key for
+     content decryption and always return the same error. Note: this attack
+     needs on average 2^20 messages so it only affects automated senders. The
+     old behaviour can be reenabled in the CMS code by setting the
+     CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
+     an MMA defence is not necessary.
+     Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
+     this issue. (CVE-2012-0884)
+     [Steve Henson]
+
+  *) Fix CVE-2011-4619: make sure we really are receiving a 
+     client hello before rejecting multiple SGC restarts. Thanks to
+     Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
+     [Steve Henson]
+
+ Changes between 1.0.0f and 1.0.0g [18 Jan 2012]
+
+  *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
+     Thanks to Antonio Martin, Enterprise Secure Access Research and
+     Development, Cisco Systems, Inc. for discovering this bug and
+     preparing a fix. (CVE-2012-0050)
+     [Antonio Martin]
+
  Changes between 1.0.0e and 1.0.0f [4 Jan 2012]
 
   *) Nadhem Alfardan and Kenny Paterson have discovered an extension
@@ -22,7 +450,9 @@
      (CVE-2011-4576)
      [Adam Langley (Google)]
 
-  *) Only allow one SGC handshake restart for SSL/TLS. (CVE-2011-4619)
+  *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
+     Kadianakis <desnacked@gmail.com> for discovering this issue and
+     Adam Langley for preparing the fix. (CVE-2011-4619)
      [Adam Langley (Google)]
 
   *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
@@ -963,8 +1393,47 @@
 
   *) Change 'Configure' script to enable Camellia by default.
      [NTT]
+
+ Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
+
+  *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
+     Thanks to Antonio Martin, Enterprise Secure Access Research and
+     Development, Cisco Systems, Inc. for discovering this bug and
+     preparing a fix. (CVE-2012-0050)
+     [Antonio Martin]
   
- Changes between 0.9.8r and 0.9.8s [xx XXX xxxx]
+ Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
+
+  *) Nadhem Alfardan and Kenny Paterson have discovered an extension
+     of the Vaudenay padding oracle attack on CBC mode encryption
+     which enables an efficient plaintext recovery attack against
+     the OpenSSL implementation of DTLS. Their attack exploits timing
+     differences arising during decryption processing. A research
+     paper describing this attack can be found at:
+                  http://www.isg.rhul.ac.uk/~kp/dtls.pdf
+     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+     Security Group at Royal Holloway, University of London
+     (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
+     <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
+     for preparing the fix. (CVE-2011-4108)
+     [Robin Seggelmann, Michael Tuexen]
+
+  *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
+     [Ben Laurie, Kasper <ekasper@google.com>]
+
+  *) Clear bytes used for block padding of SSL 3.0 records.
+     (CVE-2011-4576)
+     [Adam Langley (Google)]
+
+  *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
+     Kadianakis <desnacked@gmail.com> for discovering this issue and
+     Adam Langley for preparing the fix. (CVE-2011-4619)
+     [Adam Langley (Google)]
+ 
+  *) Prevent malformed RFC3779 data triggering an assertion failure.
+     Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
+     and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
+     [Rob Austein <sra@hactrn.net>]
 
   *) Fix ssl_ciph.c set-up race.
      [Adam Langley (Google)]

diff --git a/deps/openssl/openssl/Configure b/deps/openssl/openssl/Configure
index 7941c93..9c803dc 100755 (executable)
--- a/deps/openssl/openssl/Configure
+++ b/deps/openssl/openssl/Configure
@@ -10,7 +10,7 @@ use strict;
 
 # see INSTALL for instructions.
 
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
 
 # Options:
 #
@@ -56,6 +56,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 # [no-]zlib     [don't] compile support for zlib compression.
 # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
 #              library and will be loaded in run-time by the OpenSSL library.
+# sctp          include SCTP support
 # 386           generate 80386 code
 # no-sse2      disables IA-32 SSE2 code, above option implies no-sse2
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
@@ -123,21 +124,24 @@ my $tlib="-lnsl -lsocket";
 my $bits1="THIRTY_TWO_BIT ";
 my $bits2="SIXTY_FOUR_BIT ";
 
-my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes-586.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o";
+my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o:des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:";
 
 my $x86_elf_asm="$x86_asm:elf";
 
-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o";
-my $ia64_asm="ia64cpuid.o:bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::void";
-my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::void";
-my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::void";
-my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::::::::void";
-my $mips3_asm=":bn-mips3.o::::::::::::void";
-my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o::aes-s390x.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::void";
-my $armv4_asm=":bn_asm.o armv4-mont.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::void";
-my $ppc32_asm="ppccpuid.o:bn-ppc.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::";
-my $ppc64_asm="ppccpuid.o:bn-ppc.o ppc-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o::::::";
-my $no_asm=":::::::::::::void";
+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:";
+my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
+my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
+my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void";
+my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-alpha.o::void";
+my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o::::::::";
+my $mips64_asm=":bn-mips.o mips-mont.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
+my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
+my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o::void";
+my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
+my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
+my $ppc32_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::::";
+my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o::::::::";
+my $no_asm=":::::::::::::::void";
 
 # As for $BSDthreads. Idea is to maintain "collective" set of flags,
 # which would cover all BSD flavors. -pthread applies to them all, 
@@ -148,7 +152,7 @@ my $no_asm=":::::::::::::void";
 # seems to be sufficient?
 my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
 
-#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
+#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
 
 my %table=(
 # File 'TABLE' (created by 'make TABLE') contains the data from this list,
@@ -163,32 +167,36 @@ my %table=(
 # Our development configs
 "purify",      "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
 "debug",       "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
-"debug-ben",   "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG_UNUSED -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o",
+"debug-ben",   "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DDEBUG_SAFESTACK -O2 -pipe::(unknown):::::",
 "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
 "debug-ben-debug",     "gcc44:$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O2 -pipe::(unknown)::::::",
+"debug-ben-debug-64",  "gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-ben-macos",     "cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::",
+"debug-ben-macos-gcc46",       "gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::",
+"debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-ben-no-opt",    "gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
 "debug-ben-strict",    "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
-"debug-bodo",  "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo",  "gcc:$gcc_devteam_warn -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
-"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -DMD32_REG_T=int -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -DMD32_REG_T=int -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
 "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-x86_64",  "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "dist",                "cc:-O::(unknown)::::::",
 
 # Basic configs that should work on any (32 and less bit) box
@@ -214,7 +222,7 @@ my %table=(
 # actually recommend to consider using gcc shared build even with vendor
 # compiler:-)
 #                                              <appro@fy.chalmers.se>
-"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
+"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
  
 #### Solaris x86 with Sun C setups
 "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -237,7 +245,7 @@ my %table=(
 "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs::/64",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
 ####
 "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", 
@@ -248,16 +256,16 @@ my %table=(
 
 #### IRIX 5.x configs
 # -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### IRIX 6.x configs
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-cc -o32' manually.
-"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_asm}:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_asm}:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_asm}:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_asm}:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 
 #### Unified HP-UX ANSI C configs.
 # Special notes:
@@ -290,17 +298,18 @@ my %table=(
 # Since there is mention of this in shlib/hpux10-cc.sh
 "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1::pa-risc2.o::::::::::::void:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
+"hpux-parisc1_1-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${parisc11_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
+"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
+"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::::::void:dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
 
 # More attempts at unified 10.X and 11.X targets for HP C compiler.
 #
 # Chris Ruemmler <ruemmler@cup.hp.com>
 # Kevin Steves <ks@hp.se>
 "hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc1_0-cc","cc:+DAportable +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2.o::::::::::::void:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::::void:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
+"hpux-parisc1_1-cc","cc:+DA1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc11_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa1.1",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:".eval{my $asm=$parisc20_asm;$asm=~s/2W\./2\./;$asm=~s/:64/:32/;$asm}.":dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_32",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${parisc20_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/pa20_64",
 
 # HP/UX IA-64 targets
 "hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/hpux32",
@@ -351,8 +360,22 @@ my %table=(
 "linux-ia64",  "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64",        "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64",        "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-s390x",       "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+#### So called "highgprs" target for z/Architecture CPUs
+# "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
+# /proc/cpuinfo. The idea is to preserve most significant bits of
+# general purpose registers not only upon 32-bit process context
+# switch, but even on asynchronous signal delivery to such process.
+# This makes it possible to deploy 64-bit instructions even in legacy
+# application context and achieve better [or should we say adequate]
+# performance. The build is binary compatible with linux-generic32,
+# and the idea is to be able to install the resulting libcrypto.so
+# alongside generic one, e.g. as /lib/highgprs/libcrypto.so.x.y, for
+# ldconfig and run-time linker to autodiscover. Unfortunately it
+# doesn't work just yet, because of couple of bugs in glibc
+# sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
+"linux32-s390x",       "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
 #### SPARC Linux setups
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
@@ -380,6 +403,11 @@ my %table=(
 "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 
+# Android: linux-* but without -DTERMIO and pointers to headers and libs.
+"android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
 #### *BSD [do see comment about ${BSDthreads} above!]
 "BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-x86",     "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -393,7 +421,7 @@ my %table=(
 # triggered by RIPEMD160 code.
 "BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "BSD-ia64",    "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86_64",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86_64",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
 "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 
@@ -438,8 +466,8 @@ my %table=(
 "aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
 # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
 # at build time. $OBJECT_MODE is respected at ./config stage!
-"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
-"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+"aix-cc",   "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR:${ppc32_asm}:aix32:dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded -D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR:${ppc64_asm}:aix64:dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
 
 #
 # Cray T90 and similar (SDSC)
@@ -490,13 +518,13 @@ my %table=(
 # Visual C targets
 #
 # Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
-"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
-"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
-"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ias:win32",
-"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:x86_64cpuid.o:bn_asm.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:auto:win32",
+"VC-WIN64I","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
+"VC-WIN64A","cl:-W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
+"debug-VC-WIN64I","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:ia64cpuid.o:ia64.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o:::::::ghash-ia64.o::ias:win32",
+"debug-VC-WIN64A","cl:-W3 -Gs0 -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE:::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:".eval{my $asm=$x86_64_asm;$asm=~s/x86_64-gcc\.o/bn_asm.o/;$asm}.":auto:win32",
 # x86 Win32 target defaults to ANSI API, if you want UNICODE, complement
 # 'perl Configure VC-WIN32' with '-DUNICODE -D_UNICODE'
-"VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
+"VC-WIN32","cl:-W3 -Gs0 -GF -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
 # Unified CE target
 "debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
 "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
@@ -551,10 +579,12 @@ my %table=(
 "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
 "darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN -Wa,-force_cpusubtype_ALL::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+# iPhoneOS/iOS
+"iphoneos-cross","llvm-gcc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 
 ##### A/UX
 "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
@@ -569,18 +599,21 @@ my %table=(
 "OS2-EMX", "gcc::::::::",
 
 ##### VxWorks for various targets
+"vxworks-ppc60x","ccppc:-D_REENTRANT -mrtp -mhard-float -mstrict-align -fno-implicit-fp -DPPC32_fp60x -O2 -fstrength-reduce -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/common:::::",
+"vxworks-ppcgen","ccppc:-D_REENTRANT -mrtp -msoft-float -mstrict-align -O1 -fno-builtin -fno-strict-aliasing -Wall -DCPU=PPC32 -DTOOL_FAMILY=gnu -DTOOL=gnu -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/usr/h/wrn/coreip:::VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/ppc/PPC32/sfcommon:::::",
 "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
 "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
 "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
 "vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
-"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::${no_asm}::::::ranlibmips:",
+"vxworks-simlinux","ccpentium:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DL_ENDIAN -DCPU=SIMLINUX -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/target/h/wrn/coreip -DOPENSSL_NO_HW_PADLOCK:::VXWORKS:-r::${no_asm}::::::ranlibpentium:",
+"vxworks-mips","ccmips:-mrtp -mips2 -O -G 0 -B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -D_VSB_CONFIG_FILE=\"\$(WIND_BASE)/target/lib/h/config/vsbConfig.h\" -DCPU=MIPS32 -msoft-float -mno-branch-likely -DTOOL_FAMILY=gnu -DTOOL=gnu -fno-builtin -fno-defer-pop -DNO_STRINGS_H -I\$(WIND_BASE)/target/usr/h -I\$(WIND_BASE)/target/h/wrn/coreip::-D_REENTRANT:VXWORKS:-Wl,--defsym,__wrs_rtp_base=0xe0000000 -L \$(WIND_BASE)/target/usr/lib/mips/MIPSI32/sfcommon::${mips32_asm}:o32::::::ranlibmips:",
 
 ##### Compaq Non-Stop Kernel (Tandem)
 "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
 
 # uClinux
-"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:::::::::::::::$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
-"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:::::::::::::::$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
+"uClinux-dist","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):BN_LLONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
+"uClinux-dist64","$ENV{'CC'}:\$(CFLAGS)::-D_REENTRANT::\$(LDFLAGS) \$(LDLIBS):SIXTY_FOUR_BIT_LONG:${no_asm}:$ENV{'LIBSSL_dlfcn'}:linux-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):$ENV{'RANLIB'}::",
 
 );
 
@@ -612,6 +645,8 @@ my $idx_rmd160_obj = $idx++;
 my $idx_rc5_obj = $idx++;
 my $idx_wp_obj = $idx++;
 my $idx_cmll_obj = $idx++;
+my $idx_modes_obj = $idx++;
+my $idx_engines_obj = $idx++;
 my $idx_perlasm_scheme = $idx++;
 my $idx_dso_scheme = $idx++;
 my $idx_shared_target = $idx++;
@@ -628,6 +663,9 @@ my $openssldir="";
 my $exe_ext="";
 my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
 my $cross_compile_prefix="";
+my $fipsdir="/usr/local/ssl/fips-2.0";
+my $fipslibdir="";
+my $baseaddr="0xFB00000";
 my $no_threads=0;
 my $threads=0;
 my $no_shared=0; # but "no-shared" is default
@@ -662,26 +700,34 @@ my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o";
 my $processor="";
 my $default_ranlib;
 my $perl;
+my $fips=0;
 
+if (exists $ENV{FIPSDIR})
+       {
+       $fipsdir = $ENV{FIPSDIR};
+       $fipsdir =~ s/\/$//;
+       }
 
 # All of the following is disabled by default (RC5 was enabled before 0.9.8):
 
 my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
+                "ec_nistp_64_gcc_128" => "default",
                 "gmp"            => "default",
-                 "jpake"          => "experimental",
-                 "md2"            => "default",
-                 "rc5"            => "default",
+                "jpake"          => "experimental",
+                "md2"            => "default",
+                "rc5"            => "default",
                 "rfc3779"        => "default",
-                 "shared"         => "default",
+                "sctp"       => "default",
+                "shared"         => "default",
                 "store"          => "experimental",
-                 "zlib"           => "default",
-                 "zlib-dynamic"   => "default"
-               );
+                "zlib"           => "default",
+                "zlib-dynamic"   => "default"
+              );
 my @experimental = ();
 
 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE";
+my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE";
 
 # Explicit "no-..." options will be collected in %disabled along with the defaults.
 # To remove something from %disabled, use "enable-foo" (unless it's experimental).
@@ -739,6 +785,7 @@ PROCESS_ARGS:
 
                # rewrite some options in "enable-..." form
                s /^-?-?shared$/enable-shared/;
+               s /^sctp$/enable-sctp/;
                s /^threads$/enable-threads/;
                s /^zlib$/enable-zlib/;
                s /^zlib-dynamic$/enable-zlib-dynamic/;
@@ -808,6 +855,10 @@ PROCESS_ARGS:
                        }
                elsif (/^386$/)
                        { $processor=386; }
+               elsif (/^fips$/)
+                       {
+                       $fips=1;
+                       }
                elsif (/^rsaref$/)
                        {
                        # No RSAref support any more since it's not needed.
@@ -822,6 +873,7 @@ PROCESS_ARGS:
                                }
                        elsif (/^-[^-]/ or /^\+/)
                                {
+                               $_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
                                $flags.=$_." ";
                                }
                        elsif (/^--prefix=(.*)$/)
@@ -852,6 +904,18 @@ PROCESS_ARGS:
                                {
                                $withargs{"zlib-include"}="-I$1";
                                }
+                       elsif (/^--with-fipsdir=(.*)$/)
+                               {
+                               $fipsdir="$1";
+                               }
+                       elsif (/^--with-fipslibdir=(.*)$/)
+                               {
+                               $fipslibdir="$1";
+                               }
+                       elsif (/^--with-baseaddr=(.*)$/)
+                               {
+                               $baseaddr="$1";
+                               }
                        elsif (/^--cross-compile-prefix=(.*)$/)
                                {
                                $cross_compile_prefix=$1;
@@ -926,6 +990,17 @@ if (defined($disabled{"md5"}) || defined($disabled{"rsa"}))
        $disabled{"ssl2"} = "forced";
        }
 
+if ($fips && $fipslibdir eq "")
+       {
+       $fipslibdir = $fipsdir . "/lib/";
+       }
+
+# RSAX ENGINE sets default non-FIPS RSA method.
+if ($fips)
+       {
+       $disabled{"rsax"} = "forced";
+       }
+
 # SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
 if (defined($disabled{"md5"}) || defined($disabled{"sha"})
     || (defined($disabled{"rsa"})
@@ -946,6 +1021,13 @@ if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
        $disabled{"gost"} = "forced";
        }
 
+# SRP and HEARTBEATS require TLSEXT
+if (defined($disabled{"tlsext"}))
+       {
+       $disabled{"srp"} = "forced";
+       $disabled{"heartbeats"} = "forced";
+       }
+
 if ($target eq "TABLE") {
        foreach $target (sort keys %table) {
                print_table_entry($target);
@@ -995,7 +1077,7 @@ foreach (sort (keys %disabled))
        else
                {
                my ($ALGO, $algo);
-               ($ALGO = $algo = $_) =~ tr/[a-z]/[A-Z]/;
+               ($ALGO = $algo = $_) =~ tr/[\-a-z]/[_A-Z]/;
 
                if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/)
                        {
@@ -1015,6 +1097,8 @@ foreach (sort (keys %disabled))
                        else
                                {
                                push @skip, $algo;
+                               # fix-up crypto/directory name(s)
+                               @skip[$#skip]="whrlpool" if $algo eq "whirlpool";
                                print " (skip dir)";
 
                                $depflags .= " -DOPENSSL_NO_$ALGO";
@@ -1085,6 +1169,8 @@ my $rmd160_obj = $fields[$idx_rmd160_obj];
 my $rc5_obj = $fields[$idx_rc5_obj];
 my $wp_obj = $fields[$idx_wp_obj];
 my $cmll_obj = $fields[$idx_cmll_obj];
+my $modes_obj = $fields[$idx_modes_obj];
+my $engines_obj = $fields[$idx_engines_obj];
 my $perlasm_scheme = $fields[$idx_perlasm_scheme];
 my $dso_scheme = $fields[$idx_dso_scheme];
 my $shared_target = $fields[$idx_shared_target];
@@ -1245,7 +1331,7 @@ if ($no_asm)
        {
        $cpuid_obj=$bn_obj=
        $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
-       $sha1_obj=$md5_obj=$rmd160_obj=$wp_obj="";
+       $modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj="";
        }
 
 if (!$no_shared)
@@ -1309,7 +1395,7 @@ if (!$IsMK1MF)
                }
        }
 
-$cpuid_obj.=" uplink.o uplink-cof.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
+$cpuid_obj.=" uplink.o uplink-x86.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
 
 #
 # Platform fix-ups
@@ -1377,6 +1463,14 @@ $cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn-586/);
 $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /86/);
 
 $cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/);
+$cflags.=" -DOPENSSL_BN_ASM_MONT5" if ($bn_obj =~ /-mont5/);
+$cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($bn_obj =~ /-gf2m/);
+
+if ($fips)
+       {
+       $openssl_other_defines.="#define OPENSSL_FIPS\n";
+       $cflags .= " -I\$(FIPSDIR)/include";
+       }
 
 $cpuid_obj="mem_clr.o" unless ($cpuid_obj =~ /\.o$/);
 $des_obj=$des_enc      unless ($des_obj =~ /\.o$/);
@@ -1410,12 +1504,20 @@ if ($rmd160_obj =~ /\.o$/)
 if ($aes_obj =~ /\.o$/)
        {
        $cflags.=" -DAES_ASM";
+       # aes-ctr.o is not a real file, only indication that assembler
+       # module implements AES_ctr32_encrypt...
+       $cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//);
+       # aes-xts.o indicates presense of AES_xts_[en|de]crypt...
+       $cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//);
+       $aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2);
+       $cflags.=" -DVPAES_ASM" if ($aes_obj =~ m/vpaes/);
+       $cflags.=" -DBSAES_ASM" if ($aes_obj =~ m/bsaes/);
        }
 else   {
        $aes_obj=$aes_enc;
        }
 $wp_obj="" if ($wp_obj =~ /mmx/ && $processor eq "386");
-if ($wp_obj =~ /\.o$/)
+if ($wp_obj =~ /\.o$/ && !$disabled{"whirlpool"})
        {
        $cflags.=" -DWHIRLPOOL_ASM";
        }
@@ -1423,6 +1525,10 @@ else     {
        $wp_obj="wp_block.o";
        }
 $cmll_obj=$cmll_enc    unless ($cmll_obj =~ /.o$/);
+if ($modes_obj =~ /ghash/)
+       {
+       $cflags.=" -DGHASH_ASM";
+       }
 
 # "Stringify" the C flags string.  This permits it to be made part of a string
 # and works as well on command lines.
@@ -1537,6 +1643,8 @@ while (<IN>)
        s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
        s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/;
        s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/;
+       s/^MODES_ASM_OBJ.=*$/MODES_ASM_OBJ= $modes_obj/;
+       s/^ENGINES_ASM_OBJ.=*$/ENGINES_ASM_OBJ= $engines_obj/;
        s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/;
        s/^PROCESSOR=.*/PROCESSOR= $processor/;
        s/^ARFLAGS=.*/ARFLAGS= $arflags/;
@@ -1545,6 +1653,12 @@ while (<IN>)
        s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
        s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
        s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
+
+       s/^FIPSDIR=.*/FIPSDIR=$fipsdir/;
+       s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
+       s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
+       s/^BASEADDR=.*/BASEADDR=$baseaddr/;
+
        s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
        s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
        s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
@@ -1588,7 +1702,9 @@ print "RC5_ENC       =$rc5_obj\n";
 print "MD5_OBJ_ASM   =$md5_obj\n";
 print "SHA1_OBJ_ASM  =$sha1_obj\n";
 print "RMD160_OBJ_ASM=$rmd160_obj\n";
-print "CMLL_ENC=     =$cmll_obj\n";
+print "CMLL_ENC      =$cmll_obj\n";
+print "MODES_OBJ     =$modes_obj\n";
+print "ENGINES_OBJ   =$engines_obj\n";
 print "PROCESSOR     =$processor\n";
 print "RANLIB        =$ranlib\n";
 print "ARFLAGS       =$arflags\n";
@@ -1981,7 +2097,8 @@ sub print_table_entry
        (my $cc,my $cflags,my $unistd,my $thread_cflag,my $sys_id,my $lflags,
        my $bn_ops,my $cpuid_obj,my $bn_obj,my $des_obj,my $aes_obj, my $bf_obj,
        my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
-       my $rc5_obj,my $wp_obj,my $cmll_obj,my $perlasm_scheme,my $dso_scheme,my $shared_target,my $shared_cflag,
+       my $rc5_obj,my $wp_obj,my $cmll_obj,my $modes_obj, my $engines_obj,
+       my $perlasm_scheme,my $dso_scheme,my $shared_target,my $shared_cflag,
        my $shared_ldflag,my $shared_extension,my $ranlib,my $arflags,my $multilib)=
        split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
                        
@@ -2008,6 +2125,8 @@ sub print_table_entry
 \$rc5_obj      = $rc5_obj
 \$wp_obj       = $wp_obj
 \$cmll_obj     = $cmll_obj
+\$modes_obj    = $modes_obj
+\$engines_obj  = $engines_obj
 \$perlasm_scheme = $perlasm_scheme
 \$dso_scheme   = $dso_scheme
 \$shared_target= $shared_target

diff --git a/deps/openssl/openssl/FAQ b/deps/openssl/openssl/FAQ
index 3b07cd3..35780f8 100644 (file)
--- a/deps/openssl/openssl/FAQ
+++ b/deps/openssl/openssl/FAQ
@@ -10,6 +10,7 @@ OpenSSL  -  Frequently Asked Questions
 * Why aren't tools like 'autoconf' and 'libtool' used?
 * What is an 'engine' version?
 * How do I check the authenticity of the OpenSSL distribution?
+* How does the versioning scheme work?
 
 [LEGAL] Legal questions
 
@@ -82,11 +83,11 @@ OpenSSL  -  Frequently Asked Questions
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 1.0.0f was released on Jan 4th, 2012.
+OpenSSL 1.0.1e was released on Feb 11th, 2013.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
-ftp://ftp.openssl.org/snapshot/>, or get it by anonymous CVS access.
+ftp://ftp.openssl.org/snapshot/>, or get it by anonymous Git access.
 
 
 * Where is the documentation?
@@ -108,7 +109,9 @@ In addition, you can read the most current versions at
 <URL: http://www.openssl.org/docs/>. Note that the online documents refer
 to the very latest development versions of OpenSSL and may include features
 not present in released versions. If in doubt refer to the documentation
-that came with the version of OpenSSL you are using.
+that came with the version of OpenSSL you are using. The pod format
+documentation is included in each OpenSSL distribution under the docs
+directory.
 
 For information on parts of libcrypto that are not yet documented, you
 might want to read Ariel Glenn's documentation on SSLeay 0.9, OpenSSL's
@@ -173,6 +176,19 @@ just do:
 
    pgp TARBALL.asc
 
+* How does the versioning scheme work?
+
+After the release of OpenSSL 1.0.0 the versioning scheme changed. Letter 
+releases (e.g. 1.0.1a) can only contain bug and security fixes and no
+new features. Minor releases change the last number (e.g. 1.0.2) and 
+can contain new features that retain binary compatibility. Changes to
+the middle number are considered major releases and neither source nor
+binary compatibility is guaranteed.
+
+Therefore the answer to the common question "when will feature X be
+backported to OpenSSL 1.0.0/0.9.8?" is "never" but it could appear
+in the next minor release.
+
 [LEGAL] =======================================================================
 
 * Do I need patent licenses to use OpenSSL?
@@ -284,7 +300,7 @@ current directory in this case, but this has changed with 0.9.6a.)
 Check out the CA.pl(1) manual page. This provides a simple wrapper round
 the 'req', 'verify', 'ca' and 'pkcs12' utilities. For finer control check
 out the manual pages for the individual utilities and the certificate
-extensions documentation (currently in doc/openssl.txt).
+extensions documentation (in ca(1), req(1), x509v3_config(5) )
 
 
 * Why can't I create certificate requests?

diff --git a/deps/openssl/openssl/INSTALL.W32 b/deps/openssl/openssl/INSTALL.W32
index d23c4ba..80e5382 100644 (file)
--- a/deps/openssl/openssl/INSTALL.W32
+++ b/deps/openssl/openssl/INSTALL.W32
@@ -29,7 +29,7 @@
   is required if you intend to utilize assembler modules. Note that NASM
   is now the only supported assembler.
 
- If you are compiling from a tarball or a CVS snapshot then the Win32 files
+ If you are compiling from a tarball or a Git snapshot then the Win32 files
  may well be not up to date. This may mean that some "tweaking" is required to
  get it all to work. See the trouble shooting section later on for if (when?)
  it goes wrong.
@@ -257,7 +257,7 @@
 
  then ms\do_XXX should not give a warning any more. However the numbers that
  get assigned by this technique may not match those that eventually get
- assigned in the CVS tree: so anything linked against this version of the
+ assigned in the Git tree: so anything linked against this version of the
  library may need to be recompiled.
 
  If you get errors about unresolved symbols there are several possible

diff --git a/deps/openssl/openssl/Makefile b/deps/openssl/openssl/Makefile
index 8fe8885..54e3541 100644 (file)
--- a/deps/openssl/openssl/Makefile
+++ b/deps/openssl/openssl/Makefile
@@ -4,16 +4,16 @@
 ## Makefile for OpenSSL
 ##
 
-VERSION=1.0.0f
+VERSION=1.0.1e
 MAJOR=1
-MINOR=0.0
+MINOR=0.1
 SHLIB_VERSION_NUMBER=1.0.0
 SHLIB_VERSION_HISTORY=
 SHLIB_MAJOR=1
 SHLIB_MINOR=0.0
 SHLIB_EXT=
 PLATFORM=dist
-OPTIONS= no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-shared no-store no-zlib no-zlib-dynamic static-engine
+OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-zlib no-zlib-dynamic static-engine
 CONFIGURE_ARGS=dist
 SHLIB_TARGET=
 
@@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl
 
 CC= cc
 CFLAG= -O
-DEPFLAG= -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_STORE
+DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE
 PEX_LIBS= 
 EX_LIBS= 
 EXE_EXT= 
@@ -71,7 +71,7 @@ RANLIB= /usr/bin/ranlib
 NM= nm
 PERL= /usr/bin/perl
 TAR= tar
-TARFLAGS= --no-recursion
+TARFLAGS= --no-recursion --record-size=10240
 MAKEDEPPROG=makedepend
 LIBDIR=lib
 
@@ -101,6 +101,8 @@ SHA1_ASM_OBJ=
 RMD160_ASM_OBJ= 
 WP_ASM_OBJ= wp_block.o
 CMLL_ENC= camellia.o cmll_misc.o cmll_cbc.o
+MODES_ASM_OBJ= 
+ENGINES_ASM_OBJ= 
 PERLASM_SCHEME= 
 
 # KRB5 stuff
@@ -111,6 +113,30 @@ LIBKRB5=
 ZLIB_INCLUDE=
 LIBZLIB=
 
+# TOP level FIPS install directory.
+FIPSDIR=/usr/local/ssl/fips-2.0
+
+# This is the location of fipscanister.o and friends.
+# The FIPS module build will place it $(INSTALLTOP)/lib
+# but since $(INSTALLTOP) can only take the default value
+# when the module is built it will be in /usr/local/ssl/lib
+# $(INSTALLTOP) for this build may be different so hard
+# code the path.
+
+FIPSLIBDIR=
+
+# The location of the library which contains fipscanister.o
+# normally it will be libcrypto unless fipsdso is set in which
+# case it will be libfips. If not compiling in FIPS mode at all
+# this is empty making it a useful test for a FIPS compile.
+
+FIPSCANLIB=
+
+# Shared library base address. Currently only used on Windows.
+#
+
+BASEADDR=0xFB00000
+
 DIRS=   crypto ssl engines apps test tools
 ENGDIRS= ccgost
 SHLIBDIRS= crypto ssl
@@ -123,7 +149,7 @@ SDIRS=  \
        bn ec rsa dsa ecdsa dh ecdh dso engine \
        buffer bio stack lhash rand err \
        evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-       cms pqueue ts
+       cms pqueue ts srp cmac
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...
 
@@ -174,7 +200,7 @@ CLEARENV=   TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}     \
                $${EXHEADER+EXHEADER} $${HEADER+HEADER}         \
                $${GENERAL+GENERAL} $${CFLAGS+CFLAGS}           \
                $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS}           \
-               $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS}             \
+               $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
                $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS}     \
                $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
 
@@ -206,7 +232,12 @@ BUILDENV=  PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
                MD5_ASM_OBJ='$(MD5_ASM_OBJ)'                    \
                RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)'              \
                WP_ASM_OBJ='$(WP_ASM_OBJ)'                      \
+               MODES_ASM_OBJ='$(MODES_ASM_OBJ)'                \
+               ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)'            \
                PERLASM_SCHEME='$(PERLASM_SCHEME)'              \
+               FIPSLIBDIR='${FIPSLIBDIR}'                      \
+               FIPSDIR='${FIPSDIR}'                            \
+               FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"      \
                THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
 # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
 # which in turn eliminates ambiguities in variable treatment with -e.
@@ -260,9 +291,20 @@ all_testapps: build_libs build_testapps
 build_testapps:
        @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
 
-libcrypto$(SHLIB_EXT): libcrypto.a
+fips_premain_dso$(EXE_EXT): libcrypto.a
+       [ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
+               -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@  \
+               $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
+               libcrypto.a $(EX_LIBS)
+
+libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
        @if [ "$(SHLIB_TARGET)" != "" ]; then \
-               $(MAKE) SHLIBDIRS=crypto build-shared; \
+               if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
+                       FIPSLD_LIBCRYPTO=libcrypto.a ; \
+                       FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
+                       export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
+               fi; \
+               $(MAKE) -e SHLIBDIRS=crypto build-shared; \
        else \
                echo "There's no support for shared libraries on this platform" >&2; \
                exit 1; \
@@ -324,7 +366,8 @@ libcrypto.pc: Makefile
            echo 'Description: OpenSSL cryptography library'; \
            echo 'Version: '$(VERSION); \
            echo 'Requires: '; \
-           echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
+           echo 'Libs: -L$${libdir} -lcrypto'; \
+           echo 'Libs.private: $(EX_LIBS)'; \
            echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
 
 libssl.pc: Makefile
@@ -337,7 +380,8 @@ libssl.pc: Makefile
            echo 'Description: Secure Sockets Layer and cryptography libraries'; \
            echo 'Version: '$(VERSION); \
            echo 'Requires: '; \
-           echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+           echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+           echo 'Libs.private: $(EX_LIBS)'; \
            echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
 
 openssl.pc: Makefile
@@ -350,7 +394,8 @@ openssl.pc: Makefile
            echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
            echo 'Version: '$(VERSION); \
            echo 'Requires: '; \
-           echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+           echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+           echo 'Libs.private: $(EX_LIBS)'; \
            echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
 
 Makefile: Makefile.org Configure config
@@ -359,7 +404,7 @@ Makefile: Makefile.org Configure config
        @false
 
 libclean:
-       rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
+       rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
 
 clean: libclean
        rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
@@ -401,7 +446,7 @@ rehash.time: certs apps
                [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
                OPENSSL_DEBUG_MEMORY=on; \
                export OPENSSL OPENSSL_DEBUG_MEMORY; \
-               $(PERL) tools/c_rehash certs) && \
+               $(PERL) tools/c_rehash certs/demo) && \
                touch rehash.time; \
        else :; fi
 
@@ -426,9 +471,9 @@ tags:
        find . -name '[^.]*.[ch]' | xargs etags -a
 
 errors:
+       $(PERL) util/ck_errf.pl -strict */*.c */*/*.c
        $(PERL) util/mkerr.pl -recurse -write
        (cd engines; $(MAKE) PERL=$(PERL) errors)
-       $(PERL) util/ck_errf.pl */*.c */*/*.c
 
 stacks:
        $(PERL) util/mkstack.pl -write
@@ -511,7 +556,7 @@ install_sw:
        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
        done;
        @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-       @set -e; for i in $(LIBS) ;\
+       @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
        do \
                if [ -f "$$i" ]; then \
                (       echo installing $$i; \

diff --git a/deps/openssl/openssl/Makefile.org b/deps/openssl/openssl/Makefile.org
index fb0af7e..2db31ea 100644 (file)
--- a/deps/openssl/openssl/Makefile.org
+++ b/deps/openssl/openssl/Makefile.org
@@ -69,7 +69,7 @@ RANLIB= ranlib
 NM= nm
 PERL= perl
 TAR= tar
-TARFLAGS= --no-recursion
+TARFLAGS= --no-recursion --record-size=10240
 MAKEDEPPROG=makedepend
 LIBDIR=lib
 
@@ -99,6 +99,8 @@ SHA1_ASM_OBJ=
 RMD160_ASM_OBJ= 
 WP_ASM_OBJ=
 CMLL_ENC=
+MODES_ASM_OBJ=
+ENGINES_ASM_OBJ=
 PERLASM_SCHEME=
 
 # KRB5 stuff
@@ -109,6 +111,30 @@ LIBKRB5=
 ZLIB_INCLUDE=
 LIBZLIB=
 
+# TOP level FIPS install directory.
+FIPSDIR=
+
+# This is the location of fipscanister.o and friends.
+# The FIPS module build will place it $(INSTALLTOP)/lib
+# but since $(INSTALLTOP) can only take the default value
+# when the module is built it will be in /usr/local/ssl/lib
+# $(INSTALLTOP) for this build may be different so hard
+# code the path.
+
+FIPSLIBDIR=
+
+# The location of the library which contains fipscanister.o
+# normally it will be libcrypto unless fipsdso is set in which
+# case it will be libfips. If not compiling in FIPS mode at all
+# this is empty making it a useful test for a FIPS compile.
+
+FIPSCANLIB=
+
+# Shared library base address. Currently only used on Windows.
+#
+
+BASEADDR=
+
 DIRS=   crypto ssl engines apps test tools
 ENGDIRS= ccgost
 SHLIBDIRS= crypto ssl
@@ -121,7 +147,7 @@ SDIRS=  \
        bn ec rsa dsa ecdsa dh ecdh dso engine \
        buffer bio stack lhash rand err \
        evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
-       cms pqueue ts jpake store
+       cms pqueue ts jpake srp store cmac
 # keep in mind that the above list is adjusted by ./Configure
 # according to no-xxx arguments...
 
@@ -172,7 +198,7 @@ CLEARENV=   TOP= && unset TOP $${LIB+LIB} $${LIBS+LIBS}     \
                $${EXHEADER+EXHEADER} $${HEADER+HEADER}         \
                $${GENERAL+GENERAL} $${CFLAGS+CFLAGS}           \
                $${ASFLAGS+ASFLAGS} $${AFLAGS+AFLAGS}           \
-               $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS}             \
+               $${LDCMD+LDCMD} $${LDFLAGS+LDFLAGS} $${SCRIPTS+SCRIPTS} \
                $${SHAREDCMD+SHAREDCMD} $${SHAREDFLAGS+SHAREDFLAGS}     \
                $${SHARED_LIB+SHARED_LIB} $${LIBEXTRAS+LIBEXTRAS}
 
@@ -204,7 +230,12 @@ BUILDENV=  PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)' \
                MD5_ASM_OBJ='$(MD5_ASM_OBJ)'                    \
                RMD160_ASM_OBJ='$(RMD160_ASM_OBJ)'              \
                WP_ASM_OBJ='$(WP_ASM_OBJ)'                      \
+               MODES_ASM_OBJ='$(MODES_ASM_OBJ)'                \
+               ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)'            \
                PERLASM_SCHEME='$(PERLASM_SCHEME)'              \
+               FIPSLIBDIR='${FIPSLIBDIR}'                      \
+               FIPSDIR='${FIPSDIR}'                            \
+               FIPSCANLIB="$${FIPSCANLIB:-$(FIPSCANLIB)}"      \
                THIS=$${THIS:-$@} MAKEFILE=Makefile MAKEOVERRIDES=
 # MAKEOVERRIDES= effectively "equalizes" GNU-ish and SysV-ish make flavors,
 # which in turn eliminates ambiguities in variable treatment with -e.
@@ -258,9 +289,20 @@ all_testapps: build_libs build_testapps
 build_testapps:
        @dir=crypto; target=testapps; $(BUILD_ONE_CMD)
 
-libcrypto$(SHLIB_EXT): libcrypto.a
+fips_premain_dso$(EXE_EXT): libcrypto.a
+       [ -z "$(FIPSCANLIB)" ] || $(CC) $(CFLAG) -Iinclude \
+               -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@  \
+               $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fipscanister.o \
+               libcrypto.a $(EX_LIBS)
+
+libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
        @if [ "$(SHLIB_TARGET)" != "" ]; then \
-               $(MAKE) SHLIBDIRS=crypto build-shared; \
+               if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
+                       FIPSLD_LIBCRYPTO=libcrypto.a ; \
+                       FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
+                       export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
+               fi; \
+               $(MAKE) -e SHLIBDIRS=crypto build-shared; \
        else \
                echo "There's no support for shared libraries on this platform" >&2; \
                exit 1; \
@@ -322,7 +364,8 @@ libcrypto.pc: Makefile
            echo 'Description: OpenSSL cryptography library'; \
            echo 'Version: '$(VERSION); \
            echo 'Requires: '; \
-           echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
+           echo 'Libs: -L$${libdir} -lcrypto'; \
+           echo 'Libs.private: $(EX_LIBS)'; \
            echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
 
 libssl.pc: Makefile
@@ -335,7 +378,8 @@ libssl.pc: Makefile
            echo 'Description: Secure Sockets Layer and cryptography libraries'; \
            echo 'Version: '$(VERSION); \
            echo 'Requires: '; \
-           echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+           echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+           echo 'Libs.private: $(EX_LIBS)'; \
            echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
 
 openssl.pc: Makefile
@@ -348,7 +392,8 @@ openssl.pc: Makefile
            echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
            echo 'Version: '$(VERSION); \
            echo 'Requires: '; \
-           echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+           echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+           echo 'Libs.private: $(EX_LIBS)'; \
            echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
 
 Makefile: Makefile.org Configure config
@@ -357,7 +402,7 @@ Makefile: Makefile.org Configure config
        @false
 
 libclean:
-       rm -f *.map *.so *.so.* *.dll engines/*.so engines/*.dll *.a engines/*.a */lib */*/lib
+       rm -f *.map *.so *.so.* *.dylib *.dll engines/*.so engines/*.dll engines/*.dylib *.a engines/*.a */lib */*/lib
 
 clean: libclean
        rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
@@ -399,7 +444,7 @@ rehash.time: certs apps
                [ -x "apps/openssl.exe" ] && OPENSSL="apps/openssl.exe" || :; \
                OPENSSL_DEBUG_MEMORY=on; \
                export OPENSSL OPENSSL_DEBUG_MEMORY; \
-               $(PERL) tools/c_rehash certs) && \
+               $(PERL) tools/c_rehash certs/demo) && \
                touch rehash.time; \
        else :; fi
 
@@ -424,9 +469,9 @@ tags:
        find . -name '[^.]*.[ch]' | xargs etags -a
 
 errors:
+       $(PERL) util/ck_errf.pl -strict */*.c */*/*.c
        $(PERL) util/mkerr.pl -recurse -write
        (cd engines; $(MAKE) PERL=$(PERL) errors)
-       $(PERL) util/ck_errf.pl */*.c */*/*.c
 
 stacks:
        $(PERL) util/mkstack.pl -write
@@ -509,7 +554,7 @@ install_sw:
        chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
        done;
        @set -e; target=install; $(RECURSIVE_BUILD_CMD)
-       @set -e; for i in $(LIBS) ;\
+       @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
        do \
                if [ -f "$$i" ]; then \
                (       echo installing $$i; \

diff --git a/deps/openssl/openssl/NEWS b/deps/openssl/openssl/NEWS
index 1fb25c6..0269f22 100644 (file)
--- a/deps/openssl/openssl/NEWS
+++ b/deps/openssl/openssl/NEWS
@@ -5,6 +5,58 @@
   This file gives a brief overview of the major changes between each OpenSSL
   release. For more details please read the CHANGES file.
 
+  Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e:
+
+      o Corrected fix for CVE-2013-0169
+
+  Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d:
+
+      o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
+      o Include the fips configuration module.
+      o Fix OCSP bad key DoS attack CVE-2013-0166
+      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+      o Fix for TLS AESNI record handling flaw CVE-2012-2686
+
+  Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c:
+
+      o Fix TLS/DTLS record length checking bug CVE-2012-2333
+      o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
+
+  Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b:
+
+      o Fix compilation error on non-x86 platforms.
+      o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
+      o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
+
+  Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a:
+
+      o Fix for ASN1 overflow bug CVE-2012-2110
+      o Workarounds for some servers that hang on long client hellos.
+      o Fix SEGV in AES code.
+
+  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1:
+
+      o TLS/DTLS heartbeat support.
+      o SCTP support.
+      o RFC 5705 TLS key material exporter.
+      o RFC 5764 DTLS-SRTP negotiation.
+      o Next Protocol Negotiation.
+      o PSS signatures in certificates, requests and CRLs.
+      o Support for password based recipient info for CMS.
+      o Support TLS v1.2 and TLS v1.1.
+      o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
+      o SRP support.
+
+  Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h:
+
+      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+      o Corrected fix for CVE-2011-4619
+      o Various DTLS fixes.
+
+  Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g:
+
+      o Fix for DTLS DoS issue CVE-2012-0050
+
   Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f:
 
       o Fix for DTLS plaintext recovery attack CVE-2011-4108

diff --git a/deps/openssl/openssl/PROBLEMS b/deps/openssl/openssl/PROBLEMS
index d247470..3eaab01 100644 (file)
--- a/deps/openssl/openssl/PROBLEMS
+++ b/deps/openssl/openssl/PROBLEMS
@@ -197,3 +197,17 @@ reconfigure with additional no-sse2 [or 386] option passed to ./config.
 We don't have framework to associate -ldl with no-dso, therefore the only
 way is to edit Makefile right after ./config no-dso and remove -ldl from
 EX_LIBS line.
+
+* hpux-parisc2-cc no-asm build fails with SEGV in ECDSA/DH.
+
+Compiler bug, presumably at particular patch level. Remaining
+hpux*-parisc*-cc configurations can be affected too. Drop optimization
+level to +O2 when compiling bn_nist.o.
+
+* solaris64-sparcv9-cc link failure
+
+Solaris 8 ar can fail to maintain symbol table in .a, which results in
+link failures. Apply 109147-09 or later or modify Makefile generated
+by ./Configure solaris64-sparcv9-cc and replace RANLIB assignment with
+
+       RANLIB= /usr/ccs/bin/ar rs

diff --git a/deps/openssl/openssl/README b/deps/openssl/openssl/README
index 50d54d5..ad2d90f 100644 (file)
--- a/deps/openssl/openssl/README
+++ b/deps/openssl/openssl/README
@@ -1,5 +1,5 @@
 
- OpenSSL 1.0.0f 4 Jan 2012
+ OpenSSL 1.0.1e 11 Feb 2013
 
  Copyright (c) 1998-2011 The OpenSSL Project
  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
@@ -190,7 +190,7 @@
  reason as to why that feature isn't implemented.
 
  Patches should be as up to date as possible, preferably relative to the
- current CVS or the last snapshot. They should follow the coding style of
+ current Git or the last snapshot. They should follow the coding style of
  OpenSSL and compile without warnings. Some of the core team developer targets
  can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
  compiles on many varied platforms: try to ensure you only use portable

diff --git a/deps/openssl/openssl/VMS/install-vms.com b/deps/openssl/openssl/VMS/install-vms.com
old mode 100644 (file)
new mode 100755 (executable)

diff --git a/deps/openssl/openssl/VMS/openssl_startup.com b/deps/openssl/openssl/VMS/openssl_startup.com
old mode 100644 (file)
new mode 100755 (executable)

diff --git a/deps/openssl/openssl/VMS/openssl_undo.com b/deps/openssl/openssl/VMS/openssl_undo.com
old mode 100644 (file)
new mode 100755 (executable)

diff --git a/deps/openssl/openssl/config b/deps/openssl/openssl/config
index cf64ec5..88b9bc6 100755 (executable)
--- a/deps/openssl/openssl/config
+++ b/deps/openssl/openssl/config
@@ -370,6 +370,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${MACHINE}" in
     NONSTOP_KERNEL*)
        echo "nsr-tandem-nsk"; exit 0;
        ;;
+
+    vxworks*)
+       echo "${MACHINE}-whatever-vxworks"; exit 0;
+       ;;
 esac
 
 #
@@ -407,23 +411,18 @@ exit 0
 # this is where the translation occurs into SSLeay terms
 # ---------------------------------------------------------------------------
 
-GCCVER=`(gcc -dumpversion) 2>/dev/null`
-if [ "$GCCVER" != "" ]; then
-  # then strip off whatever prefix egcs prepends the number with...
-  # Hopefully, this will work for any future prefixes as well.
-  GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'`
-  # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
-  # does give us what we want though, so we use that.  We just just the
-  # major and minor version numbers.
-  # peak single digit before and after first dot, e.g. 2.95.1 gives 29
-  GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
-fi
-
 # Only set CC if not supplied already
-if [ -z "$CC" ]; then
-# figure out if gcc is available and if so we use it otherwise
-# we fallback to whatever cc does on the system
+if [ -z "$CROSS_COMPILE$CC" ]; then
+  GCCVER=`sh -c "gcc -dumpversion" 2>/dev/null`
   if [ "$GCCVER" != "" ]; then
+    # then strip off whatever prefix egcs prepends the number with...
+    # Hopefully, this will work for any future prefixes as well.
+    GCCVER=`echo $GCCVER | LC_ALL=C sed 's/^[a-zA-Z]*\-//'`
+    # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
+    # does give us what we want though, so we use that.  We just just the
+    # major and minor version numbers.
+    # peak single digit before and after first dot, e.g. 2.95.1 gives 29
+    GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
     CC=gcc
   else
     CC=cc
@@ -539,7 +538,7 @@ case "$GUESSOS" in
   ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
   ppc-apple-darwin*)
        ISA64=`(sysctl -n hw.optional.64bitops) 2>/dev/null`
-       if [ "$ISA64" = "1" ]; then
+       if [ "$ISA64" = "1" -a -z "$KERNEL_BITS" ]; then
            echo "WARNING! If you wish to build 64-bit library, then you have to"
            echo "         invoke './Configure darwin64-ppc-cc' *manually*."
            if [ "$TEST" = "false" -a -t 1 ]; then
@@ -547,10 +546,14 @@ case "$GUESSOS" in
              (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
            fi
        fi
-       OUT="darwin-ppc-cc" ;;
+       if [ "$ISA64" = "1" -a "$KERNEL_BITS" = "64" ]; then
+           OUT="darwin64-ppc-cc"
+       else
+           OUT="darwin-ppc-cc"
+       fi ;;
   i?86-apple-darwin*)
        ISA64=`(sysctl -n hw.optional.x86_64) 2>/dev/null`
-       if [ "$ISA64" = "1" ]; then
+       if [ "$ISA64" = "1" -a -z "$KERNEL_BITS" ]; then
            echo "WARNING! If you wish to build 64-bit library, then you have to"
            echo "         invoke './Configure darwin64-x86_64-cc' *manually*."
            if [ "$TEST" = "false" -a -t 1 ]; then
@@ -558,7 +561,17 @@ case "$GUESSOS" in
              (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
            fi
        fi
-       OUT="darwin-i386-cc" ;;
+       if [ "$ISA64" = "1" -a "$KERNEL_BITS" = "64" ]; then
+           OUT="darwin64-x86_64-cc"
+       else
+           OUT="darwin-i386-cc"
+       fi ;;
+  armv6+7-*-iphoneos)
+       options="$options -arch%20armv6 -arch%20armv7"
+       OUT="iphoneos-cross" ;;
+  *-*-iphoneos)
+       options="$options -arch%20${MACHINE}"
+       OUT="iphoneos-cross" ;;
   alpha-*-linux2)
         ISA=`awk '/cpu model/{print$4;exit(0);}' /proc/cpuinfo`
        case ${ISA:-generic} in
@@ -583,6 +596,11 @@ case "$GUESSOS" in
        OUT="linux-ppc"
        ;;
   ppc-*-linux2) OUT="linux-ppc" ;;
+  ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;;
+  ppcgen-*-vxworks*) OUT="vxworks-ppcgen" ;;
+  pentium-*-vxworks*) OUT="vxworks-pentium" ;;
+  simlinux-*-vxworks*) OUT="vxworks-simlinux" ;;
+  mips-*-vxworks*) OUT="vxworks-mips";;
   ia64-*-linux?) OUT="linux-ia64" ;;
   sparc64-*-linux2)
        echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI"
@@ -624,12 +642,24 @@ case "$GUESSOS" in
        options="$options -DB_ENDIAN -mschedule=$CPUSCHEDULE -march=$CPUARCH"
        OUT="linux-generic32" ;;
   armv[1-3]*-*-linux2) OUT="linux-generic32" ;;
+  armv[7-9]*-*-linux2) OUT="linux-armv4"; options="$options -march=armv7-a" ;;
   arm*-*-linux2) OUT="linux-armv4" ;;
   sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
   sh*-*-linux2)  OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
   m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
   s390-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
-  s390x-*-linux2) OUT="linux-s390x" ;;
+  s390x-*-linux2)
+       # To be uncommented when glibc bug is fixed, see Configure...
+       #if egrep -e '^features.* highgprs' /proc/cpuinfo >/dev/null ; then
+       #  echo "WARNING! If you wish to build \"highgprs\" 32-bit library, then you"
+       #  echo "         have to invoke './Configure linux32-s390x' *manually*."
+       #  if [ "$TEST" = "false" -a -t -1 ]; then
+       #    echo "         You have about 5 seconds to press Ctrl-C to abort."
+       #    (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+       #  fi
+       #fi
+       OUT="linux64-s390x"
+       ;;
   x86_64-*-linux?) OUT="linux-x86_64" ;;
   *86-*-linux2) OUT="linux-elf"
        if [ "$GCCVER" -gt 28 ]; then
@@ -648,7 +678,7 @@ case "$GUESSOS" in
   sun4[uv]*-*-solaris2)
        OUT="solaris-sparcv9-$CC"
        ISA64=`(isalist) 2>/dev/null | grep sparcv9`
-       if [ "$ISA64" != "" ]; then
+       if [ "$ISA64" != "" -a "$KERNEL_BITS" = "" ]; then
            if [ "$CC" = "cc" -a $CCVER -ge 50 ]; then
                echo "WARNING! If you wish to build 64-bit library, then you have to"
                echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
@@ -678,13 +708,16 @@ case "$GUESSOS" in
                fi
            fi
        fi
+       if [ "$ISA64" != "" -a "$KERNEL_BITS" = "64" ]; then
+           OUT="solaris64-sparcv9-$CC"
+       fi
        ;;
   sun4m-*-solaris2)    OUT="solaris-sparcv8-$CC" ;;
   sun4d-*-solaris2)    OUT="solaris-sparcv8-$CC" ;;
   sun4*-*-solaris2)    OUT="solaris-sparcv7-$CC" ;;
   *86*-*-solaris2)
        ISA64=`(isalist) 2>/dev/null | grep amd64`
-       if [ "$ISA64" != "" ]; then
+       if [ "$ISA64" != "" -a ${KERNEL_BITS:-64} -eq 64 ]; then
            OUT="solaris64-x86_64-$CC"
        else
            OUT="solaris-x86-$CC"
@@ -736,20 +769,17 @@ case "$GUESSOS" in
        if [ $CC = "gcc" -a $GCC_BITS = "64" ]; then
            OUT="hpux64-parisc2-gcc"
        fi
-       KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null`
+       [ "$KERNEL_BITS" ] || KERNEL_BITS=`(getconf KERNEL_BITS) 2>/dev/null`
        KERNEL_BITS=${KERNEL_BITS:-32}
        CPU_VERSION=`(getconf CPU_VERSION) 2>/dev/null`
        CPU_VERSION=${CPU_VERSION:-0}
        # See <sys/unistd.h> for further info on CPU_VERSION.
        if   [ $CPU_VERSION -ge 768 ]; then     # IA-64 CPU
-            echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
-            echo "         If you wish to build 32-bit library, the you have to"
-            echo "         invoke './Configure hpux-ia64-cc' *manually*."
-            if [ "$TEST" = "false" -a -t 1 ]; then
-               echo "         You have about 5 seconds to press Ctrl-C to abort."
-               (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
-            fi
-            OUT="hpux64-ia64-cc"
+            if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
+               OUT="hpux64-ia64-cc"
+             else
+               OUT="hpux-ia64-cc"
+             fi
        elif [ $CPU_VERSION -ge 532 ]; then     # PA-RISC 2.x CPU
             OUT=${OUT:-"hpux-parisc2-${CC}"}
             if [ $KERNEL_BITS -eq 64 -a "$CC" = "cc" ]; then
@@ -770,7 +800,7 @@ case "$GUESSOS" in
        options="$options -D_REENTRANT" ;;
   *-hpux)      OUT="hpux-parisc-$CC" ;;
   *-aix)
-       KERNEL_BITS=`(getconf KERNEL_BITMODE) 2>/dev/null`
+       [ "$KERNEL_BITS" ] || KERNEL_BITS=`(getconf KERNEL_BITMODE) 2>/dev/null`
        KERNEL_BITS=${KERNEL_BITS:-32}
        OBJECT_MODE=${OBJECT_MODE:-32}
        if [ "$CC" = "gcc" ]; then
@@ -810,6 +840,8 @@ case "$GUESSOS" in
   beos-*) OUT="$GUESSOS" ;;
   x86pc-*-qnx6) OUT="QNX6-i386" ;;
   *-*-qnx6) OUT="QNX6" ;;
+  x86-*-android|i?86-*-android) OUT="android-x86" ;;
+  armv[7-9]*-*-android) OUT="android-armv7" ;;
   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
 
@@ -825,9 +857,11 @@ esac
 #  options="$options -DATALLA"
 #fi
 
-($CC -Wa,--help -c -o /dev/null -x assembler /dev/null 2>&1 | \
- grep \\--noexecstack) 2>&1 > /dev/null && \
+if expr "$options" : '.*no\-asm' > /dev/null; then :; else
+  sh -c "$CROSS_COMPILE${CC:-gcc} -Wa,--help -c -o /tmp/null.$$.o -x assembler /dev/null && rm /tmp/null.$$.o" 2>&1 | \
+  grep \\--noexecstack >/dev/null && \
   options="$options -Wa,--noexecstack"
+fi
 
 # gcc < 2.8 does not support -march=ultrasparc
 if [ "$OUT" = solaris-sparcv9-gcc -a $GCCVER -lt 28 ]

diff --git a/deps/openssl/openssl/crypto/Makefile b/deps/openssl/openssl/crypto/Makefile
index 85d9f24..947dd5d 100644 (file)
--- a/deps/openssl/openssl/crypto/Makefile
+++ b/deps/openssl/openssl/crypto/Makefile
@@ -7,7 +7,7 @@ TOP=            ..
 CC=            cc
 INCLUDE=       -I. -I$(TOP) -I../include $(ZLIB_INCLUDE)
 # INCLUDES targets sudbirs!
-INCLUDES=      -I.. -I../.. -I../asn1 -I../evp -I../../include $(ZLIB_INCLUDE)
+INCLUDES=      -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include $(ZLIB_INCLUDE)
 CFLAG=         -g
 MAKEDEPPROG=   makedepend
 MAKEDEPEND=    $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
@@ -34,8 +34,10 @@ GENERAL=Makefile README crypto-lib.com install.com
 
 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
-LIBSRC=        cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c ebcdic.c uid.c o_time.c o_str.c o_dir.c
-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o uid.o o_time.o o_str.o o_dir.o $(CPUID_OBJ)
+LIBSRC=        cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c cpt_err.c \
+       ebcdic.c uid.c o_time.c o_str.c o_dir.c o_fips.c o_init.c fips_ers.c
+LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o cpt_err.o ebcdic.o \
+       uid.o o_time.o o_str.o o_dir.o o_fips.o o_init.o fips_ers.o $(CPUID_OBJ)
 
 SRC= $(LIBSRC)
 
@@ -67,14 +69,13 @@ applink.o:  $(TOP)/ms/applink.c
 uplink.o:      $(TOP)/ms/uplink.c applink.o
        $(CC) $(CFLAGS) -c -o $@ $(TOP)/ms/uplink.c
 
-uplink-cof.s:  $(TOP)/ms/uplink.pl
-       $(PERL) $(TOP)/ms/uplink.pl coff > $@
+uplink-x86.s:  $(TOP)/ms/uplink-x86.pl
+       $(PERL) $(TOP)/ms/uplink-x86.pl $(PERLASM_SCHEME) > $@
 
-x86_64cpuid.s: x86_64cpuid.pl
-       $(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) > $@
-ia64cpuid.s: ia64cpuid.S
-       $(CC) $(CFLAGS) -E ia64cpuid.S > $@
+x86_64cpuid.s: x86_64cpuid.pl; $(PERL) x86_64cpuid.pl $(PERLASM_SCHEME) > $@
+ia64cpuid.s: ia64cpuid.S;      $(CC) $(CFLAGS) -E ia64cpuid.S > $@
 ppccpuid.s:    ppccpuid.pl;    $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@
+pariscid.s:    pariscid.pl;    $(PERL) pariscid.pl $(PERLASM_SCHEME) $@
 alphacpuid.s:  alphacpuid.pl
        $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
 
@@ -102,6 +103,7 @@ lib:        $(LIB)
        @touch lib
 $(LIB):        $(LIBOBJ)
        $(AR) $(LIB) $(LIBOBJ)
+       [ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
        $(RANLIB) $(LIB) || echo Never mind.
 
 shared: buildinf.h lib subdirs
@@ -171,6 +173,7 @@ ex_data.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 ex_data.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
 ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 ex_data.o: ex_data.c
+fips_ers.o: ../include/openssl/opensslconf.h fips_ers.c
 mem.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
 mem.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
 mem.o: ../include/openssl/err.h ../include/openssl/lhash.h
@@ -191,6 +194,19 @@ mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
 mem_dbg.o: mem_dbg.c
 o_dir.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
 o_dir.o: LPdir_unix.c o_dir.c o_dir.h
+o_fips.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/buffer.h
+o_fips.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+o_fips.o: ../include/openssl/err.h ../include/openssl/lhash.h
+o_fips.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+o_fips.o: ../include/openssl/ossl_typ.h ../include/openssl/safestack.h
+o_fips.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+o_fips.o: o_fips.c
+o_init.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/crypto.h
+o_init.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+o_init.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+o_init.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+o_init.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+o_init.o: ../include/openssl/symhacks.h o_init.c
 o_str.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/opensslconf.h
 o_str.o: o_str.c o_str.h
 o_time.o: ../include/openssl/e_os2.h ../include/openssl/opensslconf.h o_time.c

diff --git a/deps/openssl/openssl/crypto/aes/Makefile b/deps/openssl/openssl/crypto/aes/Makefile
index c501a43..45ede0a 100644 (file)
--- a/deps/openssl/openssl/crypto/aes/Makefile
+++ b/deps/openssl/openssl/crypto/aes/Makefile
@@ -50,9 +50,21 @@ aes-ia64.s: asm/aes-ia64.S
 
 aes-586.s:     asm/aes-586.pl ../perlasm/x86asm.pl
        $(PERL) asm/aes-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+vpaes-x86.s:   asm/vpaes-x86.pl ../perlasm/x86asm.pl
+       $(PERL) asm/vpaes-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+aesni-x86.s:   asm/aesni-x86.pl ../perlasm/x86asm.pl
+       $(PERL) asm/aesni-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
 
 aes-x86_64.s: asm/aes-x86_64.pl
        $(PERL) asm/aes-x86_64.pl $(PERLASM_SCHEME) > $@
+vpaes-x86_64.s:        asm/vpaes-x86_64.pl
+       $(PERL) asm/vpaes-x86_64.pl $(PERLASM_SCHEME) > $@
+bsaes-x86_64.s:        asm/bsaes-x86_64.pl
+       $(PERL) asm/bsaes-x86_64.pl $(PERLASM_SCHEME) > $@
+aesni-x86_64.s: asm/aesni-x86_64.pl
+       $(PERL) asm/aesni-x86_64.pl $(PERLASM_SCHEME) > $@
+aesni-sha1-x86_64.s:   asm/aesni-sha1-x86_64.pl
+       $(PERL) asm/aesni-sha1-x86_64.pl $(PERLASM_SCHEME) > $@
 
 aes-sparcv9.s: asm/aes-sparcv9.pl
        $(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
@@ -60,8 +72,15 @@ aes-sparcv9.s: asm/aes-sparcv9.pl
 aes-ppc.s:     asm/aes-ppc.pl
        $(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@
 
+aes-parisc.s:  asm/aes-parisc.pl
+       $(PERL) asm/aes-parisc.pl $(PERLASM_SCHEME) $@
+
+aes-mips.S:    asm/aes-mips.pl
+       $(PERL) asm/aes-mips.pl $(PERLASM_SCHEME) $@
+
 # GNU make "catch all"
-aes-%.s:       asm/aes-%.pl;   $(PERL) $< $(CFLAGS) > $@
+aes-%.S:       asm/aes-%.pl;   $(PERL) $< $(PERLASM_SCHEME) > $@
+aes-armv4.o:   aes-armv4.S
 
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -117,9 +136,11 @@ aes_ige.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 aes_ige.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 aes_ige.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 aes_ige.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_ige.c aes_locl.h
-aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/e_os2.h
-aes_misc.o: ../../include/openssl/opensslconf.h
-aes_misc.o: ../../include/openssl/opensslv.h aes_locl.h aes_misc.c
+aes_misc.o: ../../include/openssl/aes.h ../../include/openssl/crypto.h
+aes_misc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+aes_misc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+aes_misc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+aes_misc.o: ../../include/openssl/symhacks.h aes_locl.h aes_misc.c
 aes_ofb.o: ../../include/openssl/aes.h ../../include/openssl/modes.h
 aes_ofb.o: ../../include/openssl/opensslconf.h aes_ofb.c
 aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h

diff --git a/deps/openssl/openssl/crypto/aes/aes.h b/deps/openssl/openssl/crypto/aes/aes.h
index d2c9973..031abf0 100644 (file)
--- a/deps/openssl/openssl/crypto/aes/aes.h
+++ b/deps/openssl/openssl/crypto/aes/aes.h
@@ -90,6 +90,11 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
        AES_KEY *key);
 
+int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+       AES_KEY *key);
+int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+       AES_KEY *key);
+
 void AES_encrypt(const unsigned char *in, unsigned char *out,
        const AES_KEY *key);
 void AES_decrypt(const unsigned char *in, unsigned char *out,

diff --git a/deps/openssl/openssl/crypto/aes/aes_core.c b/deps/openssl/openssl/crypto/aes/aes_core.c
index a7ec54f..8f5210a 100644 (file)
--- a/deps/openssl/openssl/crypto/aes/aes_core.c
+++ b/deps/openssl/openssl/crypto/aes/aes_core.c
@@ -625,7 +625,7 @@ static const u32 rcon[] = {
 /**
  * Expand the cipher key into the encryption key schedule.
  */
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
                        AES_KEY *key) {
 
        u32 *rk;
@@ -726,7 +726,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 /**
  * Expand the cipher key into the decryption key schedule.
  */
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
                         AES_KEY *key) {
 
         u32 *rk;
@@ -734,7 +734,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
        u32 temp;
 
        /* first, start with an encryption schedule */
-       status = AES_set_encrypt_key(userKey, bits, key);
+       status = private_AES_set_encrypt_key(userKey, bits, key);
        if (status < 0)
                return status;
 
@@ -1201,7 +1201,7 @@ static const u32 rcon[] = {
 /**
  * Expand the cipher key into the encryption key schedule.
  */
-int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
                        AES_KEY *key) {
        u32 *rk;
        int i = 0;
@@ -1301,7 +1301,7 @@ int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 /**
  * Expand the cipher key into the decryption key schedule.
  */
-int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
                         AES_KEY *key) {
 
         u32 *rk;
@@ -1309,7 +1309,7 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
        u32 temp;
 
        /* first, start with an encryption schedule */
-       status = AES_set_encrypt_key(userKey, bits, key);
+       status = private_AES_set_encrypt_key(userKey, bits, key);
        if (status < 0)
                return status;
 

diff --git a/deps/openssl/openssl/crypto/aes/aes_misc.c b/deps/openssl/openssl/crypto/aes/aes_misc.c
index 4fead1b..f083488 100644 (file)
--- a/deps/openssl/openssl/crypto/aes/aes_misc.c
+++ b/deps/openssl/openssl/crypto/aes/aes_misc.c
@@ -50,6 +50,7 @@
  */
 
 #include <openssl/opensslv.h>
+#include <openssl/crypto.h>
 #include <openssl/aes.h>
 #include "aes_locl.h"
 
@@ -62,3 +63,23 @@ const char *AES_options(void) {
         return "aes(partial)";
 #endif
 }
+
+/* FIPS wrapper functions to block low level AES calls in FIPS mode */
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                       AES_KEY *key)
+       {
+#ifdef OPENSSL_FIPS
+       fips_cipher_abort(AES);
+#endif
+       return private_AES_set_encrypt_key(userKey, bits, key);
+       }
+
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                       AES_KEY *key)
+       {
+#ifdef OPENSSL_FIPS
+       fips_cipher_abort(AES);
+#endif
+       return private_AES_set_decrypt_key(userKey, bits, key);
+       }

diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-586.pl b/deps/openssl/openssl/crypto/aes/asm/aes-586.pl
index fed3150..6eb4790 100755 (executable)
--- a/deps/openssl/openssl/crypto/aes/asm/aes-586.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aes-586.pl
@@ -39,7 +39,7 @@
 # but exhibits up to 10% improvement on other cores.
 #
 # Second version is "monolithic" replacement for aes_core.c, which in
-# addition to AES_[de|en]crypt implements AES_set_[de|en]cryption_key.
+# addition to AES_[de|en]crypt implements private_AES_set_[de|en]cryption_key.
 # This made it possible to implement little-endian variant of the
 # algorithm without modifying the base C code. Motivating factor for
 # the undertaken effort was that it appeared that in tight IA-32
@@ -2854,12 +2854,12 @@ sub enckey()
     &set_label("exit");
 &function_end("_x86_AES_set_encrypt_key");
 
-# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+# int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 #                        AES_KEY *key)
-&function_begin_B("AES_set_encrypt_key");
+&function_begin_B("private_AES_set_encrypt_key");
        &call   ("_x86_AES_set_encrypt_key");
        &ret    ();
-&function_end_B("AES_set_encrypt_key");
+&function_end_B("private_AES_set_encrypt_key");
 
 sub deckey()
 { my ($i,$key,$tp1,$tp2,$tp4,$tp8) = @_;
@@ -2916,9 +2916,9 @@ sub deckey()
        &mov    (&DWP(4*$i,$key),$tp1);
 }
 
-# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+# int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
 #                        AES_KEY *key)
-&function_begin_B("AES_set_decrypt_key");
+&function_begin_B("private_AES_set_decrypt_key");
        &call   ("_x86_AES_set_encrypt_key");
        &cmp    ("eax",0);
        &je     (&label("proceed"));
@@ -2974,7 +2974,7 @@ sub deckey()
        &jb     (&label("permute"));
 
        &xor    ("eax","eax");                  # return success
-&function_end("AES_set_decrypt_key");
+&function_end("private_AES_set_decrypt_key");
 &asciz("AES for x86, CRYPTOGAMS by <appro\@openssl.org>");
 
 &asm_finish();

diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-armv4.pl b/deps/openssl/openssl/crypto/aes/asm/aes-armv4.pl
index c51ee1f..86b86c4 100644 (file)
--- a/deps/openssl/openssl/crypto/aes/asm/aes-armv4.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aes-armv4.pl
@@ -27,6 +27,11 @@
 # Rescheduling for dual-issue pipeline resulted in 12% improvement on
 # Cortex A8 core and ~25 cycles per byte processed with 128-bit key.
 
+# February 2011.
+#
+# Profiler-assisted and platform-specific optimization resulted in 16%
+# improvement on Cortex A8 core and ~21.5 cycles per byte.
+
 while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
 open STDOUT,">$output";
 
@@ -46,6 +51,7 @@ $key="r11";
 $rounds="r12";
 
 $code=<<___;
+#include "arm_arch.h"
 .text
 .code  32
 
@@ -166,7 +172,7 @@ AES_encrypt:
        mov     $rounds,r0              @ inp
        mov     $key,r2
        sub     $tbl,r3,#AES_encrypt-AES_Te     @ Te
-
+#if __ARM_ARCH__<7
        ldrb    $s0,[$rounds,#3]        @ load input data in endian-neutral
        ldrb    $t1,[$rounds,#2]        @ manner...
        ldrb    $t2,[$rounds,#1]
@@ -195,10 +201,33 @@ AES_encrypt:
        orr     $s3,$s3,$t1,lsl#8
        orr     $s3,$s3,$t2,lsl#16
        orr     $s3,$s3,$t3,lsl#24
-
+#else
+       ldr     $s0,[$rounds,#0]
+       ldr     $s1,[$rounds,#4]
+       ldr     $s2,[$rounds,#8]
+       ldr     $s3,[$rounds,#12]
+#ifdef __ARMEL__
+       rev     $s0,$s0
+       rev     $s1,$s1
+       rev     $s2,$s2
+       rev     $s3,$s3
+#endif
+#endif
        bl      _armv4_AES_encrypt
 
        ldr     $rounds,[sp],#4         @ pop out
+#if __ARM_ARCH__>=7
+#ifdef __ARMEL__
+       rev     $s0,$s0
+       rev     $s1,$s1
+       rev     $s2,$s2
+       rev     $s3,$s3
+#endif
+       str     $s0,[$rounds,#0]
+       str     $s1,[$rounds,#4]
+       str     $s2,[$rounds,#8]
+       str     $s3,[$rounds,#12]
+#else
        mov     $t1,$s0,lsr#24          @ write output in endian-neutral
        mov     $t2,$s0,lsr#16          @ manner...
        mov     $t3,$s0,lsr#8
@@ -227,11 +256,15 @@ AES_encrypt:
        strb    $t2,[$rounds,#13]
        strb    $t3,[$rounds,#14]
        strb    $s3,[$rounds,#15]
-
+#endif
+#if __ARM_ARCH__>=5
+       ldmia   sp!,{r4-r12,pc}
+#else
        ldmia   sp!,{r4-r12,lr}
        tst     lr,#1
        moveq   pc,lr                   @ be binary compatible with V4, yet
        bx      lr                      @ interoperable with Thumb ISA:-)
+#endif
 .size  AES_encrypt,.-AES_encrypt
 
 .type   _armv4_AES_encrypt,%function
@@ -271,11 +304,11 @@ _armv4_AES_encrypt:
        and     $i2,lr,$s2,lsr#16       @ i1
        eor     $t3,$t3,$i3,ror#8
        and     $i3,lr,$s2
-       eor     $s1,$s1,$t1,ror#24
        ldr     $i1,[$tbl,$i1,lsl#2]    @ Te2[s2>>8]
+       eor     $s1,$s1,$t1,ror#24
+       ldr     $i2,[$tbl,$i2,lsl#2]    @ Te1[s2>>16]
        mov     $s2,$s2,lsr#24
 
-       ldr     $i2,[$tbl,$i2,lsl#2]    @ Te1[s2>>16]
        ldr     $i3,[$tbl,$i3,lsl#2]    @ Te3[s2>>0]
        eor     $s0,$s0,$i1,ror#16
        ldr     $s2,[$tbl,$s2,lsl#2]    @ Te0[s2>>24]
@@ -284,16 +317,16 @@ _armv4_AES_encrypt:
        and     $i2,lr,$s3,lsr#8        @ i1
        eor     $t3,$t3,$i3,ror#16
        and     $i3,lr,$s3,lsr#16       @ i2
-       eor     $s2,$s2,$t2,ror#16
        ldr     $i1,[$tbl,$i1,lsl#2]    @ Te3[s3>>0]
+       eor     $s2,$s2,$t2,ror#16
+       ldr     $i2,[$tbl,$i2,lsl#2]    @ Te2[s3>>8]
        mov     $s3,$s3,lsr#24
 
-       ldr     $i2,[$tbl,$i2,lsl#2]    @ Te2[s3>>8]
        ldr     $i3,[$tbl,$i3,lsl#2]    @ Te1[s3>>16]
        eor     $s0,$s0,$i1,ror#24
-       ldr     $s3,[$tbl,$s3,lsl#2]    @ Te0[s3>>24]
-       eor     $s1,$s1,$i2,ror#16
        ldr     $i1,[$key],#16
+       eor     $s1,$s1,$i2,ror#16
+       ldr     $s3,[$tbl,$s3,lsl#2]    @ Te0[s3>>24]
        eor     $s2,$s2,$i3,ror#8
        ldr     $t1,[$key,#-12]
        eor     $s3,$s3,$t3,ror#8
@@ -333,11 +366,11 @@ _armv4_AES_encrypt:
        and     $i2,lr,$s2,lsr#16       @ i1
        eor     $t3,$i3,$t3,lsl#8
        and     $i3,lr,$s2
-       eor     $s1,$t1,$s1,lsl#24
        ldrb    $i1,[$tbl,$i1,lsl#2]    @ Te4[s2>>8]
+       eor     $s1,$t1,$s1,lsl#24
+       ldrb    $i2,[$tbl,$i2,lsl#2]    @ Te4[s2>>16]
        mov     $s2,$s2,lsr#24
 
-       ldrb    $i2,[$tbl,$i2,lsl#2]    @ Te4[s2>>16]
        ldrb    $i3,[$tbl,$i3,lsl#2]    @ Te4[s2>>0]
        eor     $s0,$i1,$s0,lsl#8
        ldrb    $s2,[$tbl,$s2,lsl#2]    @ Te4[s2>>24]
@@ -346,15 +379,15 @@ _armv4_AES_encrypt:
        and     $i2,lr,$s3,lsr#8        @ i1
        eor     $t3,$i3,$t3,lsl#8
        and     $i3,lr,$s3,lsr#16       @ i2
-       eor     $s2,$t2,$s2,lsl#24
        ldrb    $i1,[$tbl,$i1,lsl#2]    @ Te4[s3>>0]
+       eor     $s2,$t2,$s2,lsl#24
+       ldrb    $i2,[$tbl,$i2,lsl#2]    @ Te4[s3>>8]
        mov     $s3,$s3,lsr#24
 
-       ldrb    $i2,[$tbl,$i2,lsl#2]    @ Te4[s3>>8]
        ldrb    $i3,[$tbl,$i3,lsl#2]    @ Te4[s3>>16]
        eor     $s0,$i1,$s0,lsl#8
-       ldrb    $s3,[$tbl,$s3,lsl#2]    @ Te4[s3>>24]
        ldr     $i1,[$key,#0]
+       ldrb    $s3,[$tbl,$s3,lsl#2]    @ Te4[s3>>24]
        eor     $s1,$s1,$i2,lsl#8
        ldr     $t1,[$key,#4]
        eor     $s2,$s2,$i3,lsl#16
@@ -371,10 +404,11 @@ _armv4_AES_encrypt:
        ldr     pc,[sp],#4              @ pop and return
 .size  _armv4_AES_encrypt,.-_armv4_AES_encrypt
 
-.global AES_set_encrypt_key
-.type   AES_set_encrypt_key,%function
+.global private_AES_set_encrypt_key
+.type   private_AES_set_encrypt_key,%function
 .align 5
-AES_set_encrypt_key:
+private_AES_set_encrypt_key:
+_armv4_AES_set_encrypt_key:
        sub     r3,pc,#8                @ AES_set_encrypt_key
        teq     r0,#0
        moveq   r0,#-1
@@ -392,12 +426,13 @@ AES_set_encrypt_key:
        bne     .Labrt
 
 .Lok:  stmdb   sp!,{r4-r12,lr}
-       sub     $tbl,r3,#AES_set_encrypt_key-AES_Te-1024        @ Te4
+       sub     $tbl,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4
 
        mov     $rounds,r0              @ inp
        mov     lr,r1                   @ bits
        mov     $key,r2                 @ key
 
+#if __ARM_ARCH__<7
        ldrb    $s0,[$rounds,#3]        @ load input data in endian-neutral
        ldrb    $t1,[$rounds,#2]        @ manner...
        ldrb    $t2,[$rounds,#1]
@@ -430,6 +465,22 @@ AES_set_encrypt_key:
        orr     $s3,$s3,$t3,lsl#24
        str     $s2,[$key,#-8]
        str     $s3,[$key,#-4]
+#else
+       ldr     $s0,[$rounds,#0]
+       ldr     $s1,[$rounds,#4]
+       ldr     $s2,[$rounds,#8]
+       ldr     $s3,[$rounds,#12]
+#ifdef __ARMEL__
+       rev     $s0,$s0
+       rev     $s1,$s1
+       rev     $s2,$s2
+       rev     $s3,$s3
+#endif
+       str     $s0,[$key],#16
+       str     $s1,[$key,#-12]
+       str     $s2,[$key,#-8]
+       str     $s3,[$key,#-4]
+#endif
 
        teq     lr,#128
        bne     .Lnot128
@@ -466,6 +517,7 @@ AES_set_encrypt_key:
        b       .Ldone
 
 .Lnot128:
+#if __ARM_ARCH__<7
        ldrb    $i2,[$rounds,#19]
        ldrb    $t1,[$rounds,#18]
        ldrb    $t2,[$rounds,#17]
@@ -482,6 +534,16 @@ AES_set_encrypt_key:
        str     $i2,[$key],#8
        orr     $i3,$i3,$t3,lsl#24
        str     $i3,[$key,#-4]
+#else
+       ldr     $i2,[$rounds,#16]
+       ldr     $i3,[$rounds,#20]
+#ifdef __ARMEL__
+       rev     $i2,$i2
+       rev     $i3,$i3
+#endif
+       str     $i2,[$key],#8
+       str     $i3,[$key,#-4]
+#endif
 
        teq     lr,#192
        bne     .Lnot192
@@ -526,6 +588,7 @@ AES_set_encrypt_key:
        b       .L192_loop
 
 .Lnot192:
+#if __ARM_ARCH__<7
        ldrb    $i2,[$rounds,#27]
        ldrb    $t1,[$rounds,#26]
        ldrb    $t2,[$rounds,#25]
@@ -542,6 +605,16 @@ AES_set_encrypt_key:
        str     $i2,[$key],#8
        orr     $i3,$i3,$t3,lsl#24
        str     $i3,[$key,#-4]
+#else
+       ldr     $i2,[$rounds,#24]
+       ldr     $i3,[$rounds,#28]
+#ifdef __ARMEL__
+       rev     $i2,$i2
+       rev     $i3,$i3
+#endif
+       str     $i2,[$key],#8
+       str     $i3,[$key,#-4]
+#endif
 
        mov     $rounds,#14
        str     $rounds,[$key,#240-32]
@@ -606,14 +679,14 @@ AES_set_encrypt_key:
 .Labrt:        tst     lr,#1
        moveq   pc,lr                   @ be binary compatible with V4, yet
        bx      lr                      @ interoperable with Thumb ISA:-)
-.size  AES_set_encrypt_key,.-AES_set_encrypt_key
+.size  private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
 
-.global AES_set_decrypt_key
-.type   AES_set_decrypt_key,%function
+.global private_AES_set_decrypt_key
+.type   private_AES_set_decrypt_key,%function
 .align 5
-AES_set_decrypt_key:
+private_AES_set_decrypt_key:
        str     lr,[sp,#-4]!            @ push lr
-       bl      AES_set_encrypt_key
+       bl      _armv4_AES_set_encrypt_key
        teq     r0,#0
        ldrne   lr,[sp],#4              @ pop lr
        bne     .Labrt
@@ -692,11 +765,15 @@ $code.=<<___;
        bne     .Lmix
 
        mov     r0,#0
+#if __ARM_ARCH__>=5
+       ldmia   sp!,{r4-r12,pc}
+#else
        ldmia   sp!,{r4-r12,lr}
        tst     lr,#1
        moveq   pc,lr                   @ be binary compatible with V4, yet
        bx      lr                      @ interoperable with Thumb ISA:-)
-.size  AES_set_decrypt_key,.-AES_set_decrypt_key
+#endif
+.size  private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
 
 .type  AES_Td,%object
 .align 5
@@ -811,7 +888,7 @@ AES_decrypt:
        mov     $rounds,r0              @ inp
        mov     $key,r2
        sub     $tbl,r3,#AES_decrypt-AES_Td             @ Td
-
+#if __ARM_ARCH__<7
        ldrb    $s0,[$rounds,#3]        @ load input data in endian-neutral
        ldrb    $t1,[$rounds,#2]        @ manner...
        ldrb    $t2,[$rounds,#1]
@@ -840,10 +917,33 @@ AES_decrypt:
        orr     $s3,$s3,$t1,lsl#8
        orr     $s3,$s3,$t2,lsl#16
        orr     $s3,$s3,$t3,lsl#24
-
+#else
+       ldr     $s0,[$rounds,#0]
+       ldr     $s1,[$rounds,#4]
+       ldr     $s2,[$rounds,#8]
+       ldr     $s3,[$rounds,#12]
+#ifdef __ARMEL__
+       rev     $s0,$s0
+       rev     $s1,$s1
+       rev     $s2,$s2
+       rev     $s3,$s3
+#endif
+#endif
        bl      _armv4_AES_decrypt
 
        ldr     $rounds,[sp],#4         @ pop out
+#if __ARM_ARCH__>=7
+#ifdef __ARMEL__
+       rev     $s0,$s0
+       rev     $s1,$s1
+       rev     $s2,$s2
+       rev     $s3,$s3
+#endif
+       str     $s0,[$rounds,#0]
+       str     $s1,[$rounds,#4]
+       str     $s2,[$rounds,#8]
+       str     $s3,[$rounds,#12]
+#else
        mov     $t1,$s0,lsr#24          @ write output in endian-neutral
        mov     $t2,$s0,lsr#16          @ manner...
        mov     $t3,$s0,lsr#8
@@ -872,11 +972,15 @@ AES_decrypt:
        strb    $t2,[$rounds,#13]
        strb    $t3,[$rounds,#14]
        strb    $s3,[$rounds,#15]
-
+#endif
+#if __ARM_ARCH__>=5
+       ldmia   sp!,{r4-r12,pc}
+#else
        ldmia   sp!,{r4-r12,lr}
        tst     lr,#1
        moveq   pc,lr                   @ be binary compatible with V4, yet
        bx      lr                      @ interoperable with Thumb ISA:-)
+#endif
 .size  AES_decrypt,.-AES_decrypt
 
 .type   _armv4_AES_decrypt,%function
@@ -916,11 +1020,11 @@ _armv4_AES_decrypt:
        and     $i2,lr,$s2              @ i1
        eor     $t3,$i3,$t3,ror#8
        and     $i3,lr,$s2,lsr#16
-       eor     $s1,$s1,$t1,ror#8
        ldr     $i1,[$tbl,$i1,lsl#2]    @ Td2[s2>>8]
+       eor     $s1,$s1,$t1,ror#8
+       ldr     $i2,[$tbl,$i2,lsl#2]    @ Td3[s2>>0]
        mov     $s2,$s2,lsr#24
 
-       ldr     $i2,[$tbl,$i2,lsl#2]    @ Td3[s2>>0]
        ldr     $i3,[$tbl,$i3,lsl#2]    @ Td1[s2>>16]
        eor     $s0,$s0,$i1,ror#16
        ldr     $s2,[$tbl,$s2,lsl#2]    @ Td0[s2>>24]
@@ -929,22 +1033,22 @@ _armv4_AES_decrypt:
        and     $i2,lr,$s3,lsr#8        @ i1
        eor     $t3,$i3,$t3,ror#8
        and     $i3,lr,$s3              @ i2
-       eor     $s2,$s2,$t2,ror#8
        ldr     $i1,[$tbl,$i1,lsl#2]    @ Td1[s3>>16]
+       eor     $s2,$s2,$t2,ror#8
+       ldr     $i2,[$tbl,$i2,lsl#2]    @ Td2[s3>>8]
        mov     $s3,$s3,lsr#24
 
-       ldr     $i2,[$tbl,$i2,lsl#2]    @ Td2[s3>>8]
        ldr     $i3,[$tbl,$i3,lsl#2]    @ Td3[s3>>0]
        eor     $s0,$s0,$i1,ror#8
-       ldr     $s3,[$tbl,$s3,lsl#2]    @ Td0[s3>>24]
+       ldr     $i1,[$key],#16
        eor     $s1,$s1,$i2,ror#16
+       ldr     $s3,[$tbl,$s3,lsl#2]    @ Td0[s3>>24]
        eor     $s2,$s2,$i3,ror#24
-       ldr     $i1,[$key],#16
-       eor     $s3,$s3,$t3,ror#8
 
        ldr     $t1,[$key,#-12]
-       ldr     $t2,[$key,#-8]
        eor     $s0,$s0,$i1
+       ldr     $t2,[$key,#-8]
+       eor     $s3,$s3,$t3,ror#8
        ldr     $t3,[$key,#-4]
        and     $i1,lr,$s0,lsr#16
        eor     $s1,$s1,$t1
@@ -985,11 +1089,11 @@ _armv4_AES_decrypt:
        and     $i1,lr,$s2,lsr#8        @ i0
        eor     $t2,$t2,$i2,lsl#8
        and     $i2,lr,$s2              @ i1
-       eor     $t3,$t3,$i3,lsl#8
        ldrb    $i1,[$tbl,$i1]          @ Td4[s2>>8]
+       eor     $t3,$t3,$i3,lsl#8
+       ldrb    $i2,[$tbl,$i2]          @ Td4[s2>>0]
        and     $i3,lr,$s2,lsr#16
 
-       ldrb    $i2,[$tbl,$i2]          @ Td4[s2>>0]
        ldrb    $s2,[$tbl,$s2,lsr#24]   @ Td4[s2>>24]
        eor     $s0,$s0,$i1,lsl#8
        ldrb    $i3,[$tbl,$i3]          @ Td4[s2>>16]
@@ -997,11 +1101,11 @@ _armv4_AES_decrypt:
        and     $i1,lr,$s3,lsr#16       @ i0
        eor     $s2,$t2,$s2,lsl#16
        and     $i2,lr,$s3,lsr#8        @ i1
-       eor     $t3,$t3,$i3,lsl#16
        ldrb    $i1,[$tbl,$i1]          @ Td4[s3>>16]
+       eor     $t3,$t3,$i3,lsl#16
+       ldrb    $i2,[$tbl,$i2]          @ Td4[s3>>8]
        and     $i3,lr,$s3              @ i2
 
-       ldrb    $i2,[$tbl,$i2]          @ Td4[s3>>8]
        ldrb    $i3,[$tbl,$i3]          @ Td4[s3>>0]
        ldrb    $s3,[$tbl,$s3,lsr#24]   @ Td4[s3>>24]
        eor     $s0,$s0,$i1,lsl#16

diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-ppc.pl b/deps/openssl/openssl/crypto/aes/asm/aes-ppc.pl
index f82c5e1..7c52cbe 100644 (file)
--- a/deps/openssl/openssl/crypto/aes/asm/aes-ppc.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aes-ppc.pl
@@ -7,7 +7,7 @@
 # details see http://www.openssl.org/~appro/cryptogams/.
 # ====================================================================
 
-# Needs more work: key setup, page boundaries, CBC routine...
+# Needs more work: key setup, CBC routine...
 #
 # ppc_AES_[en|de]crypt perform at 18 cycles per byte processed with
 # 128-bit key, which is ~40% better than 64-bit code generated by gcc
@@ -18,7 +18,7 @@
 
 # February 2010
 #
-# Rescheduling instructions to favour Power6 pipeline gives 10%
+# Rescheduling instructions to favour Power6 pipeline gave 10%
 # performance improvement on the platfrom in question (and marginal
 # improvement even on others). It should be noted that Power6 fails
 # to process byte in 18 cycles, only in 23, because it fails to issue
@@ -33,11 +33,13 @@ $flavour = shift;
 
 if ($flavour =~ /64/) {
        $SIZE_T =8;
+       $LRSAVE =2*$SIZE_T;
        $STU    ="stdu";
        $POP    ="ld";
        $PUSH   ="std";
 } elsif ($flavour =~ /32/) {
        $SIZE_T =4;
+       $LRSAVE =$SIZE_T;
        $STU    ="stwu";
        $POP    ="lwz";
        $PUSH   ="stw";
@@ -116,15 +118,19 @@ LAES_Te:
        addi    $Tbl0,$Tbl0,`128-8`
        mtlr    r0
        blr
-       .space  `32-24`
+       .long   0
+       .byte   0,12,0x14,0,0,0,0,0
+       .space  `64-9*4`
 LAES_Td:
        mflr    r0
        bcl     20,31,\$+4
        mflr    $Tbl0   ;    vvvvvvvv "distance" between . and 1st data entry
-       addi    $Tbl0,$Tbl0,`128-8-32+2048+256`
+       addi    $Tbl0,$Tbl0,`128-64-8+2048+256`
        mtlr    r0
        blr
-       .space  `128-32-24`
+       .long   0
+       .byte   0,12,0x14,0,0,0,0,0
+       .space  `128-64-9*4`
 ___
 &_data_word(
        0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d,
@@ -328,10 +334,9 @@ $code.=<<___;
 .globl .AES_encrypt
 .align 7
 .AES_encrypt:
-       mflr    r0
        $STU    $sp,-$FRAME($sp)
+       mflr    r0
 
-       $PUSH   r0,`$FRAME-$SIZE_T*21`($sp)
        $PUSH   $toc,`$FRAME-$SIZE_T*20`($sp)
        $PUSH   r13,`$FRAME-$SIZE_T*19`($sp)
        $PUSH   r14,`$FRAME-$SIZE_T*18`($sp)
@@ -352,7 +357,14 @@ $code.=<<___;
        $PUSH   r29,`$FRAME-$SIZE_T*3`($sp)
        $PUSH   r30,`$FRAME-$SIZE_T*2`($sp)
        $PUSH   r31,`$FRAME-$SIZE_T*1`($sp)
+       $PUSH   r0,`$FRAME+$LRSAVE`($sp)
+
+       andi.   $t0,$inp,3
+       andi.   $t1,$out,3
+       or.     $t0,$t0,$t1
+       bne     Lenc_unaligned
 
+Lenc_unaligned_ok:
        lwz     $s0,0($inp)
        lwz     $s1,4($inp)
        lwz     $s2,8($inp)
@@ -363,8 +375,80 @@ $code.=<<___;
        stw     $s1,4($out)
        stw     $s2,8($out)
        stw     $s3,12($out)
+       b       Lenc_done
+
+Lenc_unaligned:
+       subfic  $t0,$inp,4096
+       subfic  $t1,$out,4096
+       andi.   $t0,$t0,4096-16
+       beq     Lenc_xpage
+       andi.   $t1,$t1,4096-16
+       bne     Lenc_unaligned_ok
+
+Lenc_xpage:
+       lbz     $acc00,0($inp)
+       lbz     $acc01,1($inp)
+       lbz     $acc02,2($inp)
+       lbz     $s0,3($inp)
+       lbz     $acc04,4($inp)
+       lbz     $acc05,5($inp)
+       lbz     $acc06,6($inp)
+       lbz     $s1,7($inp)
+       lbz     $acc08,8($inp)
+       lbz     $acc09,9($inp)
+       lbz     $acc10,10($inp)
+       insrwi  $s0,$acc00,8,0
+       lbz     $s2,11($inp)
+       insrwi  $s1,$acc04,8,0
+       lbz     $acc12,12($inp)
+       insrwi  $s0,$acc01,8,8
+       lbz     $acc13,13($inp)
+       insrwi  $s1,$acc05,8,8
+       lbz     $acc14,14($inp)
+       insrwi  $s0,$acc02,8,16
+       lbz     $s3,15($inp)
+       insrwi  $s1,$acc06,8,16
+       insrwi  $s2,$acc08,8,0
+       insrwi  $s3,$acc12,8,0
+       insrwi  $s2,$acc09,8,8
+       insrwi  $s3,$acc13,8,8
+       insrwi  $s2,$acc10,8,16
+       insrwi  $s3,$acc14,8,16
+
+       bl      LAES_Te
+       bl      Lppc_AES_encrypt_compact
+
+       extrwi  $acc00,$s0,8,0
+       extrwi  $acc01,$s0,8,8
+       stb     $acc00,0($out)
+       extrwi  $acc02,$s0,8,16
+       stb     $acc01,1($out)
+       stb     $acc02,2($out)
+       extrwi  $acc04,$s1,8,0
+       stb     $s0,3($out)
+       extrwi  $acc05,$s1,8,8
+       stb     $acc04,4($out)
+       extrwi  $acc06,$s1,8,16
+       stb     $acc05,5($out)
+       stb     $acc06,6($out)
+       extrwi  $acc08,$s2,8,0
+       stb     $s1,7($out)
+       extrwi  $acc09,$s2,8,8
+       stb     $acc08,8($out)
+       extrwi  $acc10,$s2,8,16
+       stb     $acc09,9($out)
+       stb     $acc10,10($out)
+       extrwi  $acc12,$s3,8,0
+       stb     $s2,11($out)
+       extrwi  $acc13,$s3,8,8
+       stb     $acc12,12($out)
+       extrwi  $acc14,$s3,8,16
+       stb     $acc13,13($out)
+       stb     $acc14,14($out)
+       stb     $s3,15($out)
 
-       $POP    r0,`$FRAME-$SIZE_T*21`($sp)
+Lenc_done:
+       $POP    r0,`$FRAME+$LRSAVE`($sp)
        $POP    $toc,`$FRAME-$SIZE_T*20`($sp)
        $POP    r13,`$FRAME-$SIZE_T*19`($sp)
        $POP    r14,`$FRAME-$SIZE_T*18`($sp)
@@ -388,18 +472,21 @@ $code.=<<___;
        mtlr    r0
        addi    $sp,$sp,$FRAME
        blr
+       .long   0
+       .byte   0,12,4,1,0x80,18,3,0
+       .long   0
 
 .align 5
 Lppc_AES_encrypt:
        lwz     $acc00,240($key)
-       lwz     $t0,0($key)
-       lwz     $t1,4($key)
-       lwz     $t2,8($key)
-       lwz     $t3,12($key)
        addi    $Tbl1,$Tbl0,3
+       lwz     $t0,0($key)
        addi    $Tbl2,$Tbl0,2
+       lwz     $t1,4($key)
        addi    $Tbl3,$Tbl0,1
+       lwz     $t2,8($key)
        addi    $acc00,$acc00,-1
+       lwz     $t3,12($key)
        addi    $key,$key,16
        xor     $s0,$s0,$t0
        xor     $s1,$s1,$t1
@@ -413,44 +500,44 @@ Lenc_loop:
        rlwinm  $acc02,$s2,`32-24+3`,21,28
        rlwinm  $acc03,$s3,`32-24+3`,21,28
        lwz     $t0,0($key)
-       lwz     $t1,4($key)
        rlwinm  $acc04,$s1,`32-16+3`,21,28
+       lwz     $t1,4($key)
        rlwinm  $acc05,$s2,`32-16+3`,21,28
        lwz     $t2,8($key)
-       lwz     $t3,12($key)
        rlwinm  $acc06,$s3,`32-16+3`,21,28
+       lwz     $t3,12($key)
        rlwinm  $acc07,$s0,`32-16+3`,21,28
        lwzx    $acc00,$Tbl0,$acc00
-       lwzx    $acc01,$Tbl0,$acc01
        rlwinm  $acc08,$s2,`32-8+3`,21,28
+       lwzx    $acc01,$Tbl0,$acc01
        rlwinm  $acc09,$s3,`32-8+3`,21,28
        lwzx    $acc02,$Tbl0,$acc02
-       lwzx    $acc03,$Tbl0,$acc03
        rlwinm  $acc10,$s0,`32-8+3`,21,28
+       lwzx    $acc03,$Tbl0,$acc03
        rlwinm  $acc11,$s1,`32-8+3`,21,28
        lwzx    $acc04,$Tbl1,$acc04
-       lwzx    $acc05,$Tbl1,$acc05
        rlwinm  $acc12,$s3,`0+3`,21,28
+       lwzx    $acc05,$Tbl1,$acc05
        rlwinm  $acc13,$s0,`0+3`,21,28
        lwzx    $acc06,$Tbl1,$acc06
-       lwzx    $acc07,$Tbl1,$acc07
        rlwinm  $acc14,$s1,`0+3`,21,28
+       lwzx    $acc07,$Tbl1,$acc07
        rlwinm  $acc15,$s2,`0+3`,21,28
        lwzx    $acc08,$Tbl2,$acc08
-       lwzx    $acc09,$Tbl2,$acc09
        xor     $t0,$t0,$acc00
+       lwzx    $acc09,$Tbl2,$acc09
        xor     $t1,$t1,$acc01
        lwzx    $acc10,$Tbl2,$acc10
-       lwzx    $acc11,$Tbl2,$acc11
        xor     $t2,$t2,$acc02
+       lwzx    $acc11,$Tbl2,$acc11
        xor     $t3,$t3,$acc03
        lwzx    $acc12,$Tbl3,$acc12
-       lwzx    $acc13,$Tbl3,$acc13
        xor     $t0,$t0,$acc04
+       lwzx    $acc13,$Tbl3,$acc13
        xor     $t1,$t1,$acc05
        lwzx    $acc14,$Tbl3,$acc14
-       lwzx    $acc15,$Tbl3,$acc15
        xor     $t2,$t2,$acc06
+       lwzx    $acc15,$Tbl3,$acc15
        xor     $t3,$t3,$acc07
        xor     $t0,$t0,$acc08
        xor     $t1,$t1,$acc09
@@ -466,60 +553,60 @@ Lenc_loop:
        addi    $Tbl2,$Tbl0,2048
        nop
        lwz     $t0,0($key)
-       lwz     $t1,4($key)
        rlwinm  $acc00,$s0,`32-24`,24,31
+       lwz     $t1,4($key)
        rlwinm  $acc01,$s1,`32-24`,24,31
        lwz     $t2,8($key)
-       lwz     $t3,12($key)
        rlwinm  $acc02,$s2,`32-24`,24,31
+       lwz     $t3,12($key)
        rlwinm  $acc03,$s3,`32-24`,24,31
        lwz     $acc08,`2048+0`($Tbl0)  ! prefetch Te4
-       lwz     $acc09,`2048+32`($Tbl0)
        rlwinm  $acc04,$s1,`32-16`,24,31
+       lwz     $acc09,`2048+32`($Tbl0)
        rlwinm  $acc05,$s2,`32-16`,24,31
        lwz     $acc10,`2048+64`($Tbl0)
-       lwz     $acc11,`2048+96`($Tbl0)
        rlwinm  $acc06,$s3,`32-16`,24,31
+       lwz     $acc11,`2048+96`($Tbl0)
        rlwinm  $acc07,$s0,`32-16`,24,31
        lwz     $acc12,`2048+128`($Tbl0)
-       lwz     $acc13,`2048+160`($Tbl0)
        rlwinm  $acc08,$s2,`32-8`,24,31
+       lwz     $acc13,`2048+160`($Tbl0)
        rlwinm  $acc09,$s3,`32-8`,24,31
        lwz     $acc14,`2048+192`($Tbl0)
-       lwz     $acc15,`2048+224`($Tbl0)
        rlwinm  $acc10,$s0,`32-8`,24,31
+       lwz     $acc15,`2048+224`($Tbl0)
        rlwinm  $acc11,$s1,`32-8`,24,31
        lbzx    $acc00,$Tbl2,$acc00
-       lbzx    $acc01,$Tbl2,$acc01
        rlwinm  $acc12,$s3,`0`,24,31
+       lbzx    $acc01,$Tbl2,$acc01
        rlwinm  $acc13,$s0,`0`,24,31
        lbzx    $acc02,$Tbl2,$acc02
-       lbzx    $acc03,$Tbl2,$acc03
        rlwinm  $acc14,$s1,`0`,24,31
+       lbzx    $acc03,$Tbl2,$acc03
        rlwinm  $acc15,$s2,`0`,24,31
        lbzx    $acc04,$Tbl2,$acc04
-       lbzx    $acc05,$Tbl2,$acc05
        rlwinm  $s0,$acc00,24,0,7
+       lbzx    $acc05,$Tbl2,$acc05
        rlwinm  $s1,$acc01,24,0,7
        lbzx    $acc06,$Tbl2,$acc06
-       lbzx    $acc07,$Tbl2,$acc07
        rlwinm  $s2,$acc02,24,0,7
+       lbzx    $acc07,$Tbl2,$acc07
        rlwinm  $s3,$acc03,24,0,7
        lbzx    $acc08,$Tbl2,$acc08
-       lbzx    $acc09,$Tbl2,$acc09
        rlwimi  $s0,$acc04,16,8,15
+       lbzx    $acc09,$Tbl2,$acc09
        rlwimi  $s1,$acc05,16,8,15
        lbzx    $acc10,$Tbl2,$acc10
-       lbzx    $acc11,$Tbl2,$acc11
        rlwimi  $s2,$acc06,16,8,15
+       lbzx    $acc11,$Tbl2,$acc11
        rlwimi  $s3,$acc07,16,8,15
        lbzx    $acc12,$Tbl2,$acc12
-       lbzx    $acc13,$Tbl2,$acc13
        rlwimi  $s0,$acc08,8,16,23
+       lbzx    $acc13,$Tbl2,$acc13
        rlwimi  $s1,$acc09,8,16,23
        lbzx    $acc14,$Tbl2,$acc14
-       lbzx    $acc15,$Tbl2,$acc15
        rlwimi  $s2,$acc10,8,16,23
+       lbzx    $acc15,$Tbl2,$acc15
        rlwimi  $s3,$acc11,8,16,23
        or      $s0,$s0,$acc12
        or      $s1,$s1,$acc13
@@ -530,29 +617,31 @@ Lenc_loop:
        xor     $s2,$s2,$t2
        xor     $s3,$s3,$t3
        blr
+       .long   0
+       .byte   0,12,0x14,0,0,0,0,0
 
 .align 4
 Lppc_AES_encrypt_compact:
        lwz     $acc00,240($key)
-       lwz     $t0,0($key)
-       lwz     $t1,4($key)
-       lwz     $t2,8($key)
-       lwz     $t3,12($key)
        addi    $Tbl1,$Tbl0,2048
+       lwz     $t0,0($key)
        lis     $mask80,0x8080
+       lwz     $t1,4($key)
        lis     $mask1b,0x1b1b
-       addi    $key,$key,16
+       lwz     $t2,8($key)
        ori     $mask80,$mask80,0x8080
+       lwz     $t3,12($key)
        ori     $mask1b,$mask1b,0x1b1b
+       addi    $key,$key,16
        mtctr   $acc00
 .align 4
 Lenc_compact_loop:
        xor     $s0,$s0,$t0
        xor     $s1,$s1,$t1
-       xor     $s2,$s2,$t2
-       xor     $s3,$s3,$t3
        rlwinm  $acc00,$s0,`32-24`,24,31
+       xor     $s2,$s2,$t2
        rlwinm  $acc01,$s1,`32-24`,24,31
+       xor     $s3,$s3,$t3
        rlwinm  $acc02,$s2,`32-24`,24,31
        rlwinm  $acc03,$s3,`32-24`,24,31
        rlwinm  $acc04,$s1,`32-16`,24,31
@@ -560,48 +649,48 @@ Lenc_compact_loop:
        rlwinm  $acc06,$s3,`32-16`,24,31
        rlwinm  $acc07,$s0,`32-16`,24,31
        lbzx    $acc00,$Tbl1,$acc00
-       lbzx    $acc01,$Tbl1,$acc01
        rlwinm  $acc08,$s2,`32-8`,24,31
+       lbzx    $acc01,$Tbl1,$acc01
        rlwinm  $acc09,$s3,`32-8`,24,31
        lbzx    $acc02,$Tbl1,$acc02
-       lbzx    $acc03,$Tbl1,$acc03
        rlwinm  $acc10,$s0,`32-8`,24,31
+       lbzx    $acc03,$Tbl1,$acc03
        rlwinm  $acc11,$s1,`32-8`,24,31
        lbzx    $acc04,$Tbl1,$acc04
-       lbzx    $acc05,$Tbl1,$acc05
        rlwinm  $acc12,$s3,`0`,24,31
+       lbzx    $acc05,$Tbl1,$acc05
        rlwinm  $acc13,$s0,`0`,24,31
        lbzx    $acc06,$Tbl1,$acc06
-       lbzx    $acc07,$Tbl1,$acc07
        rlwinm  $acc14,$s1,`0`,24,31
+       lbzx    $acc07,$Tbl1,$acc07
        rlwinm  $acc15,$s2,`0`,24,31
        lbzx    $acc08,$Tbl1,$acc08
-       lbzx    $acc09,$Tbl1,$acc09
        rlwinm  $s0,$acc00,24,0,7
+       lbzx    $acc09,$Tbl1,$acc09
        rlwinm  $s1,$acc01,24,0,7
        lbzx    $acc10,$Tbl1,$acc10
-       lbzx    $acc11,$Tbl1,$acc11
        rlwinm  $s2,$acc02,24,0,7
+       lbzx    $acc11,$Tbl1,$acc11
        rlwinm  $s3,$acc03,24,0,7
        lbzx    $acc12,$Tbl1,$acc12
-       lbzx    $acc13,$Tbl1,$acc13
        rlwimi  $s0,$acc04,16,8,15
+       lbzx    $acc13,$Tbl1,$acc13
        rlwimi  $s1,$acc05,16,8,15
        lbzx    $acc14,$Tbl1,$acc14
-       lbzx    $acc15,$Tbl1,$acc15
        rlwimi  $s2,$acc06,16,8,15
+       lbzx    $acc15,$Tbl1,$acc15
        rlwimi  $s3,$acc07,16,8,15
        rlwimi  $s0,$acc08,8,16,23
        rlwimi  $s1,$acc09,8,16,23
        rlwimi  $s2,$acc10,8,16,23
        rlwimi  $s3,$acc11,8,16,23
        lwz     $t0,0($key)
-       lwz     $t1,4($key)
        or      $s0,$s0,$acc12
+       lwz     $t1,4($key)
        or      $s1,$s1,$acc13
        lwz     $t2,8($key)
-       lwz     $t3,12($key)
        or      $s2,$s2,$acc14
+       lwz     $t3,12($key)
        or      $s3,$s3,$acc15
 
        addi    $key,$key,16
@@ -612,12 +701,12 @@ Lenc_compact_loop:
        and     $acc02,$s2,$mask80
        and     $acc03,$s3,$mask80
        srwi    $acc04,$acc00,7         # r1>>7
-       srwi    $acc05,$acc01,7
-       srwi    $acc06,$acc02,7
-       srwi    $acc07,$acc03,7
        andc    $acc08,$s0,$mask80      # r0&0x7f7f7f7f
+       srwi    $acc05,$acc01,7
        andc    $acc09,$s1,$mask80
+       srwi    $acc06,$acc02,7
        andc    $acc10,$s2,$mask80
+       srwi    $acc07,$acc03,7
        andc    $acc11,$s3,$mask80
        sub     $acc00,$acc00,$acc04    # r1-(r1>>7)
        sub     $acc01,$acc01,$acc05
@@ -633,32 +722,32 @@ Lenc_compact_loop:
        and     $acc03,$acc03,$mask1b
        xor     $acc00,$acc00,$acc08    # r2
        xor     $acc01,$acc01,$acc09
+        rotlwi $acc12,$s0,16           # ROTATE(r0,16)
        xor     $acc02,$acc02,$acc10
+        rotlwi $acc13,$s1,16
        xor     $acc03,$acc03,$acc11
+        rotlwi $acc14,$s2,16
 
-       rotlwi  $acc12,$s0,16           # ROTATE(r0,16)
-       rotlwi  $acc13,$s1,16
-       rotlwi  $acc14,$s2,16
-       rotlwi  $acc15,$s3,16
        xor     $s0,$s0,$acc00          # r0^r2
+       rotlwi  $acc15,$s3,16
        xor     $s1,$s1,$acc01
-       xor     $s2,$s2,$acc02
-       xor     $s3,$s3,$acc03
        rotrwi  $s0,$s0,24              # ROTATE(r2^r0,24)
+       xor     $s2,$s2,$acc02
        rotrwi  $s1,$s1,24
+       xor     $s3,$s3,$acc03
        rotrwi  $s2,$s2,24
-       rotrwi  $s3,$s3,24
        xor     $s0,$s0,$acc00          # ROTATE(r2^r0,24)^r2
+       rotrwi  $s3,$s3,24
        xor     $s1,$s1,$acc01
        xor     $s2,$s2,$acc02
        xor     $s3,$s3,$acc03
        rotlwi  $acc08,$acc12,8         # ROTATE(r0,24)
-       rotlwi  $acc09,$acc13,8
-       rotlwi  $acc10,$acc14,8
-       rotlwi  $acc11,$acc15,8
        xor     $s0,$s0,$acc12          #
+       rotlwi  $acc09,$acc13,8
        xor     $s1,$s1,$acc13
+       rotlwi  $acc10,$acc14,8
        xor     $s2,$s2,$acc14
+       rotlwi  $acc11,$acc15,8
        xor     $s3,$s3,$acc15
        xor     $s0,$s0,$acc08          #
        xor     $s1,$s1,$acc09
@@ -673,14 +762,15 @@ Lenc_compact_done:
        xor     $s2,$s2,$t2
        xor     $s3,$s3,$t3
        blr
+       .long   0
+       .byte   0,12,0x14,0,0,0,0,0
 
 .globl .AES_decrypt
 .align 7
 .AES_decrypt:
-       mflr    r0
        $STU    $sp,-$FRAME($sp)
+       mflr    r0
 
-       $PUSH   r0,`$FRAME-$SIZE_T*21`($sp)
        $PUSH   $toc,`$FRAME-$SIZE_T*20`($sp)
        $PUSH   r13,`$FRAME-$SIZE_T*19`($sp)
        $PUSH   r14,`$FRAME-$SIZE_T*18`($sp)
@@ -701,7 +791,14 @@ Lenc_compact_done:
        $PUSH   r29,`$FRAME-$SIZE_T*3`($sp)
        $PUSH   r30,`$FRAME-$SIZE_T*2`($sp)
        $PUSH   r31,`$FRAME-$SIZE_T*1`($sp)
+       $PUSH   r0,`$FRAME+$LRSAVE`($sp)
 
+       andi.   $t0,$inp,3
+       andi.   $t1,$out,3
+       or.     $t0,$t0,$t1
+       bne     Ldec_unaligned
+
+Ldec_unaligned_ok:
        lwz     $s0,0($inp)
        lwz     $s1,4($inp)
        lwz     $s2,8($inp)
@@ -712,8 +809,80 @@ Lenc_compact_done:
        stw     $s1,4($out)
        stw     $s2,8($out)
        stw     $s3,12($out)
+       b       Ldec_done
+
+Ldec_unaligned:
+       subfic  $t0,$inp,4096
+       subfic  $t1,$out,4096
+       andi.   $t0,$t0,4096-16
+       beq     Ldec_xpage
+       andi.   $t1,$t1,4096-16
+       bne     Ldec_unaligned_ok
+
+Ldec_xpage:
+       lbz     $acc00,0($inp)
+       lbz     $acc01,1($inp)
+       lbz     $acc02,2($inp)
+       lbz     $s0,3($inp)
+       lbz     $acc04,4($inp)
+       lbz     $acc05,5($inp)
+       lbz     $acc06,6($inp)
+       lbz     $s1,7($inp)
+       lbz     $acc08,8($inp)
+       lbz     $acc09,9($inp)
+       lbz     $acc10,10($inp)
+       insrwi  $s0,$acc00,8,0
+       lbz     $s2,11($inp)
+       insrwi  $s1,$acc04,8,0
+       lbz     $acc12,12($inp)
+       insrwi  $s0,$acc01,8,8
+       lbz     $acc13,13($inp)
+       insrwi  $s1,$acc05,8,8
+       lbz     $acc14,14($inp)
+       insrwi  $s0,$acc02,8,16
+       lbz     $s3,15($inp)
+       insrwi  $s1,$acc06,8,16
+       insrwi  $s2,$acc08,8,0
+       insrwi  $s3,$acc12,8,0
+       insrwi  $s2,$acc09,8,8
+       insrwi  $s3,$acc13,8,8
+       insrwi  $s2,$acc10,8,16
+       insrwi  $s3,$acc14,8,16
+
+       bl      LAES_Td
+       bl      Lppc_AES_decrypt_compact
 
-       $POP    r0,`$FRAME-$SIZE_T*21`($sp)
+       extrwi  $acc00,$s0,8,0
+       extrwi  $acc01,$s0,8,8
+       stb     $acc00,0($out)
+       extrwi  $acc02,$s0,8,16
+       stb     $acc01,1($out)
+       stb     $acc02,2($out)
+       extrwi  $acc04,$s1,8,0
+       stb     $s0,3($out)
+       extrwi  $acc05,$s1,8,8
+       stb     $acc04,4($out)
+       extrwi  $acc06,$s1,8,16
+       stb     $acc05,5($out)
+       stb     $acc06,6($out)
+       extrwi  $acc08,$s2,8,0
+       stb     $s1,7($out)
+       extrwi  $acc09,$s2,8,8
+       stb     $acc08,8($out)
+       extrwi  $acc10,$s2,8,16
+       stb     $acc09,9($out)
+       stb     $acc10,10($out)
+       extrwi  $acc12,$s3,8,0
+       stb     $s2,11($out)
+       extrwi  $acc13,$s3,8,8
+       stb     $acc12,12($out)
+       extrwi  $acc14,$s3,8,16
+       stb     $acc13,13($out)
+       stb     $acc14,14($out)
+       stb     $s3,15($out)
+
+Ldec_done:
+       $POP    r0,`$FRAME+$LRSAVE`($sp)
        $POP    $toc,`$FRAME-$SIZE_T*20`($sp)
        $POP    r13,`$FRAME-$SIZE_T*19`($sp)
        $POP    r14,`$FRAME-$SIZE_T*18`($sp)
@@ -737,18 +906,21 @@ Lenc_compact_done:
        mtlr    r0
        addi    $sp,$sp,$FRAME
        blr
+       .long   0
+       .byte   0,12,4,1,0x80,18,3,0
+       .long   0
 
 .align 5
 Lppc_AES_decrypt:
        lwz     $acc00,240($key)
-       lwz     $t0,0($key)
-       lwz     $t1,4($key)
-       lwz     $t2,8($key)
-       lwz     $t3,12($key)
        addi    $Tbl1,$Tbl0,3
+       lwz     $t0,0($key)
        addi    $Tbl2,$Tbl0,2
+       lwz     $t1,4($key)
        addi    $Tbl3,$Tbl0,1
+       lwz     $t2,8($key)
        addi    $acc00,$acc00,-1
+       lwz     $t3,12($key)
        addi    $key,$key,16
        xor     $s0,$s0,$t0
        xor     $s1,$s1,$t1
@@ -762,44 +934,44 @@ Ldec_loop:
        rlwinm  $acc02,$s2,`32-24+3`,21,28
        rlwinm  $acc03,$s3,`32-24+3`,21,28
        lwz     $t0,0($key)
-       lwz     $t1,4($key)
        rlwinm  $acc04,$s3,`32-16+3`,21,28
+       lwz     $t1,4($key)
        rlwinm  $acc05,$s0,`32-16+3`,21,28
        lwz     $t2,8($key)
-       lwz     $t3,12($key)
        rlwinm  $acc06,$s1,`32-16+3`,21,28
+       lwz     $t3,12($key)
        rlwinm  $acc07,$s2,`32-16+3`,21,28
        lwzx    $acc00,$Tbl0,$acc00
-       lwzx    $acc01,$Tbl0,$acc01
        rlwinm  $acc08,$s2,`32-8+3`,21,28
+       lwzx    $acc01,$Tbl0,$acc01
        rlwinm  $acc09,$s3,`32-8+3`,21,28
        lwzx    $acc02,$Tbl0,$acc02
-       lwzx    $acc03,$Tbl0,$acc03
        rlwinm  $acc10,$s0,`32-8+3`,21,28
+       lwzx    $acc03,$Tbl0,$acc03
        rlwinm  $acc11,$s1,`32-8+3`,21,28
        lwzx    $acc04,$Tbl1,$acc04
-       lwzx    $acc05,$Tbl1,$acc05
        rlwinm  $acc12,$s1,`0+3`,21,28
+       lwzx    $acc05,$Tbl1,$acc05
        rlwinm  $acc13,$s2,`0+3`,21,28
        lwzx    $acc06,$Tbl1,$acc06
-       lwzx    $acc07,$Tbl1,$acc07
        rlwinm  $acc14,$s3,`0+3`,21,28
+       lwzx    $acc07,$Tbl1,$acc07
        rlwinm  $acc15,$s0,`0+3`,21,28
        lwzx    $acc08,$Tbl2,$acc08
-       lwzx    $acc09,$Tbl2,$acc09
        xor     $t0,$t0,$acc00
+       lwzx    $acc09,$Tbl2,$acc09
        xor     $t1,$t1,$acc01
        lwzx    $acc10,$Tbl2,$acc10
-       lwzx    $acc11,$Tbl2,$acc11
        xor     $t2,$t2,$acc02
+       lwzx    $acc11,$Tbl2,$acc11
        xor     $t3,$t3,$acc03
        lwzx    $acc12,$Tbl3,$acc12
-       lwzx    $acc13,$Tbl3,$acc13
        xor     $t0,$t0,$acc04
+       lwzx    $acc13,$Tbl3,$acc13
        xor     $t1,$t1,$acc05
        lwzx    $acc14,$Tbl3,$acc14
-       lwzx    $acc15,$Tbl3,$acc15
        xor     $t2,$t2,$acc06
+       lwzx    $acc15,$Tbl3,$acc15
        xor     $t3,$t3,$acc07
        xor     $t0,$t0,$acc08
        xor     $t1,$t1,$acc09
@@ -815,56 +987,56 @@ Ldec_loop:
        addi    $Tbl2,$Tbl0,2048
        nop
        lwz     $t0,0($key)
-       lwz     $t1,4($key)
        rlwinm  $acc00,$s0,`32-24`,24,31
+       lwz     $t1,4($key)
        rlwinm  $acc01,$s1,`32-24`,24,31
        lwz     $t2,8($key)
-       lwz     $t3,12($key)
        rlwinm  $acc02,$s2,`32-24`,24,31
+       lwz     $t3,12($key)
        rlwinm  $acc03,$s3,`32-24`,24,31
        lwz     $acc08,`2048+0`($Tbl0)  ! prefetch Td4
-       lwz     $acc09,`2048+32`($Tbl0)
        rlwinm  $acc04,$s3,`32-16`,24,31
+       lwz     $acc09,`2048+32`($Tbl0)
        rlwinm  $acc05,$s0,`32-16`,24,31
        lwz     $acc10,`2048+64`($Tbl0)
-       lwz     $acc11,`2048+96`($Tbl0)
        lbzx    $acc00,$Tbl2,$acc00
+       lwz     $acc11,`2048+96`($Tbl0)
        lbzx    $acc01,$Tbl2,$acc01
        lwz     $acc12,`2048+128`($Tbl0)
-       lwz     $acc13,`2048+160`($Tbl0)
        rlwinm  $acc06,$s1,`32-16`,24,31
+       lwz     $acc13,`2048+160`($Tbl0)
        rlwinm  $acc07,$s2,`32-16`,24,31
        lwz     $acc14,`2048+192`($Tbl0)
-       lwz     $acc15,`2048+224`($Tbl0)
        rlwinm  $acc08,$s2,`32-8`,24,31
+       lwz     $acc15,`2048+224`($Tbl0)
        rlwinm  $acc09,$s3,`32-8`,24,31
        lbzx    $acc02,$Tbl2,$acc02
-       lbzx    $acc03,$Tbl2,$acc03
        rlwinm  $acc10,$s0,`32-8`,24,31
+       lbzx    $acc03,$Tbl2,$acc03
        rlwinm  $acc11,$s1,`32-8`,24,31
        lbzx    $acc04,$Tbl2,$acc04
-       lbzx    $acc05,$Tbl2,$acc05
        rlwinm  $acc12,$s1,`0`,24,31
+       lbzx    $acc05,$Tbl2,$acc05
        rlwinm  $acc13,$s2,`0`,24,31
        lbzx    $acc06,$Tbl2,$acc06
-       lbzx    $acc07,$Tbl2,$acc07
        rlwinm  $acc14,$s3,`0`,24,31
+       lbzx    $acc07,$Tbl2,$acc07
        rlwinm  $acc15,$s0,`0`,24,31
        lbzx    $acc08,$Tbl2,$acc08
-       lbzx    $acc09,$Tbl2,$acc09
        rlwinm  $s0,$acc00,24,0,7
+       lbzx    $acc09,$Tbl2,$acc09
        rlwinm  $s1,$acc01,24,0,7
        lbzx    $acc10,$Tbl2,$acc10
-       lbzx    $acc11,$Tbl2,$acc11
        rlwinm  $s2,$acc02,24,0,7
+       lbzx    $acc11,$Tbl2,$acc11
        rlwinm  $s3,$acc03,24,0,7
        lbzx    $acc12,$Tbl2,$acc12
-       lbzx    $acc13,$Tbl2,$acc13
        rlwimi  $s0,$acc04,16,8,15
+       lbzx    $acc13,$Tbl2,$acc13
        rlwimi  $s1,$acc05,16,8,15
        lbzx    $acc14,$Tbl2,$acc14
-       lbzx    $acc15,$Tbl2,$acc15
        rlwimi  $s2,$acc06,16,8,15
+       lbzx    $acc15,$Tbl2,$acc15
        rlwimi  $s3,$acc07,16,8,15
        rlwimi  $s0,$acc08,8,16,23
        rlwimi  $s1,$acc09,8,16,23
@@ -879,20 +1051,22 @@ Ldec_loop:
        xor     $s2,$s2,$t2
        xor     $s3,$s3,$t3
        blr
+       .long   0
+       .byte   0,12,0x14,0,0,0,0,0
 
 .align 4
 Lppc_AES_decrypt_compact:
        lwz     $acc00,240($key)
-       lwz     $t0,0($key)
-       lwz     $t1,4($key)
-       lwz     $t2,8($key)
-       lwz     $t3,12($key)
        addi    $Tbl1,$Tbl0,2048
+       lwz     $t0,0($key)
        lis     $mask80,0x8080
+       lwz     $t1,4($key)
        lis     $mask1b,0x1b1b
-       addi    $key,$key,16
+       lwz     $t2,8($key)
        ori     $mask80,$mask80,0x8080
+       lwz     $t3,12($key)
        ori     $mask1b,$mask1b,0x1b1b
+       addi    $key,$key,16
 ___
 $code.=<<___ if ($SIZE_T==8);
        insrdi  $mask80,$mask80,32,0
@@ -904,10 +1078,10 @@ $code.=<<___;
 Ldec_compact_loop:
        xor     $s0,$s0,$t0
        xor     $s1,$s1,$t1
-       xor     $s2,$s2,$t2
-       xor     $s3,$s3,$t3
        rlwinm  $acc00,$s0,`32-24`,24,31
+       xor     $s2,$s2,$t2
        rlwinm  $acc01,$s1,`32-24`,24,31
+       xor     $s3,$s3,$t3
        rlwinm  $acc02,$s2,`32-24`,24,31
        rlwinm  $acc03,$s3,`32-24`,24,31
        rlwinm  $acc04,$s3,`32-16`,24,31
@@ -915,48 +1089,48 @@ Ldec_compact_loop:
        rlwinm  $acc06,$s1,`32-16`,24,31
        rlwinm  $acc07,$s2,`32-16`,24,31
        lbzx    $acc00,$Tbl1,$acc00
-       lbzx    $acc01,$Tbl1,$acc01
        rlwinm  $acc08,$s2,`32-8`,24,31
+       lbzx    $acc01,$Tbl1,$acc01
        rlwinm  $acc09,$s3,`32-8`,24,31
        lbzx    $acc02,$Tbl1,$acc02
-       lbzx    $acc03,$Tbl1,$acc03
        rlwinm  $acc10,$s0,`32-8`,24,31
+       lbzx    $acc03,$Tbl1,$acc03
        rlwinm  $acc11,$s1,`32-8`,24,31
        lbzx    $acc04,$Tbl1,$acc04
-       lbzx    $acc05,$Tbl1,$acc05
        rlwinm  $acc12,$s1,`0`,24,31
+       lbzx    $acc05,$Tbl1,$acc05
        rlwinm  $acc13,$s2,`0`,24,31
        lbzx    $acc06,$Tbl1,$acc06
-       lbzx    $acc07,$Tbl1,$acc07
        rlwinm  $acc14,$s3,`0`,24,31
+       lbzx    $acc07,$Tbl1,$acc07
        rlwinm  $acc15,$s0,`0`,24,31
        lbzx    $acc08,$Tbl1,$acc08
-       lbzx    $acc09,$Tbl1,$acc09
        rlwinm  $s0,$acc00,24,0,7
+       lbzx    $acc09,$Tbl1,$acc09
        rlwinm  $s1,$acc01,24,0,7
        lbzx    $acc10,$Tbl1,$acc10
-       lbzx    $acc11,$Tbl1,$acc11
        rlwinm  $s2,$acc02,24,0,7
+       lbzx    $acc11,$Tbl1,$acc11
        rlwinm  $s3,$acc03,24,0,7
        lbzx    $acc12,$Tbl1,$acc12
-       lbzx    $acc13,$Tbl1,$acc13
        rlwimi  $s0,$acc04,16,8,15
+       lbzx    $acc13,$Tbl1,$acc13
        rlwimi  $s1,$acc05,16,8,15
        lbzx    $acc14,$Tbl1,$acc14
-       lbzx    $acc15,$Tbl1,$acc15
        rlwimi  $s2,$acc06,16,8,15
+       lbzx    $acc15,$Tbl1,$acc15
        rlwimi  $s3,$acc07,16,8,15
        rlwimi  $s0,$acc08,8,16,23
        rlwimi  $s1,$acc09,8,16,23
        rlwimi  $s2,$acc10,8,16,23
        rlwimi  $s3,$acc11,8,16,23
        lwz     $t0,0($key)
-       lwz     $t1,4($key)
        or      $s0,$s0,$acc12
+       lwz     $t1,4($key)
        or      $s1,$s1,$acc13
        lwz     $t2,8($key)
-       lwz     $t3,12($key)
        or      $s2,$s2,$acc14
+       lwz     $t3,12($key)
        or      $s3,$s3,$acc15
 
        addi    $key,$key,16
@@ -1030,12 +1204,12 @@ $code.=<<___ if ($SIZE_T==4);
        and     $acc02,$s2,$mask80
        and     $acc03,$s3,$mask80
        srwi    $acc04,$acc00,7         # r1>>7
-       srwi    $acc05,$acc01,7
-       srwi    $acc06,$acc02,7
-       srwi    $acc07,$acc03,7
        andc    $acc08,$s0,$mask80      # r0&0x7f7f7f7f
+       srwi    $acc05,$acc01,7
        andc    $acc09,$s1,$mask80
+       srwi    $acc06,$acc02,7
        andc    $acc10,$s2,$mask80
+       srwi    $acc07,$acc03,7
        andc    $acc11,$s3,$mask80
        sub     $acc00,$acc00,$acc04    # r1-(r1>>7)
        sub     $acc01,$acc01,$acc05
@@ -1059,12 +1233,12 @@ $code.=<<___ if ($SIZE_T==4);
        and     $acc06,$acc02,$mask80
        and     $acc07,$acc03,$mask80
        srwi    $acc08,$acc04,7         # r1>>7
-       srwi    $acc09,$acc05,7
-       srwi    $acc10,$acc06,7
-       srwi    $acc11,$acc07,7
        andc    $acc12,$acc00,$mask80   # r2&0x7f7f7f7f
+       srwi    $acc09,$acc05,7
        andc    $acc13,$acc01,$mask80
+       srwi    $acc10,$acc06,7
        andc    $acc14,$acc02,$mask80
+       srwi    $acc11,$acc07,7
        andc    $acc15,$acc03,$mask80
        sub     $acc04,$acc04,$acc08    # r1-(r1>>7)
        sub     $acc05,$acc05,$acc09
@@ -1085,13 +1259,13 @@ $code.=<<___ if ($SIZE_T==4);
 
        and     $acc08,$acc04,$mask80   # r1=r4&0x80808080
        and     $acc09,$acc05,$mask80
-       and     $acc10,$acc06,$mask80
-       and     $acc11,$acc07,$mask80
        srwi    $acc12,$acc08,7         # r1>>7
+       and     $acc10,$acc06,$mask80
        srwi    $acc13,$acc09,7
+       and     $acc11,$acc07,$mask80
        srwi    $acc14,$acc10,7
-       srwi    $acc15,$acc11,7
        sub     $acc08,$acc08,$acc12    # r1-(r1>>7)
+       srwi    $acc15,$acc11,7
        sub     $acc09,$acc09,$acc13
        sub     $acc10,$acc10,$acc14
        sub     $acc11,$acc11,$acc15
@@ -1124,10 +1298,10 @@ ___
 $code.=<<___;
        rotrwi  $s0,$s0,8               # = ROTATE(r0,8)
        rotrwi  $s1,$s1,8
-       rotrwi  $s2,$s2,8
-       rotrwi  $s3,$s3,8
        xor     $s0,$s0,$acc00          # ^= r2^r0
+       rotrwi  $s2,$s2,8
        xor     $s1,$s1,$acc01
+       rotrwi  $s3,$s3,8
        xor     $s2,$s2,$acc02
        xor     $s3,$s3,$acc03
        xor     $acc00,$acc00,$acc08
@@ -1135,32 +1309,32 @@ $code.=<<___;
        xor     $acc02,$acc02,$acc10
        xor     $acc03,$acc03,$acc11
        xor     $s0,$s0,$acc04          # ^= r4^r0
-       xor     $s1,$s1,$acc05
-       xor     $s2,$s2,$acc06
-       xor     $s3,$s3,$acc07
        rotrwi  $acc00,$acc00,24
+       xor     $s1,$s1,$acc05
        rotrwi  $acc01,$acc01,24
+       xor     $s2,$s2,$acc06
        rotrwi  $acc02,$acc02,24
+       xor     $s3,$s3,$acc07
        rotrwi  $acc03,$acc03,24
        xor     $acc04,$acc04,$acc08
        xor     $acc05,$acc05,$acc09
        xor     $acc06,$acc06,$acc10
        xor     $acc07,$acc07,$acc11
        xor     $s0,$s0,$acc08          # ^= r8 [^((r4^r0)^(r2^r0)=r4^r2)]
-       xor     $s1,$s1,$acc09
-       xor     $s2,$s2,$acc10
-       xor     $s3,$s3,$acc11
        rotrwi  $acc04,$acc04,16
+       xor     $s1,$s1,$acc09
        rotrwi  $acc05,$acc05,16
+       xor     $s2,$s2,$acc10
        rotrwi  $acc06,$acc06,16
+       xor     $s3,$s3,$acc11
        rotrwi  $acc07,$acc07,16
        xor     $s0,$s0,$acc00          # ^= ROTATE(r8^r2^r0,24)
-       xor     $s1,$s1,$acc01
-       xor     $s2,$s2,$acc02
-       xor     $s3,$s3,$acc03
        rotrwi  $acc08,$acc08,8
+       xor     $s1,$s1,$acc01
        rotrwi  $acc09,$acc09,8
+       xor     $s2,$s2,$acc02
        rotrwi  $acc10,$acc10,8
+       xor     $s3,$s3,$acc03
        rotrwi  $acc11,$acc11,8
        xor     $s0,$s0,$acc04          # ^= ROTATE(r8^r4^r0,16)
        xor     $s1,$s1,$acc05
@@ -1179,7 +1353,9 @@ Ldec_compact_done:
        xor     $s2,$s2,$t2
        xor     $s3,$s3,$t3
        blr
-.long  0
+       .long   0
+       .byte   0,12,0x14,0,0,0,0,0
+
 .asciz "AES for PPC, CRYPTOGAMS by <appro\@openssl.org>"
 .align 7
 ___

diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-s390x.pl b/deps/openssl/openssl/crypto/aes/asm/aes-s390x.pl
index 7e01889..e75dcd0 100644 (file)
--- a/deps/openssl/openssl/crypto/aes/asm/aes-s390x.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aes-s390x.pl
@@ -44,12 +44,57 @@
 # Unlike previous version hardware support detection takes place only
 # at the moment of key schedule setup, which is denoted in key->rounds.
 # This is done, because deferred key setup can't be made MT-safe, not
-# for key lengthes longer than 128 bits.
+# for keys longer than 128 bits.
 #
 # Add AES_cbc_encrypt, which gives incredible performance improvement,
 # it was measured to be ~6.6x. It's less than previously mentioned 8x,
 # because software implementation was optimized.
 
+# May 2010.
+#
+# Add AES_ctr32_encrypt. If hardware-assisted, it provides up to 4.3x
+# performance improvement over "generic" counter mode routine relying
+# on single-block, also hardware-assisted, AES_encrypt. "Up to" refers
+# to the fact that exact throughput value depends on current stack
+# frame alignment within 4KB page. In worst case you get ~75% of the
+# maximum, but *on average* it would be as much as ~98%. Meaning that
+# worst case is unlike, it's like hitting ravine on plateau.
+
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific. On z990 it was measured to perform
+# 2x better than code generated by gcc 4.3.
+
+# December 2010.
+#
+# Add support for z196 "cipher message with counter" instruction.
+# Note however that it's disengaged, because it was measured to
+# perform ~12% worse than vanilla km-based code...
+
+# February 2011.
+#
+# Add AES_xts_[en|de]crypt. This includes support for z196 km-xts-aes
+# instructions, which deliver ~70% improvement at 8KB block size over
+# vanilla km-based code, 37% - at most like 512-bytes block size.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+       $SIZE_T=4;
+       $g="";
+} else {
+       $SIZE_T=8;
+       $g="g";
+}
+
+while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
 $softonly=0;   # allow hardware support
 
 $t0="%r0";     $mask="%r0";
@@ -69,6 +114,8 @@ $rounds="%r13";
 $ra="%r14";
 $sp="%r15";
 
+$stdframe=16*$SIZE_T+4*8;
+
 sub _data_word()
 { my $i;
     while(defined($i=shift)) { $code.=sprintf".long\t0x%08x,0x%08x\n",$i,$i; }
@@ -210,7 +257,7 @@ $code.=<<___ if (!$softonly);
 .Lesoft:
 ___
 $code.=<<___;
-       stmg    %r3,$ra,24($sp)
+       stm${g} %r3,$ra,3*$SIZE_T($sp)
 
        llgf    $s0,0($inp)
        llgf    $s1,4($inp)
@@ -220,20 +267,20 @@ $code.=<<___;
        larl    $tbl,AES_Te
        bras    $ra,_s390x_AES_encrypt
 
-       lg      $out,24($sp)
+       l${g}   $out,3*$SIZE_T($sp)
        st      $s0,0($out)
        st      $s1,4($out)
        st      $s2,8($out)
        st      $s3,12($out)
 
-       lmg     %r6,$ra,48($sp)
+       lm${g}  %r6,$ra,6*$SIZE_T($sp)
        br      $ra
 .size  AES_encrypt,.-AES_encrypt
 
 .type   _s390x_AES_encrypt,\@function
 .align 16
 _s390x_AES_encrypt:
-       stg     $ra,152($sp)
+       st${g}  $ra,15*$SIZE_T($sp)
        x       $s0,0($key)
        x       $s1,4($key)
        x       $s2,8($key)
@@ -397,7 +444,7 @@ _s390x_AES_encrypt:
        or      $s2,$i3
        or      $s3,$t3
 
-       lg      $ra,152($sp)
+       l${g}   $ra,15*$SIZE_T($sp)
        xr      $s0,$t0
        xr      $s1,$t2
        x       $s2,24($key)
@@ -536,7 +583,7 @@ $code.=<<___ if (!$softonly);
 .Ldsoft:
 ___
 $code.=<<___;
-       stmg    %r3,$ra,24($sp)
+       stm${g} %r3,$ra,3*$SIZE_T($sp)
 
        llgf    $s0,0($inp)
        llgf    $s1,4($inp)
@@ -546,20 +593,20 @@ $code.=<<___;
        larl    $tbl,AES_Td
        bras    $ra,_s390x_AES_decrypt
 
-       lg      $out,24($sp)
+       l${g}   $out,3*$SIZE_T($sp)
        st      $s0,0($out)
        st      $s1,4($out)
        st      $s2,8($out)
        st      $s3,12($out)
 
-       lmg     %r6,$ra,48($sp)
+       lm${g}  %r6,$ra,6*$SIZE_T($sp)
        br      $ra
 .size  AES_decrypt,.-AES_decrypt
 
 .type   _s390x_AES_decrypt,\@function
 .align 16
 _s390x_AES_decrypt:
-       stg     $ra,152($sp)
+       st${g}  $ra,15*$SIZE_T($sp)
        x       $s0,0($key)
        x       $s1,4($key)
        x       $s2,8($key)
@@ -703,7 +750,7 @@ _s390x_AES_decrypt:
        nr      $i1,$mask
        nr      $i2,$mask
 
-       lg      $ra,152($sp)
+       l${g}   $ra,15*$SIZE_T($sp)
        or      $s1,$t1
        l       $t0,16($key)
        l       $t1,20($key)
@@ -732,14 +779,15 @@ ___
 $code.=<<___;
 # void AES_set_encrypt_key(const unsigned char *in, int bits,
 #               AES_KEY *key) {
-.globl AES_set_encrypt_key
-.type  AES_set_encrypt_key,\@function
+.globl private_AES_set_encrypt_key
+.type  private_AES_set_encrypt_key,\@function
 .align 16
-AES_set_encrypt_key:
+private_AES_set_encrypt_key:
+_s390x_AES_set_encrypt_key:
        lghi    $t0,0
-       clgr    $inp,$t0
+       cl${g}r $inp,$t0
        je      .Lminus1
-       clgr    $key,$t0
+       cl${g}r $key,$t0
        je      .Lminus1
 
        lghi    $t0,128
@@ -789,7 +837,8 @@ $code.=<<___ if (!$softonly);
        je      1f
        lg      %r1,24($inp)
        stg     %r1,24($key)
-1:     st      $bits,236($key) # save bits
+1:     st      $bits,236($key) # save bits [for debugging purposes]
+       lgr     $t0,%r5
        st      %r5,240($key)   # save km code
        lghi    %r2,0
        br      %r14
@@ -797,7 +846,7 @@ ___
 $code.=<<___;
 .align 16
 .Lekey_internal:
-       stmg    %r6,%r13,48($sp)        # all non-volatile regs
+       stm${g} %r4,%r13,4*$SIZE_T($sp) # all non-volatile regs and $key
 
        larl    $tbl,AES_Te+2048
 
@@ -857,8 +906,9 @@ $code.=<<___;
        la      $key,16($key)           # key+=4
        la      $t3,4($t3)              # i++
        brct    $rounds,.L128_loop
+       lghi    $t0,10
        lghi    %r2,0
-       lmg     %r6,%r13,48($sp)
+       lm${g}  %r4,%r13,4*$SIZE_T($sp)
        br      $ra
 
 .align 16
@@ -905,8 +955,9 @@ $code.=<<___;
        st      $s2,32($key)
        st      $s3,36($key)
        brct    $rounds,.L192_continue
+       lghi    $t0,12
        lghi    %r2,0
-       lmg     %r6,%r13,48($sp)
+       lm${g}  %r4,%r13,4*$SIZE_T($sp)
        br      $ra
 
 .align 16
@@ -967,8 +1018,9 @@ $code.=<<___;
        st      $s2,40($key)
        st      $s3,44($key)
        brct    $rounds,.L256_continue
+       lghi    $t0,14
        lghi    %r2,0
-       lmg     %r6,%r13,48($sp)
+       lm${g}  %r4,%r13,4*$SIZE_T($sp)
        br      $ra
 
 .align 16
@@ -1011,42 +1063,34 @@ $code.=<<___;
 .Lminus1:
        lghi    %r2,-1
        br      $ra
-.size  AES_set_encrypt_key,.-AES_set_encrypt_key
+.size  private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
 
 # void AES_set_decrypt_key(const unsigned char *in, int bits,
 #               AES_KEY *key) {
-.globl AES_set_decrypt_key
-.type  AES_set_decrypt_key,\@function
+.globl private_AES_set_decrypt_key
+.type  private_AES_set_decrypt_key,\@function
 .align 16
-AES_set_decrypt_key:
-       stg     $key,32($sp)            # I rely on AES_set_encrypt_key to
-       stg     $ra,112($sp)            # save non-volatile registers!
-       bras    $ra,AES_set_encrypt_key
-       lg      $key,32($sp)
-       lg      $ra,112($sp)
+private_AES_set_decrypt_key:
+       #st${g} $key,4*$SIZE_T($sp)     # I rely on AES_set_encrypt_key to
+       st${g}  $ra,14*$SIZE_T($sp)     # save non-volatile registers and $key!
+       bras    $ra,_s390x_AES_set_encrypt_key
+       #l${g}  $key,4*$SIZE_T($sp)
+       l${g}   $ra,14*$SIZE_T($sp)
        ltgr    %r2,%r2
        bnzr    $ra
 ___
 $code.=<<___ if (!$softonly);
-       l       $t0,240($key)
+       #l      $t0,240($key)
        lhi     $t1,16
        cr      $t0,$t1
        jl      .Lgo
        oill    $t0,0x80        # set "decrypt" bit
        st      $t0,240($key)
        br      $ra
-
-.align 16
-.Ldkey_internal:
-       stg     $key,32($sp)
-       stg     $ra,40($sp)
-       bras    $ra,.Lekey_internal
-       lg      $key,32($sp)
-       lg      $ra,40($sp)
 ___
 $code.=<<___;
-
-.Lgo:  llgf    $rounds,240($key)
+.align 16
+.Lgo:  lgr     $rounds,$t0     #llgf   $rounds,240($key)
        la      $i1,0($key)
        sllg    $i2,$rounds,4
        la      $i2,0($i2,$key)
@@ -1123,13 +1167,14 @@ $code.=<<___;
        la      $key,4($key)
        brct    $rounds,.Lmix
 
-       lmg     %r6,%r13,48($sp)# as was saved by AES_set_encrypt_key!
+       lm${g}  %r6,%r13,6*$SIZE_T($sp)# as was saved by AES_set_encrypt_key!
        lghi    %r2,0
        br      $ra
-.size  AES_set_decrypt_key,.-AES_set_decrypt_key
+.size  private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
 ___
 
-#void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+########################################################################
+# void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 #                     size_t length, const AES_KEY *key,
 #                     unsigned char *ivec, const int enc)
 {
@@ -1163,7 +1208,7 @@ $code.=<<___ if (!$softonly);
        l       %r0,240($key)   # load kmc code
        lghi    $key,15         # res=len%16, len-=res;
        ngr     $key,$len
-       slgr    $len,$key
+       sl${g}r $len,$key
        la      %r1,16($sp)     # parameter block - ivec || key
        jz      .Lkmc_truncated
        .long   0xb92f0042      # kmc %r4,%r2
@@ -1181,34 +1226,34 @@ $code.=<<___ if (!$softonly);
        tmll    %r0,0x80
        jnz     .Lkmc_truncated_dec
        lghi    %r1,0
-       stg     %r1,128($sp)
-       stg     %r1,136($sp)
+       stg     %r1,16*$SIZE_T($sp)
+       stg     %r1,16*$SIZE_T+8($sp)
        bras    %r1,1f
-       mvc     128(1,$sp),0($inp)
+       mvc     16*$SIZE_T(1,$sp),0($inp)
 1:     ex      $key,0(%r1)
        la      %r1,16($sp)     # restore parameter block
-       la      $inp,128($sp)
+       la      $inp,16*$SIZE_T($sp)
        lghi    $len,16
        .long   0xb92f0042      # kmc %r4,%r2
        j       .Lkmc_done
 .align 16
 .Lkmc_truncated_dec:
-       stg     $out,64($sp)
-       la      $out,128($sp)
+       st${g}  $out,4*$SIZE_T($sp)
+       la      $out,16*$SIZE_T($sp)
        lghi    $len,16
        .long   0xb92f0042      # kmc %r4,%r2
-       lg      $out,64($sp)
+       l${g}   $out,4*$SIZE_T($sp)
        bras    %r1,2f
-       mvc     0(1,$out),128($sp)
+       mvc     0(1,$out),16*$SIZE_T($sp)
 2:     ex      $key,0(%r1)
        j       .Lkmc_done
 .align 16
 .Lcbc_software:
 ___
 $code.=<<___;
-       stmg    $key,$ra,40($sp)
+       stm${g} $key,$ra,5*$SIZE_T($sp)
        lhi     %r0,0
-       cl      %r0,164($sp)
+       cl      %r0,`$stdframe+$SIZE_T-4`($sp)
        je      .Lcbc_decrypt
 
        larl    $tbl,AES_Te
@@ -1219,10 +1264,10 @@ $code.=<<___;
        llgf    $s3,12($ivp)
 
        lghi    $t0,16
-       slgr    $len,$t0
+       sl${g}r $len,$t0
        brc     4,.Lcbc_enc_tail        # if borrow
 .Lcbc_enc_loop:
-       stmg    $inp,$out,16($sp)
+       stm${g} $inp,$out,2*$SIZE_T($sp)
        x       $s0,0($inp)
        x       $s1,4($inp)
        x       $s2,8($inp)
@@ -1231,7 +1276,7 @@ $code.=<<___;
 
        bras    $ra,_s390x_AES_encrypt
 
-       lmg     $inp,$key,16($sp)
+       lm${g}  $inp,$key,2*$SIZE_T($sp)
        st      $s0,0($out)
        st      $s1,4($out)
        st      $s2,8($out)
@@ -1240,33 +1285,33 @@ $code.=<<___;
        la      $inp,16($inp)
        la      $out,16($out)
        lghi    $t0,16
-       ltgr    $len,$len
+       lt${g}r $len,$len
        jz      .Lcbc_enc_done
-       slgr    $len,$t0
+       sl${g}r $len,$t0
        brc     4,.Lcbc_enc_tail        # if borrow
        j       .Lcbc_enc_loop
 .align 16
 .Lcbc_enc_done:
-       lg      $ivp,48($sp)
+       l${g}   $ivp,6*$SIZE_T($sp)
        st      $s0,0($ivp)
        st      $s1,4($ivp)     
        st      $s2,8($ivp)
        st      $s3,12($ivp)
 
-       lmg     %r7,$ra,56($sp)
+       lm${g}  %r7,$ra,7*$SIZE_T($sp)
        br      $ra
 
 .align 16
 .Lcbc_enc_tail:
        aghi    $len,15
        lghi    $t0,0
-       stg     $t0,128($sp)
-       stg     $t0,136($sp)
+       stg     $t0,16*$SIZE_T($sp)
+       stg     $t0,16*$SIZE_T+8($sp)
        bras    $t1,3f
-       mvc     128(1,$sp),0($inp)
+       mvc     16*$SIZE_T(1,$sp),0($inp)
 3:     ex      $len,0($t1)
        lghi    $len,0
-       la      $inp,128($sp)
+       la      $inp,16*$SIZE_T($sp)
        j       .Lcbc_enc_loop
 
 .align 16
@@ -1275,10 +1320,10 @@ $code.=<<___;
 
        lg      $t0,0($ivp)
        lg      $t1,8($ivp)
-       stmg    $t0,$t1,128($sp)
+       stmg    $t0,$t1,16*$SIZE_T($sp)
 
 .Lcbc_dec_loop:
-       stmg    $inp,$out,16($sp)
+       stm${g} $inp,$out,2*$SIZE_T($sp)
        llgf    $s0,0($inp)
        llgf    $s1,4($inp)
        llgf    $s2,8($inp)
@@ -1287,7 +1332,7 @@ $code.=<<___;
 
        bras    $ra,_s390x_AES_decrypt
 
-       lmg     $inp,$key,16($sp)
+       lm${g}  $inp,$key,2*$SIZE_T($sp)
        sllg    $s0,$s0,32
        sllg    $s2,$s2,32
        lr      $s0,$s1
@@ -1295,15 +1340,15 @@ $code.=<<___;
 
        lg      $t0,0($inp)
        lg      $t1,8($inp)
-       xg      $s0,128($sp)
-       xg      $s2,136($sp)
+       xg      $s0,16*$SIZE_T($sp)
+       xg      $s2,16*$SIZE_T+8($sp)
        lghi    $s1,16
-       slgr    $len,$s1
+       sl${g}r $len,$s1
        brc     4,.Lcbc_dec_tail        # if borrow
        brc     2,.Lcbc_dec_done        # if zero
        stg     $s0,0($out)
        stg     $s2,8($out)
-       stmg    $t0,$t1,128($sp)
+       stmg    $t0,$t1,16*$SIZE_T($sp)
 
        la      $inp,16($inp)
        la      $out,16($out)
@@ -1313,7 +1358,7 @@ $code.=<<___;
        stg     $s0,0($out)
        stg     $s2,8($out)
 .Lcbc_dec_exit:
-       lmg     $ivp,$ra,48($sp)
+       lm${g}  %r6,$ra,6*$SIZE_T($sp)
        stmg    $t0,$t1,0($ivp)
 
        br      $ra
@@ -1321,19 +1366,872 @@ $code.=<<___;
 .align 16
 .Lcbc_dec_tail:
        aghi    $len,15
-       stg     $s0,128($sp)
-       stg     $s2,136($sp)
+       stg     $s0,16*$SIZE_T($sp)
+       stg     $s2,16*$SIZE_T+8($sp)
        bras    $s1,4f
-       mvc     0(1,$out),128($sp)
+       mvc     0(1,$out),16*$SIZE_T($sp)
 4:     ex      $len,0($s1)
        j       .Lcbc_dec_exit
 .size  AES_cbc_encrypt,.-AES_cbc_encrypt
-.comm  OPENSSL_s390xcap_P,8,8
+___
+}
+########################################################################
+# void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+#                     size_t blocks, const AES_KEY *key,
+#                     const unsigned char *ivec)
+{
+my $inp="%r2";
+my $out="%r4"; # blocks and out are swapped
+my $len="%r3";
+my $key="%r5"; my $iv0="%r5";
+my $ivp="%r6";
+my $fp ="%r7";
+
+$code.=<<___;
+.globl AES_ctr32_encrypt
+.type  AES_ctr32_encrypt,\@function
+.align 16
+AES_ctr32_encrypt:
+       xgr     %r3,%r4         # flip %r3 and %r4, $out and $len
+       xgr     %r4,%r3
+       xgr     %r3,%r4
+       llgfr   $len,$len       # safe in ctr32 subroutine even in 64-bit case
+___
+$code.=<<___ if (!$softonly);
+       l       %r0,240($key)
+       lhi     %r1,16
+       clr     %r0,%r1
+       jl      .Lctr32_software
+
+       stm${g} %r6,$s3,6*$SIZE_T($sp)
+
+       slgr    $out,$inp
+       la      %r1,0($key)     # %r1 is permanent copy of $key
+       lg      $iv0,0($ivp)    # load ivec
+       lg      $ivp,8($ivp)
+
+       # prepare and allocate stack frame at the top of 4K page
+       # with 1K reserved for eventual signal handling
+       lghi    $s0,-1024-256-16# guarantee at least 256-bytes buffer
+       lghi    $s1,-4096
+       algr    $s0,$sp
+       lgr     $fp,$sp
+       ngr     $s0,$s1         # align at page boundary
+       slgr    $fp,$s0         # total buffer size
+       lgr     $s2,$sp
+       lghi    $s1,1024+16     # sl[g]fi is extended-immediate facility
+       slgr    $fp,$s1         # deduct reservation to get usable buffer size
+       # buffer size is at lest 256 and at most 3072+256-16
+
+       la      $sp,1024($s0)   # alloca
+       srlg    $fp,$fp,4       # convert bytes to blocks, minimum 16
+       st${g}  $s2,0($sp)      # back-chain
+       st${g}  $fp,$SIZE_T($sp)
+
+       slgr    $len,$fp
+       brc     1,.Lctr32_hw_switch     # not zero, no borrow
+       algr    $fp,$len        # input is shorter than allocated buffer
+       lghi    $len,0
+       st${g}  $fp,$SIZE_T($sp)
+
+.Lctr32_hw_switch:
+___
+$code.=<<___ if (0);   ######### kmctr code was measured to be ~12% slower
+       larl    $s0,OPENSSL_s390xcap_P
+       lg      $s0,8($s0)
+       tmhh    $s0,0x0004      # check for message_security-assist-4
+       jz      .Lctr32_km_loop
+
+       llgfr   $s0,%r0
+       lgr     $s1,%r1
+       lghi    %r0,0
+       la      %r1,16($sp)
+       .long   0xb92d2042      # kmctr %r4,%r2,%r2
+
+       llihh   %r0,0x8000      # check if kmctr supports the function code
+       srlg    %r0,%r0,0($s0)
+       ng      %r0,16($sp)
+       lgr     %r0,$s0
+       lgr     %r1,$s1
+       jz      .Lctr32_km_loop
+
+####### kmctr code
+       algr    $out,$inp       # restore $out
+       lgr     $s1,$len        # $s1 undertakes $len
+       j       .Lctr32_kmctr_loop
+.align 16
+.Lctr32_kmctr_loop:
+       la      $s2,16($sp)
+       lgr     $s3,$fp
+.Lctr32_kmctr_prepare:
+       stg     $iv0,0($s2)
+       stg     $ivp,8($s2)
+       la      $s2,16($s2)
+       ahi     $ivp,1          # 32-bit increment, preserves upper half
+       brct    $s3,.Lctr32_kmctr_prepare
+
+       #la     $inp,0($inp)    # inp
+       sllg    $len,$fp,4      # len
+       #la     $out,0($out)    # out
+       la      $s2,16($sp)     # iv
+       .long   0xb92da042      # kmctr $out,$s2,$inp
+       brc     1,.-4           # pay attention to "partial completion"
+
+       slgr    $s1,$fp
+       brc     1,.Lctr32_kmctr_loop    # not zero, no borrow
+       algr    $fp,$s1
+       lghi    $s1,0
+       brc     4+1,.Lctr32_kmctr_loop  # not zero
+
+       l${g}   $sp,0($sp)
+       lm${g}  %r6,$s3,6*$SIZE_T($sp)
+       br      $ra
+.align 16
+___
+$code.=<<___;
+.Lctr32_km_loop:
+       la      $s2,16($sp)
+       lgr     $s3,$fp
+.Lctr32_km_prepare:
+       stg     $iv0,0($s2)
+       stg     $ivp,8($s2)
+       la      $s2,16($s2)
+       ahi     $ivp,1          # 32-bit increment, preserves upper half
+       brct    $s3,.Lctr32_km_prepare
+
+       la      $s0,16($sp)     # inp
+       sllg    $s1,$fp,4       # len
+       la      $s2,16($sp)     # out
+       .long   0xb92e00a8      # km %r10,%r8
+       brc     1,.-4           # pay attention to "partial completion"
+
+       la      $s2,16($sp)
+       lgr     $s3,$fp
+       slgr    $s2,$inp
+.Lctr32_km_xor:
+       lg      $s0,0($inp)
+       lg      $s1,8($inp)
+       xg      $s0,0($s2,$inp)
+       xg      $s1,8($s2,$inp)
+       stg     $s0,0($out,$inp)
+       stg     $s1,8($out,$inp)
+       la      $inp,16($inp)
+       brct    $s3,.Lctr32_km_xor
+
+       slgr    $len,$fp
+       brc     1,.Lctr32_km_loop       # not zero, no borrow
+       algr    $fp,$len
+       lghi    $len,0
+       brc     4+1,.Lctr32_km_loop     # not zero
+
+       l${g}   $s0,0($sp)
+       l${g}   $s1,$SIZE_T($sp)
+       la      $s2,16($sp)
+.Lctr32_km_zap:
+       stg     $s0,0($s2)
+       stg     $s0,8($s2)
+       la      $s2,16($s2)
+       brct    $s1,.Lctr32_km_zap
+
+       la      $sp,0($s0)
+       lm${g}  %r6,$s3,6*$SIZE_T($sp)
+       br      $ra
+.align 16
+.Lctr32_software:
+___
+$code.=<<___;
+       stm${g} $key,$ra,5*$SIZE_T($sp)
+       sl${g}r $inp,$out
+       larl    $tbl,AES_Te
+       llgf    $t1,12($ivp)
+
+.Lctr32_loop:
+       stm${g} $inp,$out,2*$SIZE_T($sp)
+       llgf    $s0,0($ivp)
+       llgf    $s1,4($ivp)
+       llgf    $s2,8($ivp)
+       lgr     $s3,$t1
+       st      $t1,16*$SIZE_T($sp)
+       lgr     %r4,$key
+
+       bras    $ra,_s390x_AES_encrypt
+
+       lm${g}  $inp,$ivp,2*$SIZE_T($sp)
+       llgf    $t1,16*$SIZE_T($sp)
+       x       $s0,0($inp,$out)
+       x       $s1,4($inp,$out)
+       x       $s2,8($inp,$out)
+       x       $s3,12($inp,$out)
+       stm     $s0,$s3,0($out)
+
+       la      $out,16($out)
+       ahi     $t1,1           # 32-bit increment
+       brct    $len,.Lctr32_loop
+
+       lm${g}  %r6,$ra,6*$SIZE_T($sp)
+       br      $ra
+.size  AES_ctr32_encrypt,.-AES_ctr32_encrypt
+___
+}
+
+########################################################################
+# void AES_xts_encrypt(const char *inp,char *out,size_t len,
+#      const AES_KEY *key1, const AES_KEY *key2,
+#      const unsigned char iv[16]);
+#
+{
+my $inp="%r2";
+my $out="%r4"; # len and out are swapped
+my $len="%r3";
+my $key1="%r5";        # $i1
+my $key2="%r6";        # $i2
+my $fp="%r7";  # $i3
+my $tweak=16*$SIZE_T+16;       # or $stdframe-16, bottom of the frame...
+
+$code.=<<___;
+.type  _s390x_xts_km,\@function
+.align 16
+_s390x_xts_km:
+___
+$code.=<<___ if(1);
+       llgfr   $s0,%r0                 # put aside the function code
+       lghi    $s1,0x7f
+       nr      $s1,%r0
+       lghi    %r0,0                   # query capability vector
+       la      %r1,$tweak-16($sp)
+       .long   0xb92e0042              # km %r4,%r2
+       llihh   %r1,0x8000
+       srlg    %r1,%r1,32($s1)         # check for 32+function code
+       ng      %r1,$tweak-16($sp)
+       lgr     %r0,$s0                 # restore the function code
+       la      %r1,0($key1)            # restore $key1
+       jz      .Lxts_km_vanilla
+
+       lmg     $i2,$i3,$tweak($sp)     # put aside the tweak value
+       algr    $out,$inp
+
+       oill    %r0,32                  # switch to xts function code
+       aghi    $s1,-18                 #
+       sllg    $s1,$s1,3               # (function code - 18)*8, 0 or 16
+       la      %r1,$tweak-16($sp)
+       slgr    %r1,$s1                 # parameter block position
+       lmg     $s0,$s3,0($key1)        # load 256 bits of key material,
+       stmg    $s0,$s3,0(%r1)          # and copy it to parameter block.
+                                       # yes, it contains junk and overlaps
+                                       # with the tweak in 128-bit case.
+                                       # it's done to avoid conditional
+                                       # branch.
+       stmg    $i2,$i3,$tweak($sp)     # "re-seat" the tweak value
+
+       .long   0xb92e0042              # km %r4,%r2
+       brc     1,.-4                   # pay attention to "partial completion"
+
+       lrvg    $s0,$tweak+0($sp)       # load the last tweak
+       lrvg    $s1,$tweak+8($sp)
+       stmg    %r0,%r3,$tweak-32($sp)  # wipe copy of the key
+
+       nill    %r0,0xffdf              # switch back to original function code
+       la      %r1,0($key1)            # restore pointer to $key1
+       slgr    $out,$inp
+
+       llgc    $len,2*$SIZE_T-1($sp)
+       nill    $len,0x0f               # $len%=16
+       br      $ra
+       
+.align 16
+.Lxts_km_vanilla:
+___
+$code.=<<___;
+       # prepare and allocate stack frame at the top of 4K page
+       # with 1K reserved for eventual signal handling
+       lghi    $s0,-1024-256-16# guarantee at least 256-bytes buffer
+       lghi    $s1,-4096
+       algr    $s0,$sp
+       lgr     $fp,$sp
+       ngr     $s0,$s1         # align at page boundary
+       slgr    $fp,$s0         # total buffer size
+       lgr     $s2,$sp
+       lghi    $s1,1024+16     # sl[g]fi is extended-immediate facility
+       slgr    $fp,$s1         # deduct reservation to get usable buffer size
+       # buffer size is at lest 256 and at most 3072+256-16
+
+       la      $sp,1024($s0)   # alloca
+       nill    $fp,0xfff0      # round to 16*n
+       st${g}  $s2,0($sp)      # back-chain
+       nill    $len,0xfff0     # redundant
+       st${g}  $fp,$SIZE_T($sp)
+
+       slgr    $len,$fp
+       brc     1,.Lxts_km_go   # not zero, no borrow
+       algr    $fp,$len        # input is shorter than allocated buffer
+       lghi    $len,0
+       st${g}  $fp,$SIZE_T($sp)
+
+.Lxts_km_go:
+       lrvg    $s0,$tweak+0($s2)       # load the tweak value in little-endian
+       lrvg    $s1,$tweak+8($s2)
+
+       la      $s2,16($sp)             # vector of ascending tweak values
+       slgr    $s2,$inp
+       srlg    $s3,$fp,4
+       j       .Lxts_km_start
+
+.Lxts_km_loop:
+       la      $s2,16($sp)
+       slgr    $s2,$inp
+       srlg    $s3,$fp,4
+.Lxts_km_prepare:
+       lghi    $i1,0x87
+       srag    $i2,$s1,63              # broadcast upper bit
+       ngr     $i1,$i2                 # rem
+       algr    $s0,$s0
+       alcgr   $s1,$s1
+       xgr     $s0,$i1
+.Lxts_km_start:
+       lrvgr   $i1,$s0                 # flip byte order
+       lrvgr   $i2,$s1
+       stg     $i1,0($s2,$inp)
+       stg     $i2,8($s2,$inp)
+       xg      $i1,0($inp)
+       xg      $i2,8($inp)
+       stg     $i1,0($out,$inp)
+       stg     $i2,8($out,$inp)
+       la      $inp,16($inp)
+       brct    $s3,.Lxts_km_prepare
+
+       slgr    $inp,$fp                # rewind $inp
+       la      $s2,0($out,$inp)
+       lgr     $s3,$fp
+       .long   0xb92e00aa              # km $s2,$s2
+       brc     1,.-4                   # pay attention to "partial completion"
+
+       la      $s2,16($sp)
+       slgr    $s2,$inp
+       srlg    $s3,$fp,4
+.Lxts_km_xor:
+       lg      $i1,0($out,$inp)
+       lg      $i2,8($out,$inp)
+       xg      $i1,0($s2,$inp)
+       xg      $i2,8($s2,$inp)
+       stg     $i1,0($out,$inp)
+       stg     $i2,8($out,$inp)
+       la      $inp,16($inp)
+       brct    $s3,.Lxts_km_xor
+
+       slgr    $len,$fp
+       brc     1,.Lxts_km_loop         # not zero, no borrow
+       algr    $fp,$len
+       lghi    $len,0
+       brc     4+1,.Lxts_km_loop       # not zero
+
+       l${g}   $i1,0($sp)              # back-chain
+       llgf    $fp,`2*$SIZE_T-4`($sp)  # bytes used
+       la      $i2,16($sp)
+       srlg    $fp,$fp,4
+.Lxts_km_zap:
+       stg     $i1,0($i2)
+       stg     $i1,8($i2)
+       la      $i2,16($i2)
+       brct    $fp,.Lxts_km_zap
+
+       la      $sp,0($i1)
+       llgc    $len,2*$SIZE_T-1($i1)
+       nill    $len,0x0f               # $len%=16
+       bzr     $ra
+
+       # generate one more tweak...
+       lghi    $i1,0x87
+       srag    $i2,$s1,63              # broadcast upper bit
+       ngr     $i1,$i2                 # rem
+       algr    $s0,$s0
+       alcgr   $s1,$s1
+       xgr     $s0,$i1
+
+       ltr     $len,$len               # clear zero flag
+       br      $ra
+.size  _s390x_xts_km,.-_s390x_xts_km
+
+.globl AES_xts_encrypt
+.type  AES_xts_encrypt,\@function
+.align 16
+AES_xts_encrypt:
+       xgr     %r3,%r4                 # flip %r3 and %r4, $out and $len
+       xgr     %r4,%r3
+       xgr     %r3,%r4
+___
+$code.=<<___ if ($SIZE_T==4);
+       llgfr   $len,$len
+___
+$code.=<<___;
+       st${g}  $len,1*$SIZE_T($sp)     # save copy of $len
+       srag    $len,$len,4             # formally wrong, because it expands
+                                       # sign byte, but who can afford asking
+                                       # to process more than 2^63-1 bytes?
+                                       # I use it, because it sets condition
+                                       # code...
+       bcr     8,$ra                   # abort if zero (i.e. less than 16)
+___
+$code.=<<___ if (!$softonly);
+       llgf    %r0,240($key2)
+       lhi     %r1,16
+       clr     %r0,%r1
+       jl      .Lxts_enc_software
+
+       st${g}  $ra,5*$SIZE_T($sp)
+       stm${g} %r6,$s3,6*$SIZE_T($sp)
+
+       sllg    $len,$len,4             # $len&=~15
+       slgr    $out,$inp
+
+       # generate the tweak value
+       l${g}   $s3,$stdframe($sp)      # pointer to iv
+       la      $s2,$tweak($sp)
+       lmg     $s0,$s1,0($s3)
+       lghi    $s3,16
+       stmg    $s0,$s1,0($s2)
+       la      %r1,0($key2)            # $key2 is not needed anymore
+       .long   0xb92e00aa              # km $s2,$s2, generate the tweak
+       brc     1,.-4                   # can this happen?
+
+       l       %r0,240($key1)
+       la      %r1,0($key1)            # $key1 is not needed anymore
+       bras    $ra,_s390x_xts_km
+       jz      .Lxts_enc_km_done
+
+       aghi    $inp,-16                # take one step back
+       la      $i3,0($out,$inp)        # put aside real $out
+.Lxts_enc_km_steal:
+       llgc    $i1,16($inp)
+       llgc    $i2,0($out,$inp)
+       stc     $i1,0($out,$inp)
+       stc     $i2,16($out,$inp)
+       la      $inp,1($inp)
+       brct    $len,.Lxts_enc_km_steal
+
+       la      $s2,0($i3)
+       lghi    $s3,16
+       lrvgr   $i1,$s0                 # flip byte order
+       lrvgr   $i2,$s1
+       xg      $i1,0($s2)
+       xg      $i2,8($s2)
+       stg     $i1,0($s2)
+       stg     $i2,8($s2)
+       .long   0xb92e00aa              # km $s2,$s2
+       brc     1,.-4                   # can this happen?
+       lrvgr   $i1,$s0                 # flip byte order
+       lrvgr   $i2,$s1
+       xg      $i1,0($i3)
+       xg      $i2,8($i3)
+       stg     $i1,0($i3)
+       stg     $i2,8($i3)
+
+.Lxts_enc_km_done:
+       stg     $sp,$tweak+0($sp)       # wipe tweak
+       stg     $sp,$tweak+8($sp)
+       l${g}   $ra,5*$SIZE_T($sp)
+       lm${g}  %r6,$s3,6*$SIZE_T($sp)
+       br      $ra
+.align 16
+.Lxts_enc_software:
+___
+$code.=<<___;
+       stm${g} %r6,$ra,6*$SIZE_T($sp)
+
+       slgr    $out,$inp
+
+       l${g}   $s3,$stdframe($sp)      # ivp
+       llgf    $s0,0($s3)              # load iv
+       llgf    $s1,4($s3)
+       llgf    $s2,8($s3)
+       llgf    $s3,12($s3)
+       stm${g} %r2,%r5,2*$SIZE_T($sp)
+       la      $key,0($key2)
+       larl    $tbl,AES_Te
+       bras    $ra,_s390x_AES_encrypt  # generate the tweak
+       lm${g}  %r2,%r5,2*$SIZE_T($sp)
+       stm     $s0,$s3,$tweak($sp)     # save the tweak
+       j       .Lxts_enc_enter
+
+.align 16
+.Lxts_enc_loop:
+       lrvg    $s1,$tweak+0($sp)       # load the tweak in little-endian
+       lrvg    $s3,$tweak+8($sp)
+       lghi    %r1,0x87
+       srag    %r0,$s3,63              # broadcast upper bit
+       ngr     %r1,%r0                 # rem
+       algr    $s1,$s1
+       alcgr   $s3,$s3
+       xgr     $s1,%r1
+       lrvgr   $s1,$s1                 # flip byte order
+       lrvgr   $s3,$s3
+       srlg    $s0,$s1,32              # smash the tweak to 4x32-bits 
+       stg     $s1,$tweak+0($sp)       # save the tweak
+       llgfr   $s1,$s1
+       srlg    $s2,$s3,32
+       stg     $s3,$tweak+8($sp)
+       llgfr   $s3,$s3
+       la      $inp,16($inp)           # $inp+=16
+.Lxts_enc_enter:
+       x       $s0,0($inp)             # ^=*($inp)
+       x       $s1,4($inp)
+       x       $s2,8($inp)
+       x       $s3,12($inp)
+       stm${g} %r2,%r3,2*$SIZE_T($sp)  # only two registers are changing
+       la      $key,0($key1)
+       bras    $ra,_s390x_AES_encrypt
+       lm${g}  %r2,%r5,2*$SIZE_T($sp)
+       x       $s0,$tweak+0($sp)       # ^=tweak
+       x       $s1,$tweak+4($sp)
+       x       $s2,$tweak+8($sp)
+       x       $s3,$tweak+12($sp)
+       st      $s0,0($out,$inp)
+       st      $s1,4($out,$inp)
+       st      $s2,8($out,$inp)
+       st      $s3,12($out,$inp)
+       brct${g}        $len,.Lxts_enc_loop
+
+       llgc    $len,`2*$SIZE_T-1`($sp)
+       nill    $len,0x0f               # $len%16
+       jz      .Lxts_enc_done
+
+       la      $i3,0($inp,$out)        # put aside real $out
+.Lxts_enc_steal:
+       llgc    %r0,16($inp)
+       llgc    %r1,0($out,$inp)
+       stc     %r0,0($out,$inp)
+       stc     %r1,16($out,$inp)
+       la      $inp,1($inp)
+       brct    $len,.Lxts_enc_steal
+       la      $out,0($i3)             # restore real $out
+
+       # generate last tweak...
+       lrvg    $s1,$tweak+0($sp)       # load the tweak in little-endian
+       lrvg    $s3,$tweak+8($sp)
+       lghi    %r1,0x87
+       srag    %r0,$s3,63              # broadcast upper bit
+       ngr     %r1,%r0                 # rem
+       algr    $s1,$s1
+       alcgr   $s3,$s3
+       xgr     $s1,%r1
+       lrvgr   $s1,$s1                 # flip byte order
+       lrvgr   $s3,$s3
+       srlg    $s0,$s1,32              # smash the tweak to 4x32-bits 
+       stg     $s1,$tweak+0($sp)       # save the tweak
+       llgfr   $s1,$s1
+       srlg    $s2,$s3,32
+       stg     $s3,$tweak+8($sp)
+       llgfr   $s3,$s3
+
+       x       $s0,0($out)             # ^=*(inp)|stolen cipther-text
+       x       $s1,4($out)
+       x       $s2,8($out)
+       x       $s3,12($out)
+       st${g}  $out,4*$SIZE_T($sp)
+       la      $key,0($key1)
+       bras    $ra,_s390x_AES_encrypt
+       l${g}   $out,4*$SIZE_T($sp)
+       x       $s0,`$tweak+0`($sp)     # ^=tweak
+       x       $s1,`$tweak+4`($sp)
+       x       $s2,`$tweak+8`($sp)
+       x       $s3,`$tweak+12`($sp)
+       st      $s0,0($out)
+       st      $s1,4($out)
+       st      $s2,8($out)
+       st      $s3,12($out)
+
+.Lxts_enc_done:
+       stg     $sp,$tweak+0($sp)       # wipe tweak
+       stg     $sp,$twesk+8($sp)
+       lm${g}  %r6,$ra,6*$SIZE_T($sp)
+       br      $ra
+.size  AES_xts_encrypt,.-AES_xts_encrypt
+___
+# void AES_xts_decrypt(const char *inp,char *out,size_t len,
+#      const AES_KEY *key1, const AES_KEY *key2,
+#      const unsigned char iv[16]);
+#
+$code.=<<___;
+.globl AES_xts_decrypt
+.type  AES_xts_decrypt,\@function
+.align 16
+AES_xts_decrypt:
+       xgr     %r3,%r4                 # flip %r3 and %r4, $out and $len
+       xgr     %r4,%r3
+       xgr     %r3,%r4
+___
+$code.=<<___ if ($SIZE_T==4);
+       llgfr   $len,$len
+___
+$code.=<<___;
+       st${g}  $len,1*$SIZE_T($sp)     # save copy of $len
+       aghi    $len,-16
+       bcr     4,$ra                   # abort if less than zero. formally
+                                       # wrong, because $len is unsigned,
+                                       # but who can afford asking to
+                                       # process more than 2^63-1 bytes?
+       tmll    $len,0x0f
+       jnz     .Lxts_dec_proceed
+       aghi    $len,16
+.Lxts_dec_proceed:
+___
+$code.=<<___ if (!$softonly);
+       llgf    %r0,240($key2)
+       lhi     %r1,16
+       clr     %r0,%r1
+       jl      .Lxts_dec_software
+
+       st${g}  $ra,5*$SIZE_T($sp)
+       stm${g} %r6,$s3,6*$SIZE_T($sp)
+
+       nill    $len,0xfff0             # $len&=~15
+       slgr    $out,$inp
+
+       # generate the tweak value
+       l${g}   $s3,$stdframe($sp)      # pointer to iv
+       la      $s2,$tweak($sp)
+       lmg     $s0,$s1,0($s3)
+       lghi    $s3,16
+       stmg    $s0,$s1,0($s2)
+       la      %r1,0($key2)            # $key2 is not needed past this point
+       .long   0xb92e00aa              # km $s2,$s2, generate the tweak
+       brc     1,.-4                   # can this happen?
+
+       l       %r0,240($key1)
+       la      %r1,0($key1)            # $key1 is not needed anymore
+
+       ltgr    $len,$len
+       jz      .Lxts_dec_km_short
+       bras    $ra,_s390x_xts_km
+       jz      .Lxts_dec_km_done
+
+       lrvgr   $s2,$s0                 # make copy in reverse byte order
+       lrvgr   $s3,$s1
+       j       .Lxts_dec_km_2ndtweak
+
+.Lxts_dec_km_short:
+       llgc    $len,`2*$SIZE_T-1`($sp)
+       nill    $len,0x0f               # $len%=16
+       lrvg    $s0,$tweak+0($sp)       # load the tweak
+       lrvg    $s1,$tweak+8($sp)
+       lrvgr   $s2,$s0                 # make copy in reverse byte order
+       lrvgr   $s3,$s1
+
+.Lxts_dec_km_2ndtweak:
+       lghi    $i1,0x87
+       srag    $i2,$s1,63              # broadcast upper bit
+       ngr     $i1,$i2                 # rem
+       algr    $s0,$s0
+       alcgr   $s1,$s1
+       xgr     $s0,$i1
+       lrvgr   $i1,$s0                 # flip byte order
+       lrvgr   $i2,$s1
+
+       xg      $i1,0($inp)
+       xg      $i2,8($inp)
+       stg     $i1,0($out,$inp)
+       stg     $i2,8($out,$inp)
+       la      $i2,0($out,$inp)
+       lghi    $i3,16
+       .long   0xb92e0066              # km $i2,$i2
+       brc     1,.-4                   # can this happen?
+       lrvgr   $i1,$s0
+       lrvgr   $i2,$s1
+       xg      $i1,0($out,$inp)
+       xg      $i2,8($out,$inp)
+       stg     $i1,0($out,$inp)
+       stg     $i2,8($out,$inp)
+
+       la      $i3,0($out,$inp)        # put aside real $out
+.Lxts_dec_km_steal:
+       llgc    $i1,16($inp)
+       llgc    $i2,0($out,$inp)
+       stc     $i1,0($out,$inp)
+       stc     $i2,16($out,$inp)
+       la      $inp,1($inp)
+       brct    $len,.Lxts_dec_km_steal
+
+       lgr     $s0,$s2
+       lgr     $s1,$s3
+       xg      $s0,0($i3)
+       xg      $s1,8($i3)
+       stg     $s0,0($i3)
+       stg     $s1,8($i3)
+       la      $s0,0($i3)
+       lghi    $s1,16
+       .long   0xb92e0088              # km $s0,$s0
+       brc     1,.-4                   # can this happen?
+       xg      $s2,0($i3)
+       xg      $s3,8($i3)
+       stg     $s2,0($i3)
+       stg     $s3,8($i3)
+.Lxts_dec_km_done:
+       stg     $sp,$tweak+0($sp)       # wipe tweak
+       stg     $sp,$tweak+8($sp)
+       l${g}   $ra,5*$SIZE_T($sp)
+       lm${g}  %r6,$s3,6*$SIZE_T($sp)
+       br      $ra
+.align 16
+.Lxts_dec_software:
+___
+$code.=<<___;
+       stm${g} %r6,$ra,6*$SIZE_T($sp)
+
+       srlg    $len,$len,4
+       slgr    $out,$inp
+
+       l${g}   $s3,$stdframe($sp)      # ivp
+       llgf    $s0,0($s3)              # load iv
+       llgf    $s1,4($s3)
+       llgf    $s2,8($s3)
+       llgf    $s3,12($s3)
+       stm${g} %r2,%r5,2*$SIZE_T($sp)
+       la      $key,0($key2)
+       larl    $tbl,AES_Te
+       bras    $ra,_s390x_AES_encrypt  # generate the tweak
+       lm${g}  %r2,%r5,2*$SIZE_T($sp)
+       larl    $tbl,AES_Td
+       lt${g}r $len,$len
+       stm     $s0,$s3,$tweak($sp)     # save the tweak
+       jz      .Lxts_dec_short
+       j       .Lxts_dec_enter
+
+.align 16
+.Lxts_dec_loop:
+       lrvg    $s1,$tweak+0($sp)       # load the tweak in little-endian
+       lrvg    $s3,$tweak+8($sp)
+       lghi    %r1,0x87
+       srag    %r0,$s3,63              # broadcast upper bit
+       ngr     %r1,%r0                 # rem
+       algr    $s1,$s1
+       alcgr   $s3,$s3
+       xgr     $s1,%r1
+       lrvgr   $s1,$s1                 # flip byte order
+       lrvgr   $s3,$s3
+       srlg    $s0,$s1,32              # smash the tweak to 4x32-bits 
+       stg     $s1,$tweak+0($sp)       # save the tweak
+       llgfr   $s1,$s1
+       srlg    $s2,$s3,32
+       stg     $s3,$tweak+8($sp)
+       llgfr   $s3,$s3
+.Lxts_dec_enter:
+       x       $s0,0($inp)             # tweak^=*(inp)
+       x       $s1,4($inp)
+       x       $s2,8($inp)
+       x       $s3,12($inp)
+       stm${g} %r2,%r3,2*$SIZE_T($sp)  # only two registers are changing
+       la      $key,0($key1)
+       bras    $ra,_s390x_AES_decrypt
+       lm${g}  %r2,%r5,2*$SIZE_T($sp)
+       x       $s0,$tweak+0($sp)       # ^=tweak
+       x       $s1,$tweak+4($sp)
+       x       $s2,$tweak+8($sp)
+       x       $s3,$tweak+12($sp)
+       st      $s0,0($out,$inp)
+       st      $s1,4($out,$inp)
+       st      $s2,8($out,$inp)
+       st      $s3,12($out,$inp)
+       la      $inp,16($inp)
+       brct${g}        $len,.Lxts_dec_loop
+
+       llgc    $len,`2*$SIZE_T-1`($sp)
+       nill    $len,0x0f               # $len%16
+       jz      .Lxts_dec_done
+
+       # generate pair of tweaks...
+       lrvg    $s1,$tweak+0($sp)       # load the tweak in little-endian
+       lrvg    $s3,$tweak+8($sp)
+       lghi    %r1,0x87
+       srag    %r0,$s3,63              # broadcast upper bit
+       ngr     %r1,%r0                 # rem
+       algr    $s1,$s1
+       alcgr   $s3,$s3
+       xgr     $s1,%r1
+       lrvgr   $i2,$s1                 # flip byte order
+       lrvgr   $i3,$s3
+       stmg    $i2,$i3,$tweak($sp)     # save the 1st tweak
+       j       .Lxts_dec_2ndtweak
+
+.align 16
+.Lxts_dec_short:
+       llgc    $len,`2*$SIZE_T-1`($sp)
+       nill    $len,0x0f               # $len%16
+       lrvg    $s1,$tweak+0($sp)       # load the tweak in little-endian
+       lrvg    $s3,$tweak+8($sp)
+.Lxts_dec_2ndtweak:
+       lghi    %r1,0x87
+       srag    %r0,$s3,63              # broadcast upper bit
+       ngr     %r1,%r0                 # rem
+       algr    $s1,$s1
+       alcgr   $s3,$s3
+       xgr     $s1,%r1
+       lrvgr   $s1,$s1                 # flip byte order
+       lrvgr   $s3,$s3
+       srlg    $s0,$s1,32              # smash the tweak to 4x32-bits
+       stg     $s1,$tweak-16+0($sp)    # save the 2nd tweak
+       llgfr   $s1,$s1
+       srlg    $s2,$s3,32
+       stg     $s3,$tweak-16+8($sp)
+       llgfr   $s3,$s3
+
+       x       $s0,0($inp)             # tweak_the_2nd^=*(inp)
+       x       $s1,4($inp)
+       x       $s2,8($inp)
+       x       $s3,12($inp)
+       stm${g} %r2,%r3,2*$SIZE_T($sp)
+       la      $key,0($key1)
+       bras    $ra,_s390x_AES_decrypt
+       lm${g}  %r2,%r5,2*$SIZE_T($sp)
+       x       $s0,$tweak-16+0($sp)    # ^=tweak_the_2nd
+       x       $s1,$tweak-16+4($sp)
+       x       $s2,$tweak-16+8($sp)
+       x       $s3,$tweak-16+12($sp)
+       st      $s0,0($out,$inp)
+       st      $s1,4($out,$inp)
+       st      $s2,8($out,$inp)
+       st      $s3,12($out,$inp)
+
+       la      $i3,0($out,$inp)        # put aside real $out
+.Lxts_dec_steal:
+       llgc    %r0,16($inp)
+       llgc    %r1,0($out,$inp)
+       stc     %r0,0($out,$inp)
+       stc     %r1,16($out,$inp)
+       la      $inp,1($inp)
+       brct    $len,.Lxts_dec_steal
+       la      $out,0($i3)             # restore real $out
+
+       lm      $s0,$s3,$tweak($sp)     # load the 1st tweak
+       x       $s0,0($out)             # tweak^=*(inp)|stolen cipher-text
+       x       $s1,4($out)
+       x       $s2,8($out)
+       x       $s3,12($out)
+       st${g}  $out,4*$SIZE_T($sp)
+       la      $key,0($key1)
+       bras    $ra,_s390x_AES_decrypt
+       l${g}   $out,4*$SIZE_T($sp)
+       x       $s0,$tweak+0($sp)       # ^=tweak
+       x       $s1,$tweak+4($sp)
+       x       $s2,$tweak+8($sp)
+       x       $s3,$tweak+12($sp)
+       st      $s0,0($out)
+       st      $s1,4($out)
+       st      $s2,8($out)
+       st      $s3,12($out)
+       stg     $sp,$tweak-16+0($sp)    # wipe 2nd tweak
+       stg     $sp,$tweak-16+8($sp)
+.Lxts_dec_done:
+       stg     $sp,$tweak+0($sp)       # wipe tweak
+       stg     $sp,$twesk+8($sp)
+       lm${g}  %r6,$ra,6*$SIZE_T($sp)
+       br      $ra
+.size  AES_xts_decrypt,.-AES_xts_decrypt
 ___
 }
 $code.=<<___;
 .string        "AES for s390x, CRYPTOGAMS by <appro\@openssl.org>"
+.comm  OPENSSL_s390xcap_P,16,8
 ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
+close STDOUT;  # force flush

diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-sparcv9.pl b/deps/openssl/openssl/crypto/aes/asm/aes-sparcv9.pl
old mode 100644 (file)
new mode 100755 (executable)
index c57b3a2..403c4d1
--- a/deps/openssl/openssl/crypto/aes/asm/aes-sparcv9.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aes-sparcv9.pl
@@ -1176,6 +1176,7 @@ ___
 # As UltraSPARC T1, a.k.a. Niagara, has shared FPU, FP nops can have
 # undesired effect, so just omit them and sacrifice some portion of
 # percent in performance...
-$code =~ s/fmovs.*$//gem;
+$code =~ s/fmovs.*$//gm;
 
 print $code;
+close STDOUT;  # ensure flush

diff --git a/deps/openssl/openssl/crypto/aes/asm/aes-x86_64.pl b/deps/openssl/openssl/crypto/aes/asm/aes-x86_64.pl
index 83aad23..9fa4ff5 100755 (executable)
--- a/deps/openssl/openssl/crypto/aes/asm/aes-x86_64.pl
+++ b/deps/openssl/openssl/crypto/aes/asm/aes-x86_64.pl
@@ -36,7 +36,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $verticalspin=1;       # unlike 32-bit version $verticalspin performs
                        # ~15% better on both AMD and Intel cores
@@ -588,6 +589,9 @@ $code.=<<___;
 .globl AES_encrypt
 .type  AES_encrypt,\@function,3
 .align 16
+.globl asm_AES_encrypt
+.hidden        asm_AES_encrypt
+asm_AES_encrypt:
 AES_encrypt:
        push    %rbx
        push    %rbp
@@ -1184,6 +1188,9 @@ $code.=<<___;
 .globl AES_decrypt
 .type  AES_decrypt,\@function,3
 .align 16
+.globl asm_AES_decrypt
+.hidden        asm_AES_decrypt
+asm_AES_decrypt:
 AES_decrypt:
        push    %rbx
        push    %rbp
@@ -1277,13 +1284,13 @@ $code.=<<___;
 ___
 }
 
-# int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+# int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 #                        AES_KEY *key)
 $code.=<<___;
-.globl AES_set_encrypt_key
-.type  AES_set_encrypt_key,\@function,3
+.globl private_AES_set_encrypt_key
+.type  private_AES_set_encrypt_key,\@function,3
 .align 16
-AES_set_encrypt_key:
+private_AES_set_encrypt_key:
        push    %rbx
        push    %rbp
        push    %r12                    # redundant, but allows to share 
@@ -1304,7 +1311,7 @@ AES_set_encrypt_key:
        add     \$56,%rsp
 .Lenc_key_epilogue:
        ret
-.size  AES_set_encrypt_key,.-AES_set_encrypt_key
+.size  private_AES_set_encrypt_key,.-private_AES_set_encrypt_key
 
 .type  _x86_64_AES_set_encrypt_key,\@abi-omnipotent
 .align 16
@@ -1547,13 +1554,13 @@ $code.=<<___;
 ___
 }
 
-# int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+# int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
 #                        AES_KEY *key)
 $code.=<<___;
-.globl AES_set_decrypt_key
-.type  AES_set_decrypt_key,\@function,3
+.globl private_AES_set_decrypt_key
+.type  private_AES_set_decrypt_key,\@function,3
 .align 16
-AES_set_decrypt_key:
+private_AES_set_decrypt_key:
        push    %rbx
        push    %rbp
        push    %r12
@@ -1622,7 +1629,7 @@ $code.=<<___;
        add     \$56,%rsp
 .Ldec_key_epilogue:
        ret
-.size  AES_set_decrypt_key,.-AES_set_decrypt_key
+.size  private_AES_set_decrypt_key,.-private_AES_set_decrypt_key
 ___
 
 # void AES_cbc_encrypt (const void char *inp, unsigned char *out,
@@ -1648,6 +1655,9 @@ $code.=<<___;
 .type  AES_cbc_encrypt,\@function,6
 .align 16
 .extern        OPENSSL_ia32cap_P
+.globl asm_AES_cbc_encrypt
+.hidden        asm_AES_cbc_encrypt
+asm_AES_cbc_encrypt:
 AES_cbc_encrypt:
        cmp     \$0,%rdx        # check length
        je      .Lcbc_epilogue
@@ -2766,13 +2776,13 @@ cbc_se_handler:
        .rva    .LSEH_end_AES_decrypt
        .rva    .LSEH_info_AES_decrypt
 
-       .rva    .LSEH_begin_AES_set_encrypt_key
-       .rva    .LSEH_end_AES_set_encrypt_key
-       .rva    .LSEH_info_AES_set_encrypt_key
+       .rva    .LSEH_begin_private_AES_set_encrypt_key
+       .rva    .LSEH_end_private_AES_set_encrypt_key
+       .rva    .LSEH_info_private_AES_set_encrypt_key
 
-       .rva    .LSEH_begin_AES_set_decrypt_key
-       .rva    .LSEH_end_AES_set_decrypt_key
-       .rva    .LSEH_info_AES_set_decrypt_key
+       .rva    .LSEH_begin_private_AES_set_decrypt_key
+       .rva    .LSEH_end_private_AES_set_decrypt_key
+       .rva    .LSEH_info_private_AES_set_decrypt_key
 
        .rva    .LSEH_begin_AES_cbc_encrypt
        .rva    .LSEH_end_AES_cbc_encrypt
@@ -2788,11 +2798,11 @@ cbc_se_handler:
        .byte   9,0,0,0
        .rva    block_se_handler
        .rva    .Ldec_prologue,.Ldec_epilogue   # HandlerData[]
-.LSEH_info_AES_set_encrypt_key:
+.LSEH_info_private_AES_set_encrypt_key:
        .byte   9,0,0,0
        .rva    key_se_handler
        .rva    .Lenc_key_prologue,.Lenc_key_epilogue   # HandlerData[]
-.LSEH_info_AES_set_decrypt_key:
+.LSEH_info_private_AES_set_decrypt_key:
        .byte   9,0,0,0
        .rva    key_se_handler
        .rva    .Ldec_key_prologue,.Ldec_key_epilogue   # HandlerData[]

diff --git a/deps/openssl/openssl/crypto/asn1/Makefile b/deps/openssl/openssl/crypto/asn1/Makefile
index 160544e..f778700 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/Makefile
+++ b/deps/openssl/openssl/crypto/asn1/Makefile
@@ -639,7 +639,7 @@ t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
-t_x509.o: ../cryptlib.h t_x509.c
+t_x509.o: ../cryptlib.h asn1_locl.h t_x509.c
 t_x509a.o: ../../e_os.h ../../include/openssl/asn1.h
 t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 t_x509a.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

diff --git a/deps/openssl/openssl/crypto/asn1/a_digest.c b/deps/openssl/openssl/crypto/asn1/a_digest.c
index d00d9e2..cbdeea6 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/a_digest.c
+++ b/deps/openssl/openssl/crypto/asn1/a_digest.c
@@ -87,7 +87,8 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
        p=str;
        i2d(data,&p);
 
-       EVP_Digest(str, i, md, len, type, NULL);
+       if (!EVP_Digest(str, i, md, len, type, NULL))
+               return 0;
        OPENSSL_free(str);
        return(1);
        }
@@ -104,7 +105,8 @@ int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
        i=ASN1_item_i2d(asn,&str, it);
        if (!str) return(0);
 
-       EVP_Digest(str, i, md, len, type, NULL);
+       if (!EVP_Digest(str, i, md, len, type, NULL))
+               return 0;
        OPENSSL_free(str);
        return(1);
        }

diff --git a/deps/openssl/openssl/crypto/asn1/a_int.c b/deps/openssl/openssl/crypto/asn1/a_int.c
index 3348b87..ad0d250 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/a_int.c
+++ b/deps/openssl/openssl/crypto/asn1/a_int.c
@@ -386,8 +386,8 @@ long ASN1_INTEGER_get(const ASN1_INTEGER *a)
        
        if (a->length > (int)sizeof(long))
                {
-               /* hmm... a bit ugly */
-               return(0xffffffffL);
+               /* hmm... a bit ugly, return all ones */
+               return -1;
                }
        if (a->data == NULL)
                return 0;

diff --git a/deps/openssl/openssl/crypto/asn1/a_sign.c b/deps/openssl/openssl/crypto/asn1/a_sign.c
index ff63bfc..7b4a193 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/a_sign.c
+++ b/deps/openssl/openssl/crypto/asn1/a_sign.c
@@ -184,9 +184,9 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
        p=buf_in;
 
        i2d(data,&p);
-       EVP_SignInit_ex(&ctx,type, NULL);
-       EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
-       if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
+       if (!EVP_SignInit_ex(&ctx,type, NULL)
+               || !EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl)
+               || !EVP_SignFinal(&ctx,(unsigned char *)buf_out,
                        (unsigned int *)&outl,pkey))
                {
                outl=0;
@@ -218,65 +218,100 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
             const EVP_MD *type)
        {
        EVP_MD_CTX ctx;
+       EVP_MD_CTX_init(&ctx);
+       if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey))
+               {
+               EVP_MD_CTX_cleanup(&ctx);
+               return 0;
+               }
+       return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);
+       }
+               
+
+int ASN1_item_sign_ctx(const ASN1_ITEM *it,
+               X509_ALGOR *algor1, X509_ALGOR *algor2,
+               ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
+       {
+       const EVP_MD *type;
+       EVP_PKEY *pkey;
        unsigned char *buf_in=NULL,*buf_out=NULL;
-       int inl=0,outl=0,outll=0;
+       size_t inl=0,outl=0,outll=0;
        int signid, paramtype;
+       int rv;
+
+       type = EVP_MD_CTX_md(ctx);
+       pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
 
-       if (type == NULL)
+       if (!type || !pkey)
                {
-               int def_nid;
-               if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
-                       type = EVP_get_digestbynid(def_nid);
+               ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
+               return 0;
                }
 
-       if (type == NULL)
+       if (pkey->ameth->item_sign)
                {
-               ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_NO_DEFAULT_DIGEST);
-               return 0;
+               rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2,
+                                               signature);
+               if (rv == 1)
+                       outl = signature->length;
+               /* Return value meanings:
+                * <=0: error.
+                *   1: method does everything.
+                *   2: carry on as normal.
+                *   3: ASN1 method sets algorithm identifiers: just sign.
+                */
+               if (rv <= 0)
+                       ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
+               if (rv <= 1)
+                       goto err;
                }
+       else
+               rv = 2;
 
-       if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
+       if (rv == 2)
                {
-               if (!pkey->ameth ||
-                       !OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(type),
-                                               pkey->ameth->pkey_id))
+               if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
                        {
-                       ASN1err(ASN1_F_ASN1_ITEM_SIGN,
-                               ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
-                       return 0;
+                       if (!pkey->ameth ||
+                               !OBJ_find_sigid_by_algs(&signid,
+                                                       EVP_MD_nid(type),
+                                                       pkey->ameth->pkey_id))
+                               {
+                               ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
+                                       ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+                               return 0;
+                               }
                        }
-               }
-       else
-               signid = type->pkey_type;
+               else
+                       signid = type->pkey_type;
 
-       if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
-               paramtype = V_ASN1_NULL;
-       else
-               paramtype = V_ASN1_UNDEF;
+               if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
+                       paramtype = V_ASN1_NULL;
+               else
+                       paramtype = V_ASN1_UNDEF;
 
-       if (algor1)
-               X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
-       if (algor2)
-               X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
+               if (algor1)
+                       X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
+               if (algor2)
+                       X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
+
+               }
 
-       EVP_MD_CTX_init(&ctx);
        inl=ASN1_item_i2d(asn,&buf_in, it);
        outll=outl=EVP_PKEY_size(pkey);
-       buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
+       buf_out=OPENSSL_malloc((unsigned int)outl);
        if ((buf_in == NULL) || (buf_out == NULL))
                {
                outl=0;
-               ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE);
+               ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_MALLOC_FAILURE);
                goto err;
                }
 
-       EVP_SignInit_ex(&ctx,type, NULL);
-       EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
-       if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
-                       (unsigned int *)&outl,pkey))
+       if (!EVP_DigestSignUpdate(ctx, buf_in, inl)
+               || !EVP_DigestSignFinal(ctx, buf_out, &outl))
                {
                outl=0;
-               ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
+               ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,ERR_R_EVP_LIB);
                goto err;
                }
        if (signature->data != NULL) OPENSSL_free(signature->data);
@@ -289,7 +324,7 @@ int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
        signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
        signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
 err:
-       EVP_MD_CTX_cleanup(&ctx);
+       EVP_MD_CTX_cleanup(ctx);
        if (buf_in != NULL)
                { OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
        if (buf_out != NULL)

diff --git a/deps/openssl/openssl/crypto/asn1/a_strex.c b/deps/openssl/openssl/crypto/asn1/a_strex.c
index 8a467ab..bf63330 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/a_strex.c
+++ b/deps/openssl/openssl/crypto/asn1/a_strex.c
@@ -568,6 +568,7 @@ int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
        mbflag |= MBSTRING_FLAG;
        memset(&stmp, 0, sizeof(stmp));
        stmp.data = NULL;
+       stmp.length = 0;
        ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
        if(ret < 0) return ret;
        *out = stmp.data;

diff --git a/deps/openssl/openssl/crypto/asn1/a_verify.c b/deps/openssl/openssl/crypto/asn1/a_verify.c
index cecdb13..fc84cd3 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/a_verify.c
+++ b/deps/openssl/openssl/crypto/asn1/a_verify.c
@@ -101,8 +101,13 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
        p=buf_in;
 
        i2d(data,&p);
-       EVP_VerifyInit_ex(&ctx,type, NULL);
-       EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+       if (!EVP_VerifyInit_ex(&ctx,type, NULL)
+               || !EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl))
+               {
+               ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
+               ret=0;
+               goto err;
+               }
 
        OPENSSL_cleanse(buf_in,(unsigned int)inl);
        OPENSSL_free(buf_in);
@@ -126,16 +131,21 @@ err:
 #endif
 
 
-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
-            void *asn, EVP_PKEY *pkey)
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
+               ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
        {
        EVP_MD_CTX ctx;
-       const EVP_MD *type = NULL;
        unsigned char *buf_in=NULL;
        int ret= -1,inl;
 
        int mdnid, pknid;
 
+       if (!pkey)
+               {
+               ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+               return -1;
+               }
+
        EVP_MD_CTX_init(&ctx);
 
        /* Convert signature OID into digest and public key OIDs */
@@ -144,25 +154,47 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
                goto err;
                }
-       type=EVP_get_digestbynid(mdnid);
-       if (type == NULL)
+       if (mdnid == NID_undef)
                {
-               ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
-               goto err;
+               if (!pkey->ameth || !pkey->ameth->item_verify)
+                       {
+                       ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+                       goto err;
+                       }
+               ret = pkey->ameth->item_verify(&ctx, it, asn, a,
+                                                       signature, pkey);
+               /* Return value of 2 means carry on, anything else means we
+                * exit straight away: either a fatal error of the underlying
+                * verification routine handles all verification.
+                */
+               if (ret != 2)
+                       goto err;
+               ret = -1;
                }
-
-       /* Check public key OID matches public key type */
-       if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
+       else
                {
-               ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
-               goto err;
-               }
+               const EVP_MD *type;
+               type=EVP_get_digestbynid(mdnid);
+               if (type == NULL)
+                       {
+                       ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+                       goto err;
+                       }
+
+               /* Check public key OID matches public key type */
+               if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id)
+                       {
+                       ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_WRONG_PUBLIC_KEY_TYPE);
+                       goto err;
+                       }
+
+               if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey))
+                       {
+                       ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
+                       ret=0;
+                       goto err;
+                       }
 
-       if (!EVP_VerifyInit_ex(&ctx,type, NULL))
-               {
-               ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
-               ret=0;
-               goto err;
                }
 
        inl = ASN1_item_i2d(asn, &buf_in, it);
@@ -173,13 +205,18 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signat
                goto err;
                }
 
-       EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+       if (!EVP_DigestVerifyUpdate(&ctx,buf_in,inl))
+               {
+               ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
+               ret=0;
+               goto err;
+               }
 
        OPENSSL_cleanse(buf_in,(unsigned int)inl);
        OPENSSL_free(buf_in);
 
-       if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
-                       (unsigned int)signature->length,pkey) <= 0)
+       if (EVP_DigestVerifyFinal(&ctx,signature->data,
+                       (size_t)signature->length) <= 0)
                {
                ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
                ret=0;

diff --git a/deps/openssl/openssl/crypto/asn1/ameth_lib.c b/deps/openssl/openssl/crypto/asn1/ameth_lib.c
index 5a581b9..a19e058 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/ameth_lib.c
+++ b/deps/openssl/openssl/crypto/asn1/ameth_lib.c
@@ -69,6 +69,7 @@ extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[];
 extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
 extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
 
 /* Keep this sorted in type order !! */
 static const EVP_PKEY_ASN1_METHOD *standard_methods[] = 
@@ -90,7 +91,8 @@ static const EVP_PKEY_ASN1_METHOD *standard_methods[] =
 #ifndef OPENSSL_NO_EC
        &eckey_asn1_meth,
 #endif
-       &hmac_asn1_meth
+       &hmac_asn1_meth,
+       &cmac_asn1_meth
        };
 
 typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
@@ -291,6 +293,8 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
        if (!ameth)
                return NULL;
 
+       memset(ameth, 0, sizeof(EVP_PKEY_ASN1_METHOD));
+
        ameth->pkey_id = id;
        ameth->pkey_base_id = id;
        ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC;
@@ -325,6 +329,9 @@ EVP_PKEY_ASN1_METHOD* EVP_PKEY_asn1_new(int id, int flags,
        ameth->old_priv_encode = 0;
        ameth->old_priv_decode = 0;
 
+       ameth->item_verify = 0;
+       ameth->item_sign = 0;
+
        ameth->pkey_size = 0;
        ameth->pkey_bits = 0;
 
@@ -376,6 +383,9 @@ void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
        dst->pkey_free = src->pkey_free;
        dst->pkey_ctrl = src->pkey_ctrl;
 
+       dst->item_sign = src->item_sign;
+       dst->item_verify = src->item_verify;
+
        }
 
 void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth)

diff --git a/deps/openssl/openssl/crypto/asn1/asn1.h b/deps/openssl/openssl/crypto/asn1/asn1.h
index 59540e4..220a0c8 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/asn1.h
+++ b/deps/openssl/openssl/crypto/asn1/asn1.h
@@ -235,7 +235,7 @@ typedef struct asn1_object_st
  */
 #define ASN1_STRING_FLAG_MSTRING 0x040 
 /* This is the base type that holds just about everything :-) */
-typedef struct asn1_string_st
+struct asn1_string_st
        {
        int length;
        int type;
@@ -245,7 +245,7 @@ typedef struct asn1_string_st
         * input data has a non-zero 'unused bits' value, it will be
         * handled correctly */
        long flags;
-       } ASN1_STRING;
+       };
 
 /* ASN1_ENCODING structure: this is used to save the received
  * encoding of an ASN1 type. This is useful to get round
@@ -293,7 +293,6 @@ DECLARE_STACK_OF(ASN1_STRING_TABLE)
  * see asn1t.h
  */
 typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
-typedef struct ASN1_ITEM_st ASN1_ITEM;
 typedef struct ASN1_TLC_st ASN1_TLC;
 /* This is just an opaque pointer */
 typedef struct ASN1_VALUE_st ASN1_VALUE;
@@ -1194,6 +1193,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_ASN1_ITEM_I2D_FP                                 193
 #define ASN1_F_ASN1_ITEM_PACK                           198
 #define ASN1_F_ASN1_ITEM_SIGN                           195
+#define ASN1_F_ASN1_ITEM_SIGN_CTX                       220
 #define ASN1_F_ASN1_ITEM_UNPACK                                 199
 #define ASN1_F_ASN1_ITEM_VERIFY                                 197
 #define ASN1_F_ASN1_MBSTRING_NCOPY                      122
@@ -1266,6 +1266,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_F_PKCS5_PBE2_SET_IV                        167
 #define ASN1_F_PKCS5_PBE_SET                            202
 #define ASN1_F_PKCS5_PBE_SET0_ALGOR                     215
+#define ASN1_F_PKCS5_PBKDF2_SET                                 219
 #define ASN1_F_SMIME_READ_ASN1                          212
 #define ASN1_F_SMIME_TEXT                               213
 #define ASN1_F_X509_CINF_NEW                            168
@@ -1291,6 +1292,7 @@ void ERR_load_ASN1_strings(void);
 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                  106
 #define ASN1_R_BUFFER_TOO_SMALL                                 107
 #define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER          108
+#define ASN1_R_CONTEXT_NOT_INITIALISED                  217
 #define ASN1_R_DATA_IS_WRONG                            109
 #define ASN1_R_DECODE_ERROR                             110
 #define ASN1_R_DECODING_ERROR                           111

diff --git a/deps/openssl/openssl/crypto/asn1/asn1_err.c b/deps/openssl/openssl/crypto/asn1/asn1_err.c
index 6e04d08..1a30bf1 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/asn1_err.c
+++ b/deps/openssl/openssl/crypto/asn1/asn1_err.c
@@ -1,6 +1,6 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2009 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -107,6 +107,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP),    "ASN1_item_i2d_fp"},
 {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK),      "ASN1_item_pack"},
 {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN),      "ASN1_item_sign"},
+{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN_CTX),  "ASN1_item_sign_ctx"},
 {ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK),    "ASN1_item_unpack"},
 {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY),    "ASN1_item_verify"},
 {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
@@ -179,6 +180,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET_IV),   "PKCS5_pbe2_set_iv"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE_SET),       "PKCS5_pbe_set"},
 {ERR_FUNC(ASN1_F_PKCS5_PBE_SET0_ALGOR),        "PKCS5_pbe_set0_algor"},
+{ERR_FUNC(ASN1_F_PKCS5_PBKDF2_SET),    "PKCS5_pbkdf2_set"},
 {ERR_FUNC(ASN1_F_SMIME_READ_ASN1),     "SMIME_read_ASN1"},
 {ERR_FUNC(ASN1_F_SMIME_TEXT),  "SMIME_text"},
 {ERR_FUNC(ASN1_F_X509_CINF_NEW),       "X509_CINF_NEW"},
@@ -207,6 +209,7 @@ static ERR_STRING_DATA ASN1_str_reasons[]=
 {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
 {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL)     ,"buffer too small"},
 {ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
+{ERR_REASON(ASN1_R_CONTEXT_NOT_INITIALISED),"context not initialised"},
 {ERR_REASON(ASN1_R_DATA_IS_WRONG)        ,"data is wrong"},
 {ERR_REASON(ASN1_R_DECODE_ERROR)         ,"decode error"},
 {ERR_REASON(ASN1_R_DECODING_ERROR)       ,"decoding error"},

diff --git a/deps/openssl/openssl/crypto/asn1/asn1_locl.h b/deps/openssl/openssl/crypto/asn1/asn1_locl.h
index 5aa65e2..9fcf0d9 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/asn1_locl.h
+++ b/deps/openssl/openssl/crypto/asn1/asn1_locl.h
@@ -102,6 +102,10 @@ struct evp_pkey_asn1_method_st
        int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b);
        int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,
                                                        ASN1_PCTX *pctx);
+       int (*sig_print)(BIO *out,
+                        const X509_ALGOR *sigalg, const ASN1_STRING *sig,
+                                        int indent, ASN1_PCTX *pctx);
+
 
        void (*pkey_free)(EVP_PKEY *pkey);
        int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2);
@@ -111,6 +115,13 @@ struct evp_pkey_asn1_method_st
        int (*old_priv_decode)(EVP_PKEY *pkey,
                                const unsigned char **pder, int derlen);
        int (*old_priv_encode)(const EVP_PKEY *pkey, unsigned char **pder);
+       /* Custom ASN1 signature verification */
+       int (*item_verify)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                               X509_ALGOR *a, ASN1_BIT_STRING *sig,
+                               EVP_PKEY *pkey);
+       int (*item_sign)(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                               X509_ALGOR *alg1, X509_ALGOR *alg2, 
+                               ASN1_BIT_STRING *sig);
 
        } /* EVP_PKEY_ASN1_METHOD */;
 

diff --git a/deps/openssl/openssl/crypto/asn1/asn_mime.c b/deps/openssl/openssl/crypto/asn1/asn_mime.c
index c1d1b12..54a704a 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/asn_mime.c
+++ b/deps/openssl/openssl/crypto/asn1/asn_mime.c
@@ -377,8 +377,12 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
        BIO *tmpbio;
        const ASN1_AUX *aux = it->funcs;
        ASN1_STREAM_ARG sarg;
+       int rv = 1;
 
-       if (!(flags & SMIME_DETACHED))
+       /* If data is not deteched or resigning then the output BIO is
+        * already set up to finalise when it is written through.
+        */
+       if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST))
                {
                SMIME_crlf_copy(data, out, flags);
                return 1;
@@ -405,7 +409,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
 
        /* Finalize structure */
        if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
-               return 0;
+               rv = 0;
 
        /* Now remove any digests prepended to the BIO */
 
@@ -416,7 +420,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
                sarg.ndef_bio = tmpbio;
                }
 
-       return 1;
+       return rv;
 
        }
 
@@ -486,9 +490,9 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
 
                if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
                        strcmp(hdr->value, "application/pkcs7-signature")) {
-                       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                        ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
                        ERR_add_error_data(2, "type: ", hdr->value);
+                       sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
                        sk_BIO_pop_free(parts, BIO_vfree);
                        return NULL;
                }
@@ -801,7 +805,7 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value)
        if(name) {
                if(!(tmpname = BUF_strdup(name))) return NULL;
                for(p = tmpname ; *p; p++) {
-                       c = *p;
+                       c = (unsigned char)*p;
                        if(isupper(c)) {
                                c = tolower(c);
                                *p = c;
@@ -811,7 +815,7 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value)
        if(value) {
                if(!(tmpval = BUF_strdup(value))) return NULL;
                for(p = tmpval ; *p; p++) {
-                       c = *p;
+                       c = (unsigned char)*p;
                        if(isupper(c)) {
                                c = tolower(c);
                                *p = c;
@@ -835,7 +839,7 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
                tmpname = BUF_strdup(name);
                if(!tmpname) return 0;
                for(p = tmpname ; *p; p++) {
-                       c = *p;
+                       c = (unsigned char)*p;
                        if(isupper(c)) {
                                c = tolower(c);
                                *p = c;
@@ -858,12 +862,17 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
 static int mime_hdr_cmp(const MIME_HEADER * const *a,
                        const MIME_HEADER * const *b)
 {
+       if (!(*a)->name || !(*b)->name)
+               return !!(*a)->name - !!(*b)->name;
+
        return(strcmp((*a)->name, (*b)->name));
 }
 
 static int mime_param_cmp(const MIME_PARAM * const *a,
                        const MIME_PARAM * const *b)
 {
+       if (!(*a)->param_name || !(*b)->param_name)
+               return !!(*a)->param_name - !!(*b)->param_name;
        return(strcmp((*a)->param_name, (*b)->param_name));
 }
 

diff --git a/deps/openssl/openssl/crypto/asn1/n_pkey.c b/deps/openssl/openssl/crypto/asn1/n_pkey.c
index e7d0439..e251739 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/n_pkey.c
+++ b/deps/openssl/openssl/crypto/asn1/n_pkey.c
@@ -129,6 +129,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
        unsigned char buf[256],*zz;
        unsigned char key[EVP_MAX_KEY_LENGTH];
        EVP_CIPHER_CTX ctx;
+       EVP_CIPHER_CTX_init(&ctx);
 
        if (a == NULL) return(0);
 
@@ -206,24 +207,28 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
        i = strlen((char *)buf);
        /* If the key is used for SGC the algorithm is modified a little. */
        if(sgckey) {
-               EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+               if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
+                       goto err;
                memcpy(buf + 16, "SGCKEYSALT", 10);
                i = 26;
        }
 
-       EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+       if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL))
+               goto err;
        OPENSSL_cleanse(buf,256);
 
        /* Encrypt private key in place */
        zz = enckey->enckey->digest->data;
-       EVP_CIPHER_CTX_init(&ctx);
-       EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
-       EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
-       EVP_EncryptFinal_ex(&ctx,zz + i,&j);
-       EVP_CIPHER_CTX_cleanup(&ctx);
+       if (!EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL))
+               goto err;
+       if (!EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen))
+               goto err;
+       if (!EVP_EncryptFinal_ex(&ctx,zz + i,&j))
+               goto err;
 
        ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
 err:
+       EVP_CIPHER_CTX_cleanup(&ctx);
        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
        NETSCAPE_PKEY_free(pkey);
        return(ret);
@@ -288,6 +293,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
        const unsigned char *zz;
        unsigned char key[EVP_MAX_KEY_LENGTH];
        EVP_CIPHER_CTX ctx;
+       EVP_CIPHER_CTX_init(&ctx);
 
        i=cb((char *)buf,256,"Enter Private Key password:",0);
        if (i != 0)
@@ -298,19 +304,22 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
 
        i = strlen((char *)buf);
        if(sgckey){
-               EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+               if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
+                       goto err;
                memcpy(buf + 16, "SGCKEYSALT", 10);
                i = 26;
        }
                
-       EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+       if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL))
+               goto err;
        OPENSSL_cleanse(buf,256);
 
-       EVP_CIPHER_CTX_init(&ctx);
-       EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
-       EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
-       EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
-       EVP_CIPHER_CTX_cleanup(&ctx);
+       if (!EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL))
+               goto err;
+       if (!EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length))
+               goto err;
+       if (!EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j))
+               goto err;
        os->length=i+j;
 
        zz=os->data;
@@ -328,6 +337,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
                goto err;
                }
 err:
+       EVP_CIPHER_CTX_cleanup(&ctx);
        NETSCAPE_PKEY_free(pkey);
        return(ret);
        }

diff --git a/deps/openssl/openssl/crypto/asn1/p5_pbev2.c b/deps/openssl/openssl/crypto/asn1/p5_pbev2.c
index cb49b66..4ea6830 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/p5_pbev2.c
+++ b/deps/openssl/openssl/crypto/asn1/p5_pbev2.c
@@ -91,12 +91,10 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
                                 unsigned char *aiv, int prf_nid)
 {
        X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
-       int alg_nid;
+       int alg_nid, keylen;
        EVP_CIPHER_CTX ctx;
        unsigned char iv[EVP_MAX_IV_LENGTH];
-       PBKDF2PARAM *kdf = NULL;
        PBE2PARAM *pbe2 = NULL;
-       ASN1_OCTET_STRING *osalt = NULL;
        ASN1_OBJECT *obj;
 
        alg_nid = EVP_CIPHER_type(cipher);
@@ -127,7 +125,8 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
        EVP_CIPHER_CTX_init(&ctx);
 
        /* Dummy cipherinit to just setup the IV, and PRF */
-       EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
+       if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
+               goto err;
        if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
                ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
                                        ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
@@ -145,55 +144,21 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
                }
        EVP_CIPHER_CTX_cleanup(&ctx);
 
-       if(!(kdf = PBKDF2PARAM_new())) goto merr;
-       if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr;
-
-       if (!saltlen) saltlen = PKCS5_SALT_LEN;
-       if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr;
-       osalt->length = saltlen;
-       if (salt) memcpy (osalt->data, salt, saltlen);
-       else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;
-
-       if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
-       if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
-
-       /* Now include salt in kdf structure */
-       kdf->salt->value.octet_string = osalt;
-       kdf->salt->type = V_ASN1_OCTET_STRING;
-       osalt = NULL;
-
        /* If its RC2 then we'd better setup the key length */
 
-       if(alg_nid == NID_rc2_cbc) {
-               if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr;
-               if(!ASN1_INTEGER_set (kdf->keylength,
-                                EVP_CIPHER_key_length(cipher))) goto merr;
-       }
-
-       /* prf can stay NULL if we are using hmacWithSHA1 */
-       if (prf_nid != NID_hmacWithSHA1)
-               {
-               kdf->prf = X509_ALGOR_new();
-               if (!kdf->prf)
-                       goto merr;
-               X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
-                                       V_ASN1_NULL, NULL);
-               }
-
-       /* Now setup the PBE2PARAM keyfunc structure */
+       if(alg_nid == NID_rc2_cbc)
+               keylen = EVP_CIPHER_key_length(cipher);
+       else
+               keylen = -1;
 
-       pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+       /* Setup keyfunc */
 
-       /* Encode PBKDF2PARAM into parameter of pbe2 */
+       X509_ALGOR_free(pbe2->keyfunc);
 
-       if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
+       pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
 
-       if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
-                        &pbe2->keyfunc->parameter->value.sequence)) goto merr;
-       pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
-
-       PBKDF2PARAM_free(kdf);
-       kdf = NULL;
+       if (!pbe2->keyfunc)
+               goto merr;
 
        /* Now set up top level AlgorithmIdentifier */
 
@@ -219,8 +184,6 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
        err:
        PBE2PARAM_free(pbe2);
        /* Note 'scheme' is freed as part of pbe2 */
-       M_ASN1_OCTET_STRING_free(osalt);
-       PBKDF2PARAM_free(kdf);
        X509_ALGOR_free(kalg);
        X509_ALGOR_free(ret);
 
@@ -233,3 +196,85 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
        {
        return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
        }
+
+X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
+                               int prf_nid, int keylen)
+       {
+       X509_ALGOR *keyfunc = NULL;
+       PBKDF2PARAM *kdf = NULL;
+       ASN1_OCTET_STRING *osalt = NULL;
+
+       if(!(kdf = PBKDF2PARAM_new()))
+               goto merr;
+       if(!(osalt = M_ASN1_OCTET_STRING_new()))
+               goto merr;
+
+       kdf->salt->value.octet_string = osalt;
+       kdf->salt->type = V_ASN1_OCTET_STRING;
+
+       if (!saltlen)
+               saltlen = PKCS5_SALT_LEN;
+       if (!(osalt->data = OPENSSL_malloc (saltlen)))
+               goto merr;
+
+       osalt->length = saltlen;
+
+       if (salt)
+               memcpy (osalt->data, salt, saltlen);
+       else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0)
+               goto merr;
+
+       if(iter <= 0)
+               iter = PKCS5_DEFAULT_ITER;
+
+       if(!ASN1_INTEGER_set(kdf->iter, iter))
+               goto merr;
+
+       /* If have a key len set it up */
+
+       if(keylen > 0) 
+               {
+               if(!(kdf->keylength = M_ASN1_INTEGER_new()))
+                       goto merr;
+               if(!ASN1_INTEGER_set (kdf->keylength, keylen))
+                       goto merr;
+               }
+
+       /* prf can stay NULL if we are using hmacWithSHA1 */
+       if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1)
+               {
+               kdf->prf = X509_ALGOR_new();
+               if (!kdf->prf)
+                       goto merr;
+               X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
+                                       V_ASN1_NULL, NULL);
+               }
+
+       /* Finally setup the keyfunc structure */
+
+       keyfunc = X509_ALGOR_new();
+       if (!keyfunc)
+               goto merr;
+
+       keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+
+       /* Encode PBKDF2PARAM into parameter of pbe2 */
+
+       if(!(keyfunc->parameter = ASN1_TYPE_new()))
+               goto merr;
+
+       if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
+                        &keyfunc->parameter->value.sequence))
+               goto merr;
+       keyfunc->parameter->type = V_ASN1_SEQUENCE;
+
+       PBKDF2PARAM_free(kdf);
+       return keyfunc;
+
+       merr:
+       ASN1err(ASN1_F_PKCS5_PBKDF2_SET,ERR_R_MALLOC_FAILURE);
+       PBKDF2PARAM_free(kdf);
+       X509_ALGOR_free(keyfunc);
+       return NULL;
+       }
+

diff --git a/deps/openssl/openssl/crypto/asn1/t_crl.c b/deps/openssl/openssl/crypto/asn1/t_crl.c
index ee5a687..c611692 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/t_crl.c
+++ b/deps/openssl/openssl/crypto/asn1/t_crl.c
@@ -94,8 +94,7 @@ int X509_CRL_print(BIO *out, X509_CRL *x)
        l = X509_CRL_get_version(x);
        BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
        i = OBJ_obj2nid(x->sig_alg->algorithm);
-       BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
-                                (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
+       X509_signature_print(out, x->sig_alg, NULL);
        p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);
        BIO_printf(out,"%8sIssuer: %s\n","",p);
        OPENSSL_free(p);

diff --git a/deps/openssl/openssl/crypto/asn1/t_x509.c b/deps/openssl/openssl/crypto/asn1/t_x509.c
index e061f2f..edbb39a 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/t_x509.c
+++ b/deps/openssl/openssl/crypto/asn1/t_x509.c
@@ -72,6 +72,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
+#include "asn1_locl.h"
 
 #ifndef OPENSSL_NO_FP_API
 int X509_print_fp(FILE *fp, X509 *x)
@@ -137,10 +138,10 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
                if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
 
                bs=X509_get_serialNumber(x);
-               if (bs->length <= 4)
+               if (bs->length <= (int)sizeof(long))
                        {
                        l=ASN1_INTEGER_get(bs);
-                       if (l < 0)
+                       if (bs->type == V_ASN1_NEG_INTEGER)
                                {
                                l= -l;
                                neg="-";
@@ -167,12 +168,16 @@ int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
 
        if(!(cflag & X509_FLAG_NO_SIGNAME))
                {
+               if(X509_signature_print(bp, x->sig_alg, NULL) <= 0)
+                       goto err;
+#if 0
                if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) 
                        goto err;
                if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
                        goto err;
                if (BIO_puts(bp, "\n") <= 0)
                        goto err;
+#endif
                }
 
        if(!(cflag & X509_FLAG_NO_ISSUER))
@@ -255,7 +260,8 @@ int X509_ocspid_print (BIO *bp, X509 *x)
                goto err;
        i2d_X509_NAME(x->cert_info->subject, &dertmp);
 
-       EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL);
+       if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
+               goto err;
        for (i=0; i < SHA_DIGEST_LENGTH; i++)
                {
                if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
@@ -268,8 +274,10 @@ int X509_ocspid_print (BIO *bp, X509 *x)
        if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
                goto err;
 
-       EVP_Digest(x->cert_info->key->public_key->data,
-               x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL);
+       if (!EVP_Digest(x->cert_info->key->public_key->data,
+                       x->cert_info->key->public_key->length,
+                       SHA1md, NULL, EVP_sha1(), NULL))
+               goto err;
        for (i=0; i < SHA_DIGEST_LENGTH; i++)
                {
                if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
@@ -283,23 +291,50 @@ err:
        return(0);
        }
 
-int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
+int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
 {
-       unsigned char *s;
+       const unsigned char *s;
        int i, n;
-       if (BIO_puts(bp,"    Signature Algorithm: ") <= 0) return 0;
-       if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
 
        n=sig->length;
        s=sig->data;
        for (i=0; i<n; i++)
                {
                if ((i%18) == 0)
-                       if (BIO_write(bp,"\n        ",9) <= 0) return 0;
+                       {
+                       if (BIO_write(bp,"\n",1) <= 0) return 0;
+                       if (BIO_indent(bp, indent, indent) <= 0) return 0;
+                       }
                        if (BIO_printf(bp,"%02x%s",s[i],
                                ((i+1) == n)?"":":") <= 0) return 0;
                }
        if (BIO_write(bp,"\n",1) != 1) return 0;
+
+       return 1;
+}
+
+int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
+{
+       int sig_nid;
+       if (BIO_puts(bp,"    Signature Algorithm: ") <= 0) return 0;
+       if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
+
+       sig_nid = OBJ_obj2nid(sigalg->algorithm);
+       if (sig_nid != NID_undef)
+               {
+               int pkey_nid, dig_nid;
+               const EVP_PKEY_ASN1_METHOD *ameth;
+               if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid))
+                       {
+                       ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
+                       if (ameth && ameth->sig_print)
+                               return ameth->sig_print(bp, sigalg, sig, 9, 0);
+                       }
+               }
+       if (sig)
+               return X509_signature_dump(bp, sig, 9);
+       else if (BIO_puts(bp, "\n") <= 0)
+               return 0;
        return 1;
 }
 

diff --git a/deps/openssl/openssl/crypto/asn1/tasn_prn.c b/deps/openssl/openssl/crypto/asn1/tasn_prn.c
index 4536980..542a091 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/tasn_prn.c
+++ b/deps/openssl/openssl/crypto/asn1/tasn_prn.c
@@ -446,11 +446,11 @@ static int asn1_print_fsname(BIO *out, int indent,
        return 1;
        }
 
-static int asn1_print_boolean_ctx(BIO *out, const int bool,
+static int asn1_print_boolean_ctx(BIO *out, int boolval,
                                                        const ASN1_PCTX *pctx)
        {
        const char *str;
-       switch (bool)
+       switch (boolval)
                {
                case -1:
                str = "BOOL ABSENT";
@@ -574,10 +574,10 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
                {
                case V_ASN1_BOOLEAN:
                        {
-                       int bool = *(int *)fld;
-                       if (bool == -1)
-                               bool = it->size;
-                       ret = asn1_print_boolean_ctx(out, bool, pctx);
+                       int boolval = *(int *)fld;
+                       if (boolval == -1)
+                               boolval = it->size;
+                       ret = asn1_print_boolean_ctx(out, boolval, pctx);
                        }
                break;
 

diff --git a/deps/openssl/openssl/crypto/asn1/x_algor.c b/deps/openssl/openssl/crypto/asn1/x_algor.c
index 99e5342..274e456 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/x_algor.c
+++ b/deps/openssl/openssl/crypto/asn1/x_algor.c
@@ -128,3 +128,17 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
                }
        }
 
+/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
+
+void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
+       {
+       int param_type;
+
+       if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
+               param_type = V_ASN1_UNDEF;
+       else
+               param_type = V_ASN1_NULL;
+
+       X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
+
+       }

diff --git a/deps/openssl/openssl/crypto/asn1/x_name.c b/deps/openssl/openssl/crypto/asn1/x_name.c
index 49be08b..d7c2318 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/x_name.c
+++ b/deps/openssl/openssl/crypto/asn1/x_name.c
@@ -399,8 +399,7 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
        /* If type not in bitmask just copy string across */
        if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON))
                {
-               out->type = in->type;
-               if (!ASN1_STRING_set(out, in->data, in->length))
+               if (!ASN1_STRING_copy(out, in))
                        return 0;
                return 1;
                }

diff --git a/deps/openssl/openssl/crypto/asn1/x_pubkey.c b/deps/openssl/openssl/crypto/asn1/x_pubkey.c
index d42b6a2..b649e1f 100644 (file)
--- a/deps/openssl/openssl/crypto/asn1/x_pubkey.c
+++ b/deps/openssl/openssl/crypto/asn1/x_pubkey.c
@@ -171,7 +171,19 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
                goto error;
                }
 
-       key->pkey = ret;
+       /* Check to see if another thread set key->pkey first */
+       CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+       if (key->pkey)
+               {
+               CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+               EVP_PKEY_free(ret);
+               ret = key->pkey;
+               }
+       else
+               {
+               key->pkey = ret;
+               CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+               }
        CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
 
        return ret;

diff --git a/deps/openssl/openssl/crypto/bf/Makefile b/deps/openssl/openssl/crypto/bf/Makefile
index dd2c2c7..d01bfaa 100644 (file)
--- a/deps/openssl/openssl/crypto/bf/Makefile
+++ b/deps/openssl/openssl/crypto/bf/Makefile
@@ -94,5 +94,8 @@ bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
 bf_enc.o: ../../include/openssl/opensslconf.h bf_enc.c bf_locl.h
 bf_ofb64.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
 bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h bf_ofb64.c
-bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/e_os2.h
-bf_skey.o: ../../include/openssl/opensslconf.h bf_locl.h bf_pi.h bf_skey.c
+bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/crypto.h
+bf_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+bf_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bf_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bf_skey.o: ../../include/openssl/symhacks.h bf_locl.h bf_pi.h bf_skey.c

diff --git a/deps/openssl/openssl/crypto/bf/bf_skey.c b/deps/openssl/openssl/crypto/bf/bf_skey.c
index 3673cde..3b0bca4 100644 (file)
--- a/deps/openssl/openssl/crypto/bf/bf_skey.c
+++ b/deps/openssl/openssl/crypto/bf/bf_skey.c
@@ -58,11 +58,19 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <openssl/crypto.h>
 #include <openssl/blowfish.h>
 #include "bf_locl.h"
 #include "bf_pi.h"
 
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
+#ifdef OPENSSL_FIPS
+       {
+       fips_cipher_abort(BLOWFISH);
+       private_BF_set_key(key, len, data);
+       }
+void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data)
+#endif
        {
        int i;
        BF_LONG *p,ri,in[2];

diff --git a/deps/openssl/openssl/crypto/bf/blowfish.h b/deps/openssl/openssl/crypto/bf/blowfish.h
index b97e76f..4b6c892 100644 (file)
--- a/deps/openssl/openssl/crypto/bf/blowfish.h
+++ b/deps/openssl/openssl/crypto/bf/blowfish.h
@@ -104,7 +104,9 @@ typedef struct bf_key_st
        BF_LONG S[4*256];
        } BF_KEY;
 
- 
+#ifdef OPENSSL_FIPS 
+void private_BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+#endif
 void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
 
 void BF_encrypt(BF_LONG *data,const BF_KEY *key);

diff --git a/deps/openssl/openssl/crypto/bio/bio.h b/deps/openssl/openssl/crypto/bio/bio.h
index ab47abc..05699ab 100644 (file)
--- a/deps/openssl/openssl/crypto/bio/bio.h
+++ b/deps/openssl/openssl/crypto/bio/bio.h
@@ -68,6 +68,14 @@
 
 #include <openssl/crypto.h>
 
+#ifndef OPENSSL_NO_SCTP
+# ifndef OPENSSL_SYS_VMS
+# include <stdint.h>
+# else
+# include <inttypes.h>
+# endif
+#endif
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -95,6 +103,9 @@ extern "C" {
 #define BIO_TYPE_BIO           (19|0x0400)             /* (half a) BIO pair */
 #define BIO_TYPE_LINEBUFFER    (20|0x0200)             /* filter */
 #define BIO_TYPE_DGRAM         (21|0x0400|0x0100)
+#ifndef OPENSSL_NO_SCTP
+#define BIO_TYPE_DGRAM_SCTP    (24|0x0400|0x0100)
+#endif
 #define BIO_TYPE_ASN1          (22|0x0200)             /* filter */
 #define BIO_TYPE_COMP          (23|0x0200)             /* filter */
 
@@ -146,6 +157,7 @@ extern "C" {
 /* #endif */
 
 #define BIO_CTRL_DGRAM_QUERY_MTU          40 /* as kernel for current MTU */
+#define BIO_CTRL_DGRAM_GET_FALLBACK_MTU   47
 #define BIO_CTRL_DGRAM_GET_MTU            41 /* get cached value for MTU */
 #define BIO_CTRL_DGRAM_SET_MTU            42 /* set cached value for
                                              * MTU. want to use this
@@ -161,7 +173,22 @@ extern "C" {
 #define BIO_CTRL_DGRAM_SET_PEER           44 /* Destination for the data */
 
 #define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45 /* Next DTLS handshake timeout to
-                                                                                         * adjust socket timeouts */
+                                              * adjust socket timeouts */
+
+#ifndef OPENSSL_NO_SCTP
+/* SCTP stuff */
+#define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE   50
+#define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY               51
+#define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY              52
+#define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD              53
+#define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO                60
+#define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO                61
+#define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO                62
+#define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO                63
+#define BIO_CTRL_DGRAM_SCTP_GET_PRINFO                 64
+#define BIO_CTRL_DGRAM_SCTP_SET_PRINFO                 65
+#define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN              70
+#endif
 
 /* modifiers */
 #define BIO_FP_READ            0x02
@@ -331,6 +358,34 @@ typedef struct bio_f_buffer_ctx_struct
 /* Prefix and suffix callback in ASN1 BIO */
 typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg);
 
+#ifndef OPENSSL_NO_SCTP
+/* SCTP parameter structs */
+struct bio_dgram_sctp_sndinfo
+       {
+       uint16_t snd_sid;
+       uint16_t snd_flags;
+       uint32_t snd_ppid;
+       uint32_t snd_context;
+       };
+
+struct bio_dgram_sctp_rcvinfo
+       {
+       uint16_t rcv_sid;
+       uint16_t rcv_ssn;
+       uint16_t rcv_flags;
+       uint32_t rcv_ppid;
+       uint32_t rcv_tsn;
+       uint32_t rcv_cumtsn;
+       uint32_t rcv_context;
+       };
+
+struct bio_dgram_sctp_prinfo
+       {
+       uint16_t pr_policy;
+       uint32_t pr_value;
+       };
+#endif
+
 /* connect BIO stuff */
 #define BIO_CONN_S_BEFORE              1
 #define BIO_CONN_S_GET_IP              2
@@ -628,6 +683,9 @@ BIO_METHOD *BIO_f_linebuffer(void);
 BIO_METHOD *BIO_f_nbio_test(void);
 #ifndef OPENSSL_NO_DGRAM
 BIO_METHOD *BIO_s_datagram(void);
+#ifndef OPENSSL_NO_SCTP
+BIO_METHOD *BIO_s_datagram_sctp(void);
+#endif
 #endif
 
 /* BIO_METHOD *BIO_f_ber(void); */
@@ -670,6 +728,15 @@ int BIO_set_tcp_ndelay(int sock,int turn_on);
 
 BIO *BIO_new_socket(int sock, int close_flag);
 BIO *BIO_new_dgram(int fd, int close_flag);
+#ifndef OPENSSL_NO_SCTP
+BIO *BIO_new_dgram_sctp(int fd, int close_flag);
+int BIO_dgram_is_sctp(BIO *bio);
+int BIO_dgram_sctp_notification_cb(BIO *b,
+                                   void (*handle_notifications)(BIO *bio, void *context, void *buf),
+                                   void *context);
+int BIO_dgram_sctp_wait_for_dry(BIO *b);
+int BIO_dgram_sctp_msg_waiting(BIO *b);
+#endif
 BIO *BIO_new_fd(int fd, int close_flag);
 BIO *BIO_new_connect(char *host_port);
 BIO *BIO_new_accept(char *host_port);
@@ -734,6 +801,7 @@ void ERR_load_BIO_strings(void);
 #define BIO_F_BUFFER_CTRL                               114
 #define BIO_F_CONN_CTRL                                         127
 #define BIO_F_CONN_STATE                                115
+#define BIO_F_DGRAM_SCTP_READ                           132
 #define BIO_F_FILE_CTRL                                         116
 #define BIO_F_FILE_READ                                         130
 #define BIO_F_LINEBUFFER_CTRL                           129

diff --git a/deps/openssl/openssl/crypto/bio/bio_err.c b/deps/openssl/openssl/crypto/bio/bio_err.c
index a224edd..0dbfbd8 100644 (file)
--- a/deps/openssl/openssl/crypto/bio/bio_err.c
+++ b/deps/openssl/openssl/crypto/bio/bio_err.c
@@ -1,6 +1,6 @@
 /* crypto/bio/bio_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -95,6 +95,7 @@ static ERR_STRING_DATA BIO_str_functs[]=
 {ERR_FUNC(BIO_F_BUFFER_CTRL),  "BUFFER_CTRL"},
 {ERR_FUNC(BIO_F_CONN_CTRL),    "CONN_CTRL"},
 {ERR_FUNC(BIO_F_CONN_STATE),   "CONN_STATE"},
+{ERR_FUNC(BIO_F_DGRAM_SCTP_READ),      "DGRAM_SCTP_READ"},
 {ERR_FUNC(BIO_F_FILE_CTRL),    "FILE_CTRL"},
 {ERR_FUNC(BIO_F_FILE_READ),    "FILE_READ"},
 {ERR_FUNC(BIO_F_LINEBUFFER_CTRL),      "LINEBUFFER_CTRL"},

diff --git a/deps/openssl/openssl/crypto/bio/bio_lib.c b/deps/openssl/openssl/crypto/bio/bio_lib.c
index e12bc3a..9c9646a 100644 (file)
--- a/deps/openssl/openssl/crypto/bio/bio_lib.c
+++ b/deps/openssl/openssl/crypto/bio/bio_lib.c
@@ -521,40 +521,40 @@ void BIO_free_all(BIO *bio)
 
 BIO *BIO_dup_chain(BIO *in)
        {
-       BIO *ret=NULL,*eoc=NULL,*bio,*new;
+       BIO *ret=NULL,*eoc=NULL,*bio,*new_bio;
 
        for (bio=in; bio != NULL; bio=bio->next_bio)
                {
-               if ((new=BIO_new(bio->method)) == NULL) goto err;
-               new->callback=bio->callback;
-               new->cb_arg=bio->cb_arg;
-               new->init=bio->init;
-               new->shutdown=bio->shutdown;
-               new->flags=bio->flags;
+               if ((new_bio=BIO_new(bio->method)) == NULL) goto err;
+               new_bio->callback=bio->callback;
+               new_bio->cb_arg=bio->cb_arg;
+               new_bio->init=bio->init;
+               new_bio->shutdown=bio->shutdown;
+               new_bio->flags=bio->flags;
 
                /* This will let SSL_s_sock() work with stdin/stdout */
-               new->num=bio->num;
+               new_bio->num=bio->num;
 
-               if (!BIO_dup_state(bio,(char *)new))
+               if (!BIO_dup_state(bio,(char *)new_bio))
                        {
-                       BIO_free(new);
+                       BIO_free(new_bio);
                        goto err;
                        }
 
                /* copy app data */
-               if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data,
+               if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
                                        &bio->ex_data))
                        goto err;
 
                if (ret == NULL)
                        {
-                       eoc=new;
+                       eoc=new_bio;
                        ret=eoc;
                        }
                else
                        {
-                       BIO_push(eoc,new);
-                       eoc=new;
+                       BIO_push(eoc,new_bio);
+                       eoc=new_bio;
                        }
                }
        return(ret);

diff --git a/deps/openssl/openssl/crypto/bio/bss_bio.c b/deps/openssl/openssl/crypto/bio/bss_bio.c
index 76bd48e..52ef0eb 100644 (file)
--- a/deps/openssl/openssl/crypto/bio/bss_bio.c
+++ b/deps/openssl/openssl/crypto/bio/bss_bio.c
@@ -277,10 +277,10 @@ static int bio_read(BIO *bio, char *buf, int size_)
  */
 /* WARNING: The non-copying interface is largely untested as of yet
  * and may contain bugs. */
-static ssize_t bio_nread0(BIO *bio, char **buf)
+static ossl_ssize_t bio_nread0(BIO *bio, char **buf)
        {
        struct bio_bio_st *b, *peer_b;
-       ssize_t num;
+       ossl_ssize_t num;
        
        BIO_clear_retry_flags(bio);
 
@@ -315,15 +315,15 @@ static ssize_t bio_nread0(BIO *bio, char **buf)
        return num;
        }
 
-static ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
+static ossl_ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
        {
        struct bio_bio_st *b, *peer_b;
-       ssize_t num, available;
+       ossl_ssize_t num, available;
 
        if (num_ > SSIZE_MAX)
                num = SSIZE_MAX;
        else
-               num = (ssize_t)num_;
+               num = (ossl_ssize_t)num_;
 
        available = bio_nread0(bio, buf);
        if (num > available)
@@ -428,7 +428,7 @@ static int bio_write(BIO *bio, const char *buf, int num_)
  * (example usage:  bio_nwrite0(), write to buffer, bio_nwrite()
  *  or just         bio_nwrite(), write to buffer)
  */
-static ssize_t bio_nwrite0(BIO *bio, char **buf)
+static ossl_ssize_t bio_nwrite0(BIO *bio, char **buf)
        {
        struct bio_bio_st *b;
        size_t num;
@@ -476,15 +476,15 @@ static ssize_t bio_nwrite0(BIO *bio, char **buf)
        return num;
        }
 
-static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
+static ossl_ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
        {
        struct bio_bio_st *b;
-       ssize_t num, space;
+       ossl_ssize_t num, space;
 
        if (num_ > SSIZE_MAX)
                num = SSIZE_MAX;
        else
-               num = (ssize_t)num_;
+               num = (ossl_ssize_t)num_;
 
        space = bio_nwrite0(bio, buf);
        if (num > space)

diff --git a/deps/openssl/openssl/crypto/bio/bss_dgram.c b/deps/openssl/openssl/crypto/bio/bss_dgram.c
index 71ebe98..8990909 100644 (file)
--- a/deps/openssl/openssl/crypto/bio/bss_dgram.c
+++ b/deps/openssl/openssl/crypto/bio/bss_dgram.c
@@ -70,10 +70,27 @@
 #include <sys/timeb.h>
 #endif
 
-#ifdef OPENSSL_SYS_LINUX
+#ifndef OPENSSL_NO_SCTP
+#include <netinet/sctp.h>
+#include <fcntl.h>
+#define OPENSSL_SCTP_DATA_CHUNK_TYPE            0x00
+#define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
+#endif
+
+#if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
 #define IP_MTU      14 /* linux is lame */
 #endif
 
+#if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
+/* Standard definition causes type-punning problems. */
+#undef IN6_IS_ADDR_V4MAPPED
+#define s6_addr32 __u6_addr.__u6_addr32
+#define IN6_IS_ADDR_V4MAPPED(a)               \
+        (((a)->s6_addr32[0] == 0) &&          \
+         ((a)->s6_addr32[1] == 0) &&          \
+         ((a)->s6_addr32[2] == htonl(0x0000ffff)))
+#endif
+
 #ifdef WATT32
 #define sock_write SockWrite  /* Watt-32 uses same names */
 #define sock_read  SockRead
@@ -88,6 +105,18 @@ static int dgram_new(BIO *h);
 static int dgram_free(BIO *data);
 static int dgram_clear(BIO *bio);
 
+#ifndef OPENSSL_NO_SCTP
+static int dgram_sctp_write(BIO *h, const char *buf, int num);
+static int dgram_sctp_read(BIO *h, char *buf, int size);
+static int dgram_sctp_puts(BIO *h, const char *str);
+static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int dgram_sctp_new(BIO *h);
+static int dgram_sctp_free(BIO *data);
+#ifdef SCTP_AUTHENTICATION_EVENT
+static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp);
+#endif
+#endif
+
 static int BIO_dgram_should_retry(int s);
 
 static void get_current_time(struct timeval *t);
@@ -106,6 +135,22 @@ static BIO_METHOD methods_dgramp=
        NULL,
        };
 
+#ifndef OPENSSL_NO_SCTP
+static BIO_METHOD methods_dgramp_sctp=
+       {
+       BIO_TYPE_DGRAM_SCTP,
+       "datagram sctp socket",
+       dgram_sctp_write,
+       dgram_sctp_read,
+       dgram_sctp_puts,
+       NULL, /* dgram_gets, */
+       dgram_sctp_ctrl,
+       dgram_sctp_new,
+       dgram_sctp_free,
+       NULL,
+       };
+#endif
+
 typedef struct bio_dgram_data_st
        {
        union {
@@ -122,6 +167,40 @@ typedef struct bio_dgram_data_st
        struct timeval socket_timeout;
        } bio_dgram_data;
 
+#ifndef OPENSSL_NO_SCTP
+typedef struct bio_dgram_sctp_save_message_st
+       {
+        BIO *bio;
+        char *data;
+        int length;
+       } bio_dgram_sctp_save_message;
+
+typedef struct bio_dgram_sctp_data_st
+       {
+       union {
+               struct sockaddr sa;
+               struct sockaddr_in sa_in;
+#if OPENSSL_USE_IPV6
+               struct sockaddr_in6 sa_in6;
+#endif
+       } peer;
+       unsigned int connected;
+       unsigned int _errno;
+       unsigned int mtu;
+       struct bio_dgram_sctp_sndinfo sndinfo;
+       struct bio_dgram_sctp_rcvinfo rcvinfo;
+       struct bio_dgram_sctp_prinfo prinfo;
+       void (*handle_notifications)(BIO *bio, void *context, void *buf);
+       void* notification_context;
+       int in_handshake;
+       int ccs_rcvd;
+       int ccs_sent;
+       int save_shutdown;
+       int peer_auth_tested;
+       bio_dgram_sctp_save_message saved_message;
+       } bio_dgram_sctp_data;
+#endif
+
 BIO_METHOD *BIO_s_datagram(void)
        {
        return(&methods_dgramp);
@@ -186,7 +265,7 @@ static void dgram_adjust_rcv_timeout(BIO *b)
        {
 #if defined(SO_RCVTIMEO)
        bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-       int sz = sizeof(int);
+       union { size_t s; int i; } sz = {0};
 
        /* Is a timer active? */
        if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
@@ -196,8 +275,10 @@ static void dgram_adjust_rcv_timeout(BIO *b)
                /* Read current socket timeout */
 #ifdef OPENSSL_SYS_WINDOWS
                int timeout;
+
+               sz.i = sizeof(timeout);
                if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                                          (void*)&timeout, &sz) < 0)
+                                          (void*)&timeout, &sz.i) < 0)
                        { perror("getsockopt"); }
                else
                        {
@@ -205,9 +286,12 @@ static void dgram_adjust_rcv_timeout(BIO *b)
                        data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
                        }
 #else
+               sz.i = sizeof(data->socket_timeout);
                if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
                                                &(data->socket_timeout), (void *)&sz) < 0)
                        { perror("getsockopt"); }
+               else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
+                       OPENSSL_assert(sz.s<=sizeof(data->socket_timeout));
 #endif
 
                /* Get current time */
@@ -376,11 +460,10 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
        int *ip;
        struct sockaddr *to = NULL;
        bio_dgram_data *data = NULL;
-#if defined(IP_MTU_DISCOVER) || defined(IP_MTU)
-       long sockopt_val = 0;
-       unsigned int sockopt_len = 0;
-#endif
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
+       int sockopt_val = 0;
+       socklen_t sockopt_len;  /* assume that system supporting IP_MTU is
+                                * modern enough to define socklen_t */
        socklen_t addr_len;
        union   {
                struct sockaddr sa;
@@ -462,7 +545,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                break;
                /* (Linux)kernel sets DF bit on outgoing IP packets */
        case BIO_CTRL_DGRAM_MTU_DISCOVER:
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
                addr_len = (socklen_t)sizeof(addr);
                memset((void *)&addr, 0, sizeof(addr));
                if (getsockname(b->num, &addr.sa, &addr_len) < 0)
@@ -470,7 +553,6 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                        ret = 0;
                        break;
                        }
-               sockopt_len = sizeof(sockopt_val);
                switch (addr.sa.sa_family)
                        {
                case AF_INET:
@@ -479,7 +561,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                                &sockopt_val, sizeof(sockopt_val))) < 0)
                                perror("setsockopt");
                        break;
-#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER)
+#if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
                case AF_INET6:
                        sockopt_val = IPV6_PMTUDISC_DO;
                        if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
@@ -496,7 +578,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                break;
 #endif
        case BIO_CTRL_DGRAM_QUERY_MTU:
-#ifdef OPENSSL_SYS_LINUX
+#if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
                addr_len = (socklen_t)sizeof(addr);
                memset((void *)&addr, 0, sizeof(addr));
                if (getsockname(b->num, &addr.sa, &addr_len) < 0)
@@ -547,6 +629,27 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                ret = 0;
 #endif
                break;
+       case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+               switch (data->peer.sa.sa_family)
+                       {
+                       case AF_INET:
+                               ret = 576 - 20 - 8;
+                               break;
+#if OPENSSL_USE_IPV6
+                       case AF_INET6:
+#ifdef IN6_IS_ADDR_V4MAPPED
+                               if (IN6_IS_ADDR_V4MAPPED(&data->peer.sa_in6.sin6_addr))
+                                       ret = 576 - 20 - 8;
+                               else
+#endif
+                                       ret = 1280 - 40 - 8;
+                               break;
+#endif
+                       default:
+                               ret = 576 - 20 - 8;
+                               break;
+                       }
+               break;
        case BIO_CTRL_DGRAM_GET_MTU:
                return data->mtu;
                break;
@@ -637,12 +740,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
                break;
        case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
                {
-               int timeout, sz = sizeof(timeout);
+               union { size_t s; int i; } sz = {0};
+#ifdef OPENSSL_SYS_WINDOWS
+               int timeout;
                struct timeval *tv = (struct timeval *)ptr;
+
+               sz.i = sizeof(timeout);
                if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-                       (void*)&timeout, &sz) < 0)
+                       (void*)&timeout, &sz.i) < 0)
                        { perror("getsockopt"); ret = -1; }
                else
                        {
@@ -650,12 +756,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                        tv->tv_usec = (timeout % 1000) * 1000;
                        ret = sizeof(*tv);
                        }
-               }
 #else
+               sz.i = sizeof(struct timeval);
                if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
-                       ptr, (void *)&ret) < 0)
+                       ptr, (void *)&sz) < 0)
                        { perror("getsockopt"); ret = -1; }
+               else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
+                       {
+                       OPENSSL_assert(sz.s<=sizeof(struct timeval));
+                       ret = (int)sz.s;
+                       }
+               else
+                       ret = sz.i;
 #endif
+               }
                break;
 #endif
 #if defined(SO_SNDTIMEO)
@@ -675,12 +789,15 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 #endif
                break;
        case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
                {
-               int timeout, sz = sizeof(timeout);
+               union { size_t s; int i; } sz = {0};
+#ifdef OPENSSL_SYS_WINDOWS
+               int timeout;
                struct timeval *tv = (struct timeval *)ptr;
+
+               sz.i = sizeof(timeout);
                if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
-                       (void*)&timeout, &sz) < 0)
+                       (void*)&timeout, &sz.i) < 0)
                        { perror("getsockopt"); ret = -1; }
                else
                        {
@@ -688,12 +805,20 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                        tv->tv_usec = (timeout % 1000) * 1000;
                        ret = sizeof(*tv);
                        }
-               }
 #else
+               sz.i = sizeof(struct timeval);
                if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, 
-                       ptr, (void *)&ret) < 0)
+                       ptr, (void *)&sz) < 0)
                        { perror("getsockopt"); ret = -1; }
+               else if (sizeof(sz.s)!=sizeof(sz.i) && sz.i==0)
+                       {
+                       OPENSSL_assert(sz.s<=sizeof(struct timeval));
+                       ret = (int)sz.s;
+                       }
+               else
+                       ret = sz.i;
 #endif
+               }
                break;
 #endif
        case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
@@ -738,6 +863,910 @@ static int dgram_puts(BIO *bp, const char *str)
        return(ret);
        }
 
+#ifndef OPENSSL_NO_SCTP
+BIO_METHOD *BIO_s_datagram_sctp(void)
+       {
+       return(&methods_dgramp_sctp);
+       }
+
+BIO *BIO_new_dgram_sctp(int fd, int close_flag)
+       {
+       BIO *bio;
+       int ret, optval = 20000;
+       int auth_data = 0, auth_forward = 0;
+       unsigned char *p;
+       struct sctp_authchunk auth;
+       struct sctp_authchunks *authchunks;
+       socklen_t sockopt_len;
+#ifdef SCTP_AUTHENTICATION_EVENT
+#ifdef SCTP_EVENT
+       struct sctp_event event;
+#else
+       struct sctp_event_subscribe event;
+#endif
+#endif
+
+       bio=BIO_new(BIO_s_datagram_sctp());
+       if (bio == NULL) return(NULL);
+       BIO_set_fd(bio,fd,close_flag);
+
+       /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
+       auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
+       ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk));
+       OPENSSL_assert(ret >= 0);
+       auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
+       ret = setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth, sizeof(struct sctp_authchunk));
+       OPENSSL_assert(ret >= 0);
+
+       /* Test if activation was successful. When using accept(),
+        * SCTP-AUTH has to be activated for the listening socket
+        * already, otherwise the connected socket won't use it. */
+       sockopt_len = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
+       authchunks = OPENSSL_malloc(sockopt_len);
+       memset(authchunks, 0, sizeof(sockopt_len));
+       ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks, &sockopt_len);
+       OPENSSL_assert(ret >= 0);
+       
+       for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
+            p < (unsigned char*) authchunks + sockopt_len;
+            p += sizeof(uint8_t))
+               {
+               if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) auth_data = 1;
+               if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) auth_forward = 1;
+               }
+               
+       OPENSSL_free(authchunks);
+
+       OPENSSL_assert(auth_data);
+       OPENSSL_assert(auth_forward);
+
+#ifdef SCTP_AUTHENTICATION_EVENT
+#ifdef SCTP_EVENT
+       memset(&event, 0, sizeof(struct sctp_event));
+       event.se_assoc_id = 0;
+       event.se_type = SCTP_AUTHENTICATION_EVENT;
+       event.se_on = 1;
+       ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event));
+       OPENSSL_assert(ret >= 0);
+#else
+       sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
+       ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
+       OPENSSL_assert(ret >= 0);
+
+       event.sctp_authentication_event = 1;
+
+       ret = setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe));
+       OPENSSL_assert(ret >= 0);
+#endif
+#endif
+
+       /* Disable partial delivery by setting the min size
+        * larger than the max record size of 2^14 + 2048 + 13
+        */
+       ret = setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval, sizeof(optval));
+       OPENSSL_assert(ret >= 0);
+
+       return(bio);
+       }
+
+int BIO_dgram_is_sctp(BIO *bio)
+       {
+       return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
+       }
+
+static int dgram_sctp_new(BIO *bi)
+       {
+       bio_dgram_sctp_data *data = NULL;
+
+       bi->init=0;
+       bi->num=0;
+       data = OPENSSL_malloc(sizeof(bio_dgram_sctp_data));
+       if (data == NULL)
+               return 0;
+       memset(data, 0x00, sizeof(bio_dgram_sctp_data));
+#ifdef SCTP_PR_SCTP_NONE
+       data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
+#endif
+    bi->ptr = data;
+
+       bi->flags=0;
+       return(1);
+       }
+
+static int dgram_sctp_free(BIO *a)
+       {
+       bio_dgram_sctp_data *data;
+
+       if (a == NULL) return(0);
+       if ( ! dgram_clear(a))
+               return 0;
+
+       data = (bio_dgram_sctp_data *)a->ptr;
+       if(data != NULL) OPENSSL_free(data);
+
+       return(1);
+       }
+
+#ifdef SCTP_AUTHENTICATION_EVENT
+void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification *snp)
+       {
+       int ret;
+       struct sctp_authkey_event* authkeyevent = &snp->sn_auth_event;
+
+       if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY)
+               {
+               struct sctp_authkeyid authkeyid;
+
+               /* delete key */
+               authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
+               ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
+                     &authkeyid, sizeof(struct sctp_authkeyid));
+               }
+       }
+#endif
+
+static int dgram_sctp_read(BIO *b, char *out, int outl)
+       {
+       int ret = 0, n = 0, i, optval;
+       socklen_t optlen;
+       bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr;
+       union sctp_notification *snp;
+       struct msghdr msg;
+       struct iovec iov;
+       struct cmsghdr *cmsg;
+       char cmsgbuf[512];
+
+       if (out != NULL)
+               {
+               clear_socket_error();
+
+               do
+                       {
+                       memset(&data->rcvinfo, 0x00, sizeof(struct bio_dgram_sctp_rcvinfo));
+                       iov.iov_base = out;
+                       iov.iov_len = outl;
+                       msg.msg_name = NULL;
+                       msg.msg_namelen = 0;
+                       msg.msg_iov = &iov;
+                       msg.msg_iovlen = 1;
+                       msg.msg_control = cmsgbuf;
+                       msg.msg_controllen = 512;
+                       msg.msg_flags = 0;
+                       n = recvmsg(b->num, &msg, 0);
+
+                       if (msg.msg_controllen > 0)
+                               {
+                               for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg))
+                                       {
+                                       if (cmsg->cmsg_level != IPPROTO_SCTP)
+                                               continue;
+#ifdef SCTP_RCVINFO
+                                       if (cmsg->cmsg_type == SCTP_RCVINFO)
+                                               {
+                                               struct sctp_rcvinfo *rcvinfo;
+
+                                               rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg);
+                                               data->rcvinfo.rcv_sid = rcvinfo->rcv_sid;
+                                               data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn;
+                                               data->rcvinfo.rcv_flags = rcvinfo->rcv_flags;
+                                               data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid;
+                                               data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn;
+                                               data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn;
+                                               data->rcvinfo.rcv_context = rcvinfo->rcv_context;
+                                               }
+#endif
+#ifdef SCTP_SNDRCV
+                                       if (cmsg->cmsg_type == SCTP_SNDRCV)
+                                               {
+                                               struct sctp_sndrcvinfo *sndrcvinfo;
+
+                                               sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
+                                               data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream;
+                                               data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn;
+                                               data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags;
+                                               data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid;
+                                               data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn;
+                                               data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn;
+                                               data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context;
+                                               }
+#endif
+                                       }
+                               }
+
+                       if (n <= 0)
+                               {
+                               if (n < 0)
+                                       ret = n;
+                               break;
+                               }
+
+                       if (msg.msg_flags & MSG_NOTIFICATION)
+                               {
+                               snp = (union sctp_notification*) out;
+                               if (snp->sn_header.sn_type == SCTP_SENDER_DRY_EVENT)
+                                       {
+#ifdef SCTP_EVENT
+                                       struct sctp_event event;
+#else
+                                       struct sctp_event_subscribe event;
+                                       socklen_t eventsize;
+#endif
+                                       /* If a message has been delayed until the socket
+                                        * is dry, it can be sent now.
+                                        */
+                                       if (data->saved_message.length > 0)
+                                               {
+                                               dgram_sctp_write(data->saved_message.bio, data->saved_message.data,
+                                                                data->saved_message.length);
+                                               OPENSSL_free(data->saved_message.data);
+                                               data->saved_message.length = 0;
+                                               }
+
+                                       /* disable sender dry event */
+#ifdef SCTP_EVENT
+                                       memset(&event, 0, sizeof(struct sctp_event));
+                                       event.se_assoc_id = 0;
+                                       event.se_type = SCTP_SENDER_DRY_EVENT;
+                                       event.se_on = 0;
+                                       i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event));
+                                       OPENSSL_assert(i >= 0);
+#else
+                                       eventsize = sizeof(struct sctp_event_subscribe);
+                                       i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
+                                       OPENSSL_assert(i >= 0);
+
+                                       event.sctp_sender_dry_event = 0;
+
+                                       i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe));
+                                       OPENSSL_assert(i >= 0);
+#endif
+                                       }
+
+#ifdef SCTP_AUTHENTICATION_EVENT
+                               if (snp->sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
+                                       dgram_sctp_handle_auth_free_key_event(b, snp);
+#endif
+
+                               if (data->handle_notifications != NULL)
+                                       data->handle_notifications(b, data->notification_context, (void*) out);
+
+                               memset(out, 0, outl);
+                               }
+                       else
+                               ret += n;
+                       }
+               while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR) && (ret < outl));
+
+               if (ret > 0 && !(msg.msg_flags & MSG_EOR))
+                       {
+                       /* Partial message read, this should never happen! */
+
+                       /* The buffer was too small, this means the peer sent
+                        * a message that was larger than allowed. */
+                       if (ret == outl)
+                               return -1;
+
+                       /* Test if socket buffer can handle max record
+                        * size (2^14 + 2048 + 13)
+                        */
+                       optlen = (socklen_t) sizeof(int);
+                       ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
+                       OPENSSL_assert(ret >= 0);
+                       OPENSSL_assert(optval >= 18445);
+
+                       /* Test if SCTP doesn't partially deliver below
+                        * max record size (2^14 + 2048 + 13)
+                        */
+                       optlen = (socklen_t) sizeof(int);
+                       ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
+                                        &optval, &optlen);
+                       OPENSSL_assert(ret >= 0);
+                       OPENSSL_assert(optval >= 18445);
+
+                       /* Partially delivered notification??? Probably a bug.... */
+                       OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
+
+                       /* Everything seems ok till now, so it's most likely
+                        * a message dropped by PR-SCTP.
+                        */
+                       memset(out, 0, outl);
+                       BIO_set_retry_read(b);
+                       return -1;
+                       }
+
+               BIO_clear_retry_flags(b);
+               if (ret < 0)
+                       {
+                       if (BIO_dgram_should_retry(ret))
+                               {
+                               BIO_set_retry_read(b);
+                               data->_errno = get_last_socket_error();
+                               }
+                       }
+
+               /* Test if peer uses SCTP-AUTH before continuing */
+               if (!data->peer_auth_tested)
+                       {
+                       int ii, auth_data = 0, auth_forward = 0;
+                       unsigned char *p;
+                       struct sctp_authchunks *authchunks;
+
+                       optlen = (socklen_t)(sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
+                       authchunks = OPENSSL_malloc(optlen);
+                       memset(authchunks, 0, sizeof(optlen));
+                       ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS, authchunks, &optlen);
+                       OPENSSL_assert(ii >= 0);
+
+                       for (p = (unsigned char*) authchunks + sizeof(sctp_assoc_t);
+                                p < (unsigned char*) authchunks + optlen;
+                                p += sizeof(uint8_t))
+                               {
+                               if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE) auth_data = 1;
+                               if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE) auth_forward = 1;
+                               }
+
+                       OPENSSL_free(authchunks);
+
+                       if (!auth_data || !auth_forward)
+                               {
+                               BIOerr(BIO_F_DGRAM_SCTP_READ,BIO_R_CONNECT_ERROR);
+                               return -1;
+                               }
+
+                       data->peer_auth_tested = 1;
+                       }
+               }
+       return(ret);
+       }
+
+static int dgram_sctp_write(BIO *b, const char *in, int inl)
+       {
+       int ret;
+       bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr;
+       struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo);
+       struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo);
+       struct bio_dgram_sctp_sndinfo handshake_sinfo;
+       struct iovec iov[1];
+       struct msghdr msg;
+       struct cmsghdr *cmsg;
+#if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
+       char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) + CMSG_SPACE(sizeof(struct sctp_prinfo))];
+       struct sctp_sndinfo *sndinfo;
+       struct sctp_prinfo *prinfo;
+#else
+       char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
+       struct sctp_sndrcvinfo *sndrcvinfo;
+#endif
+
+       clear_socket_error();
+
+       /* If we're send anything else than application data,
+        * disable all user parameters and flags.
+        */
+       if (in[0] != 23) {
+               memset(&handshake_sinfo, 0x00, sizeof(struct bio_dgram_sctp_sndinfo));
+#ifdef SCTP_SACK_IMMEDIATELY
+               handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY;
+#endif
+               sinfo = &handshake_sinfo;
+       }
+
+       /* If we have to send a shutdown alert message and the
+        * socket is not dry yet, we have to save it and send it
+        * as soon as the socket gets dry.
+        */
+       if (data->save_shutdown && !BIO_dgram_sctp_wait_for_dry(b))
+       {
+               data->saved_message.bio = b;
+               data->saved_message.length = inl;
+               data->saved_message.data = OPENSSL_malloc(inl);
+               memcpy(data->saved_message.data, in, inl);
+               return inl;
+       }
+
+       iov[0].iov_base = (char *)in;
+       iov[0].iov_len = inl;
+       msg.msg_name = NULL;
+       msg.msg_namelen = 0;
+       msg.msg_iov = iov;
+       msg.msg_iovlen = 1;
+       msg.msg_control = (caddr_t)cmsgbuf;
+       msg.msg_controllen = 0;
+       msg.msg_flags = 0;
+#if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
+       cmsg = (struct cmsghdr *)cmsgbuf;
+       cmsg->cmsg_level = IPPROTO_SCTP;
+       cmsg->cmsg_type = SCTP_SNDINFO;
+       cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo));
+       sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg);
+       memset(sndinfo, 0, sizeof(struct sctp_sndinfo));
+       sndinfo->snd_sid = sinfo->snd_sid;
+       sndinfo->snd_flags = sinfo->snd_flags;
+       sndinfo->snd_ppid = sinfo->snd_ppid;
+       sndinfo->snd_context = sinfo->snd_context;
+       msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo));
+
+       cmsg = (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))];
+       cmsg->cmsg_level = IPPROTO_SCTP;
+       cmsg->cmsg_type = SCTP_PRINFO;
+       cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo));
+       prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg);
+       memset(prinfo, 0, sizeof(struct sctp_prinfo));
+       prinfo->pr_policy = pinfo->pr_policy;
+       prinfo->pr_value = pinfo->pr_value;
+       msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo));
+#else
+       cmsg = (struct cmsghdr *)cmsgbuf;
+       cmsg->cmsg_level = IPPROTO_SCTP;
+       cmsg->cmsg_type = SCTP_SNDRCV;
+       cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
+       sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
+       memset(sndrcvinfo, 0, sizeof(struct sctp_sndrcvinfo));
+       sndrcvinfo->sinfo_stream = sinfo->snd_sid;
+       sndrcvinfo->sinfo_flags = sinfo->snd_flags;
+#ifdef __FreeBSD__
+       sndrcvinfo->sinfo_flags |= pinfo->pr_policy;
+#endif
+       sndrcvinfo->sinfo_ppid = sinfo->snd_ppid;
+       sndrcvinfo->sinfo_context = sinfo->snd_context;
+       sndrcvinfo->sinfo_timetolive = pinfo->pr_value;
+       msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
+#endif
+
+       ret = sendmsg(b->num, &msg, 0);
+
+       BIO_clear_retry_flags(b);
+       if (ret <= 0)
+               {
+               if (BIO_dgram_should_retry(ret))
+                       {
+                       BIO_set_retry_write(b);  
+                       data->_errno = get_last_socket_error();
+                       }
+               }
+       return(ret);
+       }
+
+static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
+       {
+       long ret=1;
+       bio_dgram_sctp_data *data = NULL;
+       socklen_t sockopt_len = 0;
+       struct sctp_authkeyid authkeyid;
+       struct sctp_authkey *authkey;
+
+       data = (bio_dgram_sctp_data *)b->ptr;
+
+       switch (cmd)
+               {
+       case BIO_CTRL_DGRAM_QUERY_MTU:
+               /* Set to maximum (2^14)
+                * and ignore user input to enable transport
+                * protocol fragmentation.
+                * Returns always 2^14.
+                */
+               data->mtu = 16384;
+               ret = data->mtu;
+               break;
+       case BIO_CTRL_DGRAM_SET_MTU:
+               /* Set to maximum (2^14)
+                * and ignore input to enable transport
+                * protocol fragmentation.
+                * Returns always 2^14.
+                */
+               data->mtu = 16384;
+               ret = data->mtu;
+               break;
+       case BIO_CTRL_DGRAM_SET_CONNECTED:
+       case BIO_CTRL_DGRAM_CONNECT:
+               /* Returns always -1. */
+               ret = -1;
+               break;
+       case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+               /* SCTP doesn't need the DTLS timer
+                * Returns always 1.
+                */
+               break;
+       case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
+               if (num > 0)
+                       data->in_handshake = 1;
+               else
+                       data->in_handshake = 0;
+
+               ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY, &data->in_handshake, sizeof(int));
+               break;
+       case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
+               /* New shared key for SCTP AUTH.
+                * Returns 0 on success, -1 otherwise.
+                */
+
+               /* Get active key */
+               sockopt_len = sizeof(struct sctp_authkeyid);
+               ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len);
+               if (ret < 0) break;
+
+               /* Add new key */
+               sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
+               authkey = OPENSSL_malloc(sockopt_len);
+               memset(authkey, 0x00, sockopt_len);
+               authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
+#ifndef __FreeBSD__
+               /* This field is missing in FreeBSD 8.2 and earlier,
+                * and FreeBSD 8.3 and higher work without it.
+                */
+               authkey->sca_keylength = 64;
+#endif
+               memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
+
+               ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey, sockopt_len);
+               if (ret < 0) break;
+
+               /* Reset active key */
+               ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+                     &authkeyid, sizeof(struct sctp_authkeyid));
+               if (ret < 0) break;
+
+               break;
+       case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
+               /* Returns 0 on success, -1 otherwise. */
+
+               /* Get active key */
+               sockopt_len = sizeof(struct sctp_authkeyid);
+               ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len);
+               if (ret < 0) break;
+
+               /* Set active key */
+               authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
+               ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+                     &authkeyid, sizeof(struct sctp_authkeyid));
+               if (ret < 0) break;
+
+               /* CCS has been sent, so remember that and fall through
+                * to check if we need to deactivate an old key
+                */
+               data->ccs_sent = 1;
+
+       case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
+               /* Returns 0 on success, -1 otherwise. */
+
+               /* Has this command really been called or is this just a fall-through? */
+               if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD)
+                       data->ccs_rcvd = 1;
+
+               /* CSS has been both, received and sent, so deactivate an old key */
+               if (data->ccs_rcvd == 1 && data->ccs_sent == 1)
+                       {
+                       /* Get active key */
+                       sockopt_len = sizeof(struct sctp_authkeyid);
+                       ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid, &sockopt_len);
+                       if (ret < 0) break;
+
+                       /* Deactivate key or delete second last key if
+                        * SCTP_AUTHENTICATION_EVENT is not available.
+                        */
+                       authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
+#ifdef SCTP_AUTH_DEACTIVATE_KEY
+                       sockopt_len = sizeof(struct sctp_authkeyid);
+                       ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
+                             &authkeyid, sockopt_len);
+                       if (ret < 0) break;
+#endif
+#ifndef SCTP_AUTHENTICATION_EVENT
+                       if (authkeyid.scact_keynumber > 0)
+                               {
+                               authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
+                               ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
+                                         &authkeyid, sizeof(struct sctp_authkeyid));
+                               if (ret < 0) break;
+                               }
+#endif
+
+                       data->ccs_rcvd = 0;
+                       data->ccs_sent = 0;
+                       }
+               break;
+       case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO:
+               /* Returns the size of the copied struct. */
+               if (num > (long) sizeof(struct bio_dgram_sctp_sndinfo))
+                       num = sizeof(struct bio_dgram_sctp_sndinfo);
+
+               memcpy(ptr, &(data->sndinfo), num);
+               ret = num;
+               break;
+       case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO:
+               /* Returns the size of the copied struct. */
+               if (num > (long) sizeof(struct bio_dgram_sctp_sndinfo))
+                       num = sizeof(struct bio_dgram_sctp_sndinfo);
+
+               memcpy(&(data->sndinfo), ptr, num);
+               break;
+       case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO:
+               /* Returns the size of the copied struct. */
+               if (num > (long) sizeof(struct bio_dgram_sctp_rcvinfo))
+                       num = sizeof(struct bio_dgram_sctp_rcvinfo);
+
+               memcpy(ptr, &data->rcvinfo, num);
+
+               ret = num;
+               break;
+       case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO:
+               /* Returns the size of the copied struct. */
+               if (num > (long) sizeof(struct bio_dgram_sctp_rcvinfo))
+                       num = sizeof(struct bio_dgram_sctp_rcvinfo);
+
+               memcpy(&(data->rcvinfo), ptr, num);
+               break;
+       case BIO_CTRL_DGRAM_SCTP_GET_PRINFO:
+               /* Returns the size of the copied struct. */
+               if (num > (long) sizeof(struct bio_dgram_sctp_prinfo))
+                       num = sizeof(struct bio_dgram_sctp_prinfo);
+
+               memcpy(ptr, &(data->prinfo), num);
+               ret = num;
+               break;
+       case BIO_CTRL_DGRAM_SCTP_SET_PRINFO:
+               /* Returns the size of the copied struct. */
+               if (num > (long) sizeof(struct bio_dgram_sctp_prinfo))
+                       num = sizeof(struct bio_dgram_sctp_prinfo);
+
+               memcpy(&(data->prinfo), ptr, num);
+               break;
+       case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN:
+               /* Returns always 1. */
+               if (num > 0)
+                       data->save_shutdown = 1;
+               else
+                       data->save_shutdown = 0;
+               break;
+
+       default:
+               /* Pass to default ctrl function to
+                * process SCTP unspecific commands
+                */
+               ret=dgram_ctrl(b, cmd, num, ptr);
+               break;
+               }
+       return(ret);
+       }
+
+int BIO_dgram_sctp_notification_cb(BIO *b,
+                                   void (*handle_notifications)(BIO *bio, void *context, void *buf),
+                                   void *context)
+       {
+       bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+
+       if (handle_notifications != NULL)
+               {
+               data->handle_notifications = handle_notifications;
+               data->notification_context = context;
+               }
+       else
+               return -1;
+
+       return 0;
+       }
+
+int BIO_dgram_sctp_wait_for_dry(BIO *b)
+{
+       int is_dry = 0;
+       int n, sockflags, ret;
+       union sctp_notification snp;
+       struct msghdr msg;
+       struct iovec iov;
+#ifdef SCTP_EVENT
+       struct sctp_event event;
+#else
+       struct sctp_event_subscribe event;
+       socklen_t eventsize;
+#endif
+       bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr;
+
+       /* set sender dry event */
+#ifdef SCTP_EVENT
+       memset(&event, 0, sizeof(struct sctp_event));
+       event.se_assoc_id = 0;
+       event.se_type = SCTP_SENDER_DRY_EVENT;
+       event.se_on = 1;
+       ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event));
+#else
+       eventsize = sizeof(struct sctp_event_subscribe);
+       ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
+       if (ret < 0)
+               return -1;
+       
+       event.sctp_sender_dry_event = 1;
+       
+       ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe));
+#endif
+       if (ret < 0)
+               return -1;
+
+       /* peek for notification */
+       memset(&snp, 0x00, sizeof(union sctp_notification));
+       iov.iov_base = (char *)&snp;
+       iov.iov_len = sizeof(union sctp_notification);
+       msg.msg_name = NULL;
+       msg.msg_namelen = 0;
+       msg.msg_iov = &iov;
+       msg.msg_iovlen = 1;
+       msg.msg_control = NULL;
+       msg.msg_controllen = 0;
+       msg.msg_flags = 0;
+
+       n = recvmsg(b->num, &msg, MSG_PEEK);
+       if (n <= 0)
+               {
+               if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK))
+                       return -1;
+               else
+                       return 0;
+               }
+
+       /* if we find a notification, process it and try again if necessary */
+       while (msg.msg_flags & MSG_NOTIFICATION)
+               {
+               memset(&snp, 0x00, sizeof(union sctp_notification));
+               iov.iov_base = (char *)&snp;
+               iov.iov_len = sizeof(union sctp_notification);
+               msg.msg_name = NULL;
+               msg.msg_namelen = 0;
+               msg.msg_iov = &iov;
+               msg.msg_iovlen = 1;
+               msg.msg_control = NULL;
+               msg.msg_controllen = 0;
+               msg.msg_flags = 0;
+
+               n = recvmsg(b->num, &msg, 0);
+               if (n <= 0)
+                       {
+                       if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK))
+                               return -1;
+                       else
+                               return is_dry;
+                       }
+               
+               if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT)
+                       {
+                       is_dry = 1;
+
+                       /* disable sender dry event */
+#ifdef SCTP_EVENT
+                       memset(&event, 0, sizeof(struct sctp_event));
+                       event.se_assoc_id = 0;
+                       event.se_type = SCTP_SENDER_DRY_EVENT;
+                       event.se_on = 0;
+                       ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event, sizeof(struct sctp_event));
+#else
+                       eventsize = (socklen_t) sizeof(struct sctp_event_subscribe);
+                       ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
+                       if (ret < 0)
+                               return -1;
+
+                       event.sctp_sender_dry_event = 0;
+
+                       ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, sizeof(struct sctp_event_subscribe));
+#endif
+                       if (ret < 0)
+                               return -1;
+                       }
+
+#ifdef SCTP_AUTHENTICATION_EVENT
+               if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
+                       dgram_sctp_handle_auth_free_key_event(b, &snp);
+#endif
+
+               if (data->handle_notifications != NULL)
+                       data->handle_notifications(b, data->notification_context, (void*) &snp);
+
+               /* found notification, peek again */
+               memset(&snp, 0x00, sizeof(union sctp_notification));
+               iov.iov_base = (char *)&snp;
+               iov.iov_len = sizeof(union sctp_notification);
+               msg.msg_name = NULL;
+               msg.msg_namelen = 0;
+               msg.msg_iov = &iov;
+               msg.msg_iovlen = 1;
+               msg.msg_control = NULL;
+               msg.msg_controllen = 0;
+               msg.msg_flags = 0;
+
+               /* if we have seen the dry already, don't wait */
+               if (is_dry)
+                       {
+                       sockflags = fcntl(b->num, F_GETFL, 0);
+                       fcntl(b->num, F_SETFL, O_NONBLOCK);
+                       }
+
+               n = recvmsg(b->num, &msg, MSG_PEEK);
+
+               if (is_dry)
+                       {
+                       fcntl(b->num, F_SETFL, sockflags);
+                       }
+
+               if (n <= 0)
+                       {
+                       if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK))
+                               return -1;
+                       else
+                               return is_dry;
+                       }
+               }
+
+       /* read anything else */
+       return is_dry;
+}
+
+int BIO_dgram_sctp_msg_waiting(BIO *b)
+       {
+       int n, sockflags;
+       union sctp_notification snp;
+       struct msghdr msg;
+       struct iovec iov;
+       bio_dgram_sctp_data *data = (bio_dgram_sctp_data *)b->ptr;
+
+       /* Check if there are any messages waiting to be read */
+       do
+               {
+               memset(&snp, 0x00, sizeof(union sctp_notification));
+               iov.iov_base = (char *)&snp;
+               iov.iov_len = sizeof(union sctp_notification);
+               msg.msg_name = NULL;
+               msg.msg_namelen = 0;
+               msg.msg_iov = &iov;
+               msg.msg_iovlen = 1;
+               msg.msg_control = NULL;
+               msg.msg_controllen = 0;
+               msg.msg_flags = 0;
+
+               sockflags = fcntl(b->num, F_GETFL, 0);
+               fcntl(b->num, F_SETFL, O_NONBLOCK);
+               n = recvmsg(b->num, &msg, MSG_PEEK);
+               fcntl(b->num, F_SETFL, sockflags);
+
+               /* if notification, process and try again */
+               if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION))
+                       {
+#ifdef SCTP_AUTHENTICATION_EVENT
+                       if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
+                               dgram_sctp_handle_auth_free_key_event(b, &snp);
+#endif
+
+                       memset(&snp, 0x00, sizeof(union sctp_notification));
+                       iov.iov_base = (char *)&snp;
+                       iov.iov_len = sizeof(union sctp_notification);
+                       msg.msg_name = NULL;
+                       msg.msg_namelen = 0;
+                       msg.msg_iov = &iov;
+                       msg.msg_iovlen = 1;
+                       msg.msg_control = NULL;
+                       msg.msg_controllen = 0;
+                       msg.msg_flags = 0;
+                       n = recvmsg(b->num, &msg, 0);
+
+                       if (data->handle_notifications != NULL)
+                               data->handle_notifications(b, data->notification_context, (void*) &snp);
+                       }
+
+               } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION));
+
+       /* Return 1 if there is a message to be read, return 0 otherwise. */
+       if (n > 0)
+               return 1;
+       else
+               return 0;
+       }
+
+static int dgram_sctp_puts(BIO *bp, const char *str)
+       {
+       int n,ret;
+
+       n=strlen(str);
+       ret=dgram_sctp_write(bp,str,n);
+       return(ret);
+       }
+#endif
+
 static int BIO_dgram_should_retry(int i)
        {
        int err;

diff --git a/deps/openssl/openssl/crypto/bn/Makefile b/deps/openssl/openssl/crypto/bn/Makefile
index aabc4f5..6727734 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/Makefile
+++ b/deps/openssl/openssl/crypto/bn/Makefile
@@ -26,13 +26,13 @@ LIBSRC=     bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c \
        bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
        bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c \
        bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c \
-       bn_depr.c bn_const.c
+       bn_depr.c bn_const.c bn_x931p.c
 
 LIBOBJ=        bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o bn_mod.o \
        bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
        bn_kron.o bn_sqrt.o bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) \
        bn_recp.o bn_mont.o bn_mpi.o bn_exp2.o bn_gf2m.o bn_nist.o \
-       bn_depr.o bn_const.o
+       bn_depr.o bn_const.o bn_x931p.o
 
 SRC= $(LIBSRC)
 
@@ -66,6 +66,8 @@ co-586.s:     asm/co-586.pl ../perlasm/x86asm.pl
        $(PERL) asm/co-586.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
 x86-mont.s:    asm/x86-mont.pl ../perlasm/x86asm.pl
        $(PERL) asm/x86-mont.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+x86-gf2m.s:    asm/x86-gf2m.pl ../perlasm/x86asm.pl
+       $(PERL) asm/x86-gf2m.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
 
 sparcv8.o:     asm/sparcv8.S
        $(CC) $(CFLAGS) -c asm/sparcv8.S
@@ -82,16 +84,31 @@ bn-mips3.o: asm/mips3.s
                as -$$ABI -O -o $@ asm/mips3.s; \
        else    $(CC) -c $(CFLAGS) -o $@ asm/mips3.s; fi
 
+bn-mips.s:     asm/mips.pl
+       $(PERL) asm/mips.pl $(PERLASM_SCHEME) $@
+mips-mont.s:   asm/mips-mont.pl
+       $(PERL) asm/mips-mont.pl $(PERLASM_SCHEME) $@
+
 bn-s390x.o:    asm/s390x.S
        $(CC) $(CFLAGS) -c -o $@ asm/s390x.S
+s390x-gf2m.s:  asm/s390x-gf2m.pl
+       $(PERL) asm/s390x-gf2m.pl $(PERLASM_SCHEME) $@
 
 x86_64-gcc.o:  asm/x86_64-gcc.c
        $(CC) $(CFLAGS) -c -o $@ asm/x86_64-gcc.c
 x86_64-mont.s: asm/x86_64-mont.pl
        $(PERL) asm/x86_64-mont.pl $(PERLASM_SCHEME) > $@
+x86_64-mont5.s:        asm/x86_64-mont5.pl
+       $(PERL) asm/x86_64-mont5.pl $(PERLASM_SCHEME) > $@
+x86_64-gf2m.s: asm/x86_64-gf2m.pl
+       $(PERL) asm/x86_64-gf2m.pl $(PERLASM_SCHEME) > $@
+modexp512-x86_64.s:    asm/modexp512-x86_64.pl
+       $(PERL) asm/modexp512-x86_64.pl $(PERLASM_SCHEME) > $@
 
 bn-ia64.s:     asm/ia64.S
        $(CC) $(CFLAGS) -E asm/ia64.S > $@
+ia64-mont.s:   asm/ia64-mont.pl
+       $(PERL) asm/ia64-mont.pl $@ $(CFLAGS)
 
 # GNU assembler fails to compile PA-RISC2 modules, insist on calling
 # vendor assembler...
@@ -99,16 +116,22 @@ pa-risc2W.o: asm/pa-risc2W.s
        /usr/ccs/bin/as -o pa-risc2W.o asm/pa-risc2W.s
 pa-risc2.o: asm/pa-risc2.s
        /usr/ccs/bin/as -o pa-risc2.o asm/pa-risc2.s
+parisc-mont.s: asm/parisc-mont.pl
+       $(PERL) asm/parisc-mont.pl $(PERLASM_SCHEME) $@
 
 # ppc - AIX, Linux, MacOS X...
 bn-ppc.s:      asm/ppc.pl;     $(PERL) asm/ppc.pl $(PERLASM_SCHEME) $@
 ppc-mont.s:    asm/ppc-mont.pl;$(PERL) asm/ppc-mont.pl $(PERLASM_SCHEME) $@
+ppc64-mont.s:  asm/ppc64-mont.pl;$(PERL) asm/ppc64-mont.pl $(PERLASM_SCHEME) $@
 
 alpha-mont.s:  asm/alpha-mont.pl
        $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
 
 # GNU make "catch all"
-%-mont.s:      asm/%-mont.pl;  $(PERL) $< $(CFLAGS) > $@
+%-mont.s:      asm/%-mont.pl;  $(PERL) $< $(PERLASM_SCHEME) $@
+%-gf2m.S:      asm/%-gf2m.pl;  $(PERL) $< $(PERLASM_SCHEME) $@
+
+armv4-gf2m.o:  armv4-gf2m.S
 
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -345,3 +368,8 @@ bn_word.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
 bn_word.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_word.c
+bn_x931p.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+bn_x931p.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+bn_x931p.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+bn_x931p.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+bn_x931p.o: ../../include/openssl/symhacks.h bn_x931p.c

diff --git a/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl b/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl
index 14e0d2d..f78a8b5 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/armv4-mont.pl
@@ -23,6 +23,9 @@
 # than 1/2KB. Windows CE port would be trivial, as it's exclusively
 # about decorations, ABI and instruction syntax are identical.
 
+while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
 $num="r0";     # starts as num argument, but holds &tp[num-1]
 $ap="r1";
 $bp="r2"; $bi="r2"; $rp="r2";
@@ -89,9 +92,9 @@ bn_mul_mont:
 .L1st:
        ldr     $aj,[$ap],#4            @ ap[j],ap++
        mov     $alo,$ahi
+       ldr     $nj,[$np],#4            @ np[j],np++
        mov     $ahi,#0
        umlal   $alo,$ahi,$aj,$bi       @ ap[j]*bp[0]
-       ldr     $nj,[$np],#4            @ np[j],np++
        mov     $nhi,#0
        umlal   $nlo,$nhi,$nj,$n0       @ np[j]*n0
        adds    $nlo,$nlo,$alo
@@ -101,21 +104,21 @@ bn_mul_mont:
        bne     .L1st
 
        adds    $nlo,$nlo,$ahi
+       ldr     $tp,[$_bp]              @ restore bp
        mov     $nhi,#0
+       ldr     $n0,[$_n0]              @ restore n0
        adc     $nhi,$nhi,#0
-       ldr     $tp,[$_bp]              @ restore bp
        str     $nlo,[$num]             @ tp[num-1]=
-       ldr     $n0,[$_n0]              @ restore n0
        str     $nhi,[$num,#4]          @ tp[num]=
 \f
 .Louter:
        sub     $tj,$num,sp             @ "original" $num-1 value
        sub     $ap,$ap,$tj             @ "rewind" ap to &ap[1]
-       sub     $np,$np,$tj             @ "rewind" np to &np[1]
        ldr     $bi,[$tp,#4]!           @ *(++bp)
+       sub     $np,$np,$tj             @ "rewind" np to &np[1]
        ldr     $aj,[$ap,#-4]           @ ap[0]
-       ldr     $nj,[$np,#-4]           @ np[0]
        ldr     $alo,[sp]               @ tp[0]
+       ldr     $nj,[$np,#-4]           @ np[0]
        ldr     $tj,[sp,#4]             @ tp[1]
 
        mov     $ahi,#0
@@ -129,13 +132,13 @@ bn_mul_mont:
 .Linner:
        ldr     $aj,[$ap],#4            @ ap[j],ap++
        adds    $alo,$ahi,$tj           @ +=tp[j]
+       ldr     $nj,[$np],#4            @ np[j],np++
        mov     $ahi,#0
        umlal   $alo,$ahi,$aj,$bi       @ ap[j]*bp[i]
-       ldr     $nj,[$np],#4            @ np[j],np++
        mov     $nhi,#0
        umlal   $nlo,$nhi,$nj,$n0       @ np[j]*n0
-       ldr     $tj,[$tp,#8]            @ tp[j+1]
        adc     $ahi,$ahi,#0
+       ldr     $tj,[$tp,#8]            @ tp[j+1]
        adds    $nlo,$nlo,$alo
        str     $nlo,[$tp],#4           @ tp[j-1]=,tp++
        adc     $nlo,$nhi,#0
@@ -144,13 +147,13 @@ bn_mul_mont:
 
        adds    $nlo,$nlo,$ahi
        mov     $nhi,#0
+       ldr     $tp,[$_bp]              @ restore bp
        adc     $nhi,$nhi,#0
+       ldr     $n0,[$_n0]              @ restore n0
        adds    $nlo,$nlo,$tj
-       adc     $nhi,$nhi,#0
-       ldr     $tp,[$_bp]              @ restore bp
        ldr     $tj,[$_bpend]           @ restore &bp[num]
+       adc     $nhi,$nhi,#0
        str     $nlo,[$num]             @ tp[num-1]=
-       ldr     $n0,[$_n0]              @ restore n0
        str     $nhi,[$num,#4]          @ tp[num]=
 
        cmp     $tp,$tj

diff --git a/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl b/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl
index 7849eae..f9b6992 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/ppc-mont.pl
@@ -31,7 +31,6 @@ if ($flavour =~ /32/) {
        $BNSZ=  $BITS/8;
        $SIZE_T=4;
        $RZONE= 224;
-       $FRAME= $SIZE_T*16;
 
        $LD=    "lwz";          # load
        $LDU=   "lwzu";         # load and update
@@ -51,7 +50,6 @@ if ($flavour =~ /32/) {
        $BNSZ=  $BITS/8;
        $SIZE_T=8;
        $RZONE= 288;
-       $FRAME= $SIZE_T*16;
 
        # same as above, but 64-bit mnemonics...
        $LD=    "ld";           # load
@@ -69,6 +67,9 @@ if ($flavour =~ /32/) {
        $POP=   $LD;
 } else { die "nonsense $flavour"; }
 
+$FRAME=8*$SIZE_T+$RZONE;
+$LOCALS=8*$SIZE_T;
+
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}ppc-xlate.pl" and -f $xlate ) or
 ( $xlate="${dir}../../perlasm/ppc-xlate.pl" and -f $xlate) or
@@ -89,18 +90,18 @@ $aj="r10";
 $nj="r11";
 $tj="r12";
 # non-volatile registers
-$i="r14";
-$j="r15";
-$tp="r16";
-$m0="r17";
-$m1="r18";
-$lo0="r19";
-$hi0="r20";
-$lo1="r21";
-$hi1="r22";
-$alo="r23";
-$ahi="r24";
-$nlo="r25";
+$i="r20";
+$j="r21";
+$tp="r22";
+$m0="r23";
+$m1="r24";
+$lo0="r25";
+$hi0="r26";
+$lo1="r27";
+$hi1="r28";
+$alo="r29";
+$ahi="r30";
+$nlo="r31";
 #
 $nhi="r0";
 
@@ -108,42 +109,48 @@ $code=<<___;
 .machine "any"
 .text
 
-.globl .bn_mul_mont
+.globl .bn_mul_mont_int
 .align 4
-.bn_mul_mont:
+.bn_mul_mont_int:
        cmpwi   $num,4
        mr      $rp,r3          ; $rp is reassigned
        li      r3,0
        bltlr
-
+___
+$code.=<<___ if ($BNSZ==4);
+       cmpwi   $num,32         ; longer key performance is not better
+       bgelr
+___
+$code.=<<___;
        slwi    $num,$num,`log($BNSZ)/log(2)`
        li      $tj,-4096
-       addi    $ovf,$num,`$FRAME+$RZONE`
+       addi    $ovf,$num,$FRAME
        subf    $ovf,$ovf,$sp   ; $sp-$ovf
        and     $ovf,$ovf,$tj   ; minimize TLB usage
        subf    $ovf,$sp,$ovf   ; $ovf-$sp
+       mr      $tj,$sp
        srwi    $num,$num,`log($BNSZ)/log(2)`
        $STUX   $sp,$sp,$ovf
 
-       $PUSH   r14,`4*$SIZE_T`($sp)
-       $PUSH   r15,`5*$SIZE_T`($sp)
-       $PUSH   r16,`6*$SIZE_T`($sp)
-       $PUSH   r17,`7*$SIZE_T`($sp)
-       $PUSH   r18,`8*$SIZE_T`($sp)
-       $PUSH   r19,`9*$SIZE_T`($sp)
-       $PUSH   r20,`10*$SIZE_T`($sp)
-       $PUSH   r21,`11*$SIZE_T`($sp)
-       $PUSH   r22,`12*$SIZE_T`($sp)
-       $PUSH   r23,`13*$SIZE_T`($sp)
-       $PUSH   r24,`14*$SIZE_T`($sp)
-       $PUSH   r25,`15*$SIZE_T`($sp)
+       $PUSH   r20,`-12*$SIZE_T`($tj)
+       $PUSH   r21,`-11*$SIZE_T`($tj)
+       $PUSH   r22,`-10*$SIZE_T`($tj)
+       $PUSH   r23,`-9*$SIZE_T`($tj)
+       $PUSH   r24,`-8*$SIZE_T`($tj)
+       $PUSH   r25,`-7*$SIZE_T`($tj)
+       $PUSH   r26,`-6*$SIZE_T`($tj)
+       $PUSH   r27,`-5*$SIZE_T`($tj)
+       $PUSH   r28,`-4*$SIZE_T`($tj)
+       $PUSH   r29,`-3*$SIZE_T`($tj)
+       $PUSH   r30,`-2*$SIZE_T`($tj)
+       $PUSH   r31,`-1*$SIZE_T`($tj)
 
        $LD     $n0,0($n0)      ; pull n0[0] value
        addi    $num,$num,-2    ; adjust $num for counter register
 \f
        $LD     $m0,0($bp)      ; m0=bp[0]
        $LD     $aj,0($ap)      ; ap[0]
-       addi    $tp,$sp,$FRAME
+       addi    $tp,$sp,$LOCALS
        $UMULL  $lo0,$aj,$m0    ; ap[0]*bp[0]
        $UMULH  $hi0,$aj,$m0
 
@@ -205,8 +212,8 @@ L1st:
 Louter:
        $LDX    $m0,$bp,$i      ; m0=bp[i]
        $LD     $aj,0($ap)      ; ap[0]
-       addi    $tp,$sp,$FRAME
-       $LD     $tj,$FRAME($sp) ; tp[0]
+       addi    $tp,$sp,$LOCALS
+       $LD     $tj,$LOCALS($sp); tp[0]
        $UMULL  $lo0,$aj,$m0    ; ap[0]*bp[i]
        $UMULH  $hi0,$aj,$m0
        $LD     $aj,$BNSZ($ap)  ; ap[1]
@@ -273,7 +280,7 @@ Linner:
 \f
        addi    $num,$num,2     ; restore $num
        subfc   $j,$j,$j        ; j=0 and "clear" XER[CA]
-       addi    $tp,$sp,$FRAME
+       addi    $tp,$sp,$LOCALS
        mtctr   $num
 
 .align 4
@@ -299,23 +306,27 @@ Lcopy:                            ; copy or in-place refresh
        addi    $j,$j,$BNSZ
        bdnz-   Lcopy
 
-       $POP    r14,`4*$SIZE_T`($sp)
-       $POP    r15,`5*$SIZE_T`($sp)
-       $POP    r16,`6*$SIZE_T`($sp)
-       $POP    r17,`7*$SIZE_T`($sp)
-       $POP    r18,`8*$SIZE_T`($sp)
-       $POP    r19,`9*$SIZE_T`($sp)
-       $POP    r20,`10*$SIZE_T`($sp)
-       $POP    r21,`11*$SIZE_T`($sp)
-       $POP    r22,`12*$SIZE_T`($sp)
-       $POP    r23,`13*$SIZE_T`($sp)
-       $POP    r24,`14*$SIZE_T`($sp)
-       $POP    r25,`15*$SIZE_T`($sp)
-       $POP    $sp,0($sp)
+       $POP    $tj,0($sp)
        li      r3,1
+       $POP    r20,`-12*$SIZE_T`($tj)
+       $POP    r21,`-11*$SIZE_T`($tj)
+       $POP    r22,`-10*$SIZE_T`($tj)
+       $POP    r23,`-9*$SIZE_T`($tj)
+       $POP    r24,`-8*$SIZE_T`($tj)
+       $POP    r25,`-7*$SIZE_T`($tj)
+       $POP    r26,`-6*$SIZE_T`($tj)
+       $POP    r27,`-5*$SIZE_T`($tj)
+       $POP    r28,`-4*$SIZE_T`($tj)
+       $POP    r29,`-3*$SIZE_T`($tj)
+       $POP    r30,`-2*$SIZE_T`($tj)
+       $POP    r31,`-1*$SIZE_T`($tj)
+       mr      $sp,$tj
        blr
        .long   0
-.asciz  "Montgomery Multiplication for PPC, CRYPTOGAMS by <appro\@fy.chalmers.se>"
+       .byte   0,12,4,0,0x80,12,6,0
+       .long   0
+
+.asciz  "Montgomery Multiplication for PPC, CRYPTOGAMS by <appro\@openssl.org>"
 ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;

diff --git a/deps/openssl/openssl/crypto/bn/asm/ppc.pl b/deps/openssl/openssl/crypto/bn/asm/ppc.pl
index f409317..1249ce2 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/asm/ppc.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/ppc.pl
@@ -389,7 +389,9 @@ $data=<<EOF;
        $ST             r9,`6*$BNSZ`(r3)        #r[6]=c1
        $ST             r10,`7*$BNSZ`(r3)       #r[7]=c2
        blr
-       .long   0x00000000
+       .long   0
+       .byte   0,12,0x14,0,0,0,2,0
+       .long   0
 
 #
 #      NOTE:   The following label name should be changed to
@@ -814,8 +816,9 @@ $data=<<EOF;
 
 
        blr
-
-       .long   0x00000000
+       .long   0
+       .byte   0,12,0x14,0,0,0,2,0
+       .long   0
 
 #
 #      NOTE:   The following label name should be changed to
@@ -966,7 +969,9 @@ $data=<<EOF;
        $ST     r10,`6*$BNSZ`(r3)       #r[6]=c1
        $ST     r11,`7*$BNSZ`(r3)       #r[7]=c2
        blr
-       .long   0x00000000
+       .long   0
+       .byte   0,12,0x14,0,0,0,3,0
+       .long   0
 
 #
 #      NOTE:   The following label name should be changed to
@@ -1502,7 +1507,9 @@ $data=<<EOF;
        $ST     r12,`14*$BNSZ`(r3)      #r[14]=c3;
        $ST     r10,`15*$BNSZ`(r3)      #r[15]=c1;
        blr
-       .long   0x00000000
+       .long   0
+       .byte   0,12,0x14,0,0,0,3,0
+       .long   0
 
 #
 #      NOTE:   The following label name should be changed to
@@ -1550,8 +1557,9 @@ Lppcasm_sub_adios:
        subfze  r3,r0           # if carry bit is set then r3 = 0 else -1
        andi.   r3,r3,1         # keep only last bit.
        blr
-       .long   0x00000000
-
+       .long   0
+       .byte   0,12,0x14,0,0,0,4,0
+       .long   0
 
 #
 #      NOTE:   The following label name should be changed to
@@ -1594,7 +1602,9 @@ Lppcasm_add_mainloop:
 Lppcasm_add_adios:     
        addze   r3,r0                   #return carry bit.
        blr
-       .long   0x00000000
+       .long   0
+       .byte   0,12,0x14,0,0,0,4,0
+       .long   0
 
 #
 #      NOTE:   The following label name should be changed to
@@ -1707,7 +1717,9 @@ Lppcasm_div8:
 Lppcasm_div9:
        or      r3,r8,r0
        blr
-       .long   0x00000000
+       .long   0
+       .byte   0,12,0x14,0,0,0,3,0
+       .long   0
 
 #
 #      NOTE:   The following label name should be changed to
@@ -1746,8 +1758,9 @@ Lppcasm_sqr_mainloop:
        bdnz-   Lppcasm_sqr_mainloop
 Lppcasm_sqr_adios:     
        blr
-       .long   0x00000000
-
+       .long   0
+       .byte   0,12,0x14,0,0,0,3,0
+       .long   0
 
 #
 #      NOTE:   The following label name should be changed to
@@ -1850,7 +1863,9 @@ Lppcasm_mw_REM:
 Lppcasm_mw_OVER:       
        addi    r3,r12,0
        blr
-       .long   0x00000000
+       .long   0
+       .byte   0,12,0x14,0,0,0,4,0
+       .long   0
 
 #
 #      NOTE:   The following label name should be changed to
@@ -1973,7 +1988,9 @@ Lppcasm_maw_leftover:
 Lppcasm_maw_adios:     
        addi    r3,r12,0
        blr
-       .long   0x00000000
+       .long   0
+       .byte   0,12,0x14,0,0,0,4,0
+       .long   0
        .align  4
 EOF
 $data =~ s/\`([^\`]*)\`/eval $1/gem;

diff --git a/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl b/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl
index 3449b35..a14e769 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/ppc64-mont.pl
@@ -45,23 +45,40 @@
 # on 1.8GHz PPC970, it's only 5-55% faster. Still far from impressive
 # in absolute terms, but it's apparently the way Power 6 is...
 
+# December 2009
+
+# Adapted for 32-bit build this module delivers 25-120%, yes, more
+# than *twice* for longer keys, performance improvement over 32-bit
+# ppc-mont.pl on 1.8GHz PPC970. However! This implementation utilizes
+# even 64-bit integer operations and the trouble is that most PPC
+# operating systems don't preserve upper halves of general purpose
+# registers upon 32-bit signal delivery. They do preserve them upon
+# context switch, but not signalling:-( This means that asynchronous
+# signals have to be blocked upon entry to this subroutine. Signal
+# masking (and of course complementary unmasking) has quite an impact
+# on performance, naturally larger for shorter keys. It's so severe
+# that 512-bit key performance can be as low as 1/3 of expected one.
+# This is why this routine can be engaged for longer key operations
+# only on these OSes, see crypto/ppccap.c for further details. MacOS X
+# is an exception from this and doesn't require signal masking, and
+# that's where above improvement coefficients were collected. For
+# others alternative would be to break dependence on upper halves of
+# GPRs by sticking to 32-bit integer operations...
+
 $flavour = shift;
 
 if ($flavour =~ /32/) {
        $SIZE_T=4;
        $RZONE= 224;
-       $FRAME= $SIZE_T*12+8*12;
-       $fname= "bn_mul_mont_ppc64";
+       $fname= "bn_mul_mont_fpu64";
 
        $STUX=  "stwux";        # store indexed and update
        $PUSH=  "stw";
        $POP=   "lwz";
-       die "not implemented yet";
 } elsif ($flavour =~ /64/) {
        $SIZE_T=8;
        $RZONE= 288;
-       $FRAME= $SIZE_T*12+8*12;
-       $fname= "bn_mul_mont";
+       $fname= "bn_mul_mont_fpu64";
 
        # same as above, but 64-bit mnemonics...
        $STUX=  "stdux";        # store indexed and update
@@ -76,7 +93,7 @@ die "can't locate ppc-xlate.pl";
 
 open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
 
-$FRAME=($FRAME+63)&~63;
+$FRAME=64;     # padded frame header
 $TRANSFER=16*8;
 
 $carry="r0";
@@ -93,16 +110,16 @@ $tp="r10";
 $j="r11";
 $i="r12";
 # non-volatile registers
-$nap_d="r14";  # interleaved ap and np in double format
-$a0="r15";     # ap[0]
-$t0="r16";     # temporary registers
-$t1="r17";
-$t2="r18";
-$t3="r19";
-$t4="r20";
-$t5="r21";
-$t6="r22";
-$t7="r23";
+$nap_d="r22";  # interleaved ap and np in double format
+$a0="r23";     # ap[0]
+$t0="r24";     # temporary registers
+$t1="r25";
+$t2="r26";
+$t3="r27";
+$t4="r28";
+$t5="r29";
+$t6="r30";
+$t7="r31";
 
 # PPC offers enough register bank capacity to unroll inner loops twice
 #
@@ -132,28 +149,17 @@ $ba="f0"; $bb="f1";       $bc="f2";       $bd="f3";
 $na="f4";      $nb="f5";       $nc="f6";       $nd="f7";
 $dota="f8";    $dotb="f9";
 $A0="f10";     $A1="f11";      $A2="f12";      $A3="f13";
-$N0="f14";     $N1="f15";      $N2="f16";      $N3="f17";
-$T0a="f18";    $T0b="f19";
-$T1a="f20";    $T1b="f21";
-$T2a="f22";    $T2b="f23";
-$T3a="f24";    $T3b="f25";
+$N0="f20";     $N1="f21";      $N2="f22";      $N3="f23";
+$T0a="f24";    $T0b="f25";
+$T1a="f26";    $T1b="f27";
+$T2a="f28";    $T2b="f29";
+$T3a="f30";    $T3b="f31";
 \f
 # sp----------->+-------------------------------+
 #              | saved sp                      |
 #              +-------------------------------+
-#              |                               |
-#              +-------------------------------+
-#              | 10 saved gpr, r14-r23         |
-#              .                               .
-#              .                               .
-#   +12*size_t +-------------------------------+
-#              | 12 saved fpr, f14-f25         |
 #              .                               .
-#              .                               .
-#   +12*8      +-------------------------------+
-#              | padding to 64 byte boundary   |
-#              .                               .
-#   +X         +-------------------------------+
+#   +64                +-------------------------------+
 #              | 16 gpr<->fpr transfer zone    |
 #              .                               .
 #              .                               .
@@ -173,6 +179,16 @@ $T3a="f24";        $T3b="f25";
 #              .                               .
 #              .                               .
 #              +-------------------------------+
+#              .                               .
+#   -12*size_t +-------------------------------+
+#              | 10 saved gpr, r22-r31         |
+#              .                               .
+#              .                               .
+#   -12*8      +-------------------------------+
+#              | 12 saved fpr, f20-f31         |
+#              .                               .
+#              .                               .
+#              +-------------------------------+
 \f
 $code=<<___;
 .machine "any"
@@ -181,14 +197,14 @@ $code=<<___;
 .globl .$fname
 .align 5
 .$fname:
-       cmpwi   $num,4
+       cmpwi   $num,`3*8/$SIZE_T`
        mr      $rp,r3          ; $rp is reassigned
        li      r3,0            ; possible "not handled" return code
        bltlr-
-       andi.   r0,$num,1       ; $num has to be even
+       andi.   r0,$num,`16/$SIZE_T-1`          ; $num has to be "even"
        bnelr-
 
-       slwi    $num,$num,3     ; num*=8
+       slwi    $num,$num,`log($SIZE_T)/log(2)` ; num*=sizeof(BN_LONG)
        li      $i,-4096
        slwi    $tp,$num,2      ; place for {an}p_{lh}[num], i.e. 4*num
        add     $tp,$tp,$num    ; place for tp[num+1]
@@ -196,35 +212,50 @@ $code=<<___;
        subf    $tp,$tp,$sp     ; $sp-$tp
        and     $tp,$tp,$i      ; minimize TLB usage
        subf    $tp,$sp,$tp     ; $tp-$sp
+       mr      $i,$sp
        $STUX   $sp,$sp,$tp     ; alloca
 
-       $PUSH   r14,`2*$SIZE_T`($sp)
-       $PUSH   r15,`3*$SIZE_T`($sp)
-       $PUSH   r16,`4*$SIZE_T`($sp)
-       $PUSH   r17,`5*$SIZE_T`($sp)
-       $PUSH   r18,`6*$SIZE_T`($sp)
-       $PUSH   r19,`7*$SIZE_T`($sp)
-       $PUSH   r20,`8*$SIZE_T`($sp)
-       $PUSH   r21,`9*$SIZE_T`($sp)
-       $PUSH   r22,`10*$SIZE_T`($sp)
-       $PUSH   r23,`11*$SIZE_T`($sp)
-       stfd    f14,`12*$SIZE_T+0`($sp)
-       stfd    f15,`12*$SIZE_T+8`($sp)
-       stfd    f16,`12*$SIZE_T+16`($sp)
-       stfd    f17,`12*$SIZE_T+24`($sp)
-       stfd    f18,`12*$SIZE_T+32`($sp)
-       stfd    f19,`12*$SIZE_T+40`($sp)
-       stfd    f20,`12*$SIZE_T+48`($sp)
-       stfd    f21,`12*$SIZE_T+56`($sp)
-       stfd    f22,`12*$SIZE_T+64`($sp)
-       stfd    f23,`12*$SIZE_T+72`($sp)
-       stfd    f24,`12*$SIZE_T+80`($sp)
-       stfd    f25,`12*$SIZE_T+88`($sp)
-
+       $PUSH   r22,`-12*8-10*$SIZE_T`($i)
+       $PUSH   r23,`-12*8-9*$SIZE_T`($i)
+       $PUSH   r24,`-12*8-8*$SIZE_T`($i)
+       $PUSH   r25,`-12*8-7*$SIZE_T`($i)
+       $PUSH   r26,`-12*8-6*$SIZE_T`($i)
+       $PUSH   r27,`-12*8-5*$SIZE_T`($i)
+       $PUSH   r28,`-12*8-4*$SIZE_T`($i)
+       $PUSH   r29,`-12*8-3*$SIZE_T`($i)
+       $PUSH   r30,`-12*8-2*$SIZE_T`($i)
+       $PUSH   r31,`-12*8-1*$SIZE_T`($i)
+       stfd    f20,`-12*8`($i)
+       stfd    f21,`-11*8`($i)
+       stfd    f22,`-10*8`($i)
+       stfd    f23,`-9*8`($i)
+       stfd    f24,`-8*8`($i)
+       stfd    f25,`-7*8`($i)
+       stfd    f26,`-6*8`($i)
+       stfd    f27,`-5*8`($i)
+       stfd    f28,`-4*8`($i)
+       stfd    f29,`-3*8`($i)
+       stfd    f30,`-2*8`($i)
+       stfd    f31,`-1*8`($i)
+___
+$code.=<<___ if ($SIZE_T==8);
        ld      $a0,0($ap)      ; pull ap[0] value
        ld      $n0,0($n0)      ; pull n0[0] value
        ld      $t3,0($bp)      ; bp[0]
-
+___
+$code.=<<___ if ($SIZE_T==4);
+       mr      $t1,$n0
+       lwz     $a0,0($ap)      ; pull ap[0,1] value
+       lwz     $t0,4($ap)
+       lwz     $n0,0($t1)      ; pull n0[0,1] value
+       lwz     $t1,4($t1)
+       lwz     $t3,0($bp)      ; bp[0,1]
+       lwz     $t2,4($bp)
+       insrdi  $a0,$t0,32,0
+       insrdi  $n0,$t1,32,0
+       insrdi  $t3,$t2,32,0
+___
+$code.=<<___;
        addi    $tp,$sp,`$FRAME+$TRANSFER+8+64`
        li      $i,-64
        add     $nap_d,$tp,$num
@@ -258,6 +289,8 @@ $code=<<___;
        std     $t5,`$FRAME+40`($sp)
        std     $t6,`$FRAME+48`($sp)
        std     $t7,`$FRAME+56`($sp)
+___
+$code.=<<___ if ($SIZE_T==8);
        lwz     $t0,4($ap)              ; load a[j] as 32-bit word pair
        lwz     $t1,0($ap)
        lwz     $t2,12($ap)             ; load a[j+1] as 32-bit word pair
@@ -266,6 +299,18 @@ $code=<<___;
        lwz     $t5,0($np)
        lwz     $t6,12($np)             ; load n[j+1] as 32-bit word pair
        lwz     $t7,8($np)
+___
+$code.=<<___ if ($SIZE_T==4);
+       lwz     $t0,0($ap)              ; load a[j..j+3] as 32-bit word pairs
+       lwz     $t1,4($ap)
+       lwz     $t2,8($ap)
+       lwz     $t3,12($ap)
+       lwz     $t4,0($np)              ; load n[j..j+3] as 32-bit word pairs
+       lwz     $t5,4($np)
+       lwz     $t6,8($np)
+       lwz     $t7,12($np)
+___
+$code.=<<___;
        lfd     $ba,`$FRAME+0`($sp)
        lfd     $bb,`$FRAME+8`($sp)
        lfd     $bc,`$FRAME+16`($sp)
@@ -374,6 +419,8 @@ $code=<<___;
 \f
 .align 5
 L1st:
+___
+$code.=<<___ if ($SIZE_T==8);
        lwz     $t0,4($ap)              ; load a[j] as 32-bit word pair
        lwz     $t1,0($ap)
        lwz     $t2,12($ap)             ; load a[j+1] as 32-bit word pair
@@ -382,6 +429,18 @@ L1st:
        lwz     $t5,0($np)
        lwz     $t6,12($np)             ; load n[j+1] as 32-bit word pair
        lwz     $t7,8($np)
+___
+$code.=<<___ if ($SIZE_T==4);
+       lwz     $t0,0($ap)              ; load a[j..j+3] as 32-bit word pairs
+       lwz     $t1,4($ap)
+       lwz     $t2,8($ap)
+       lwz     $t3,12($ap)
+       lwz     $t4,0($np)              ; load n[j..j+3] as 32-bit word pairs
+       lwz     $t5,4($np)
+       lwz     $t6,8($np)
+       lwz     $t7,12($np)
+___
+$code.=<<___;
        std     $t0,`$FRAME+64`($sp)
        std     $t1,`$FRAME+72`($sp)
        std     $t2,`$FRAME+80`($sp)
@@ -559,7 +618,17 @@ L1st:
        li      $i,8                    ; i=1
 .align 5
 Louter:
+___
+$code.=<<___ if ($SIZE_T==8);
        ldx     $t3,$bp,$i      ; bp[i]
+___
+$code.=<<___ if ($SIZE_T==4);
+       add     $t0,$bp,$i
+       lwz     $t3,0($t0)              ; bp[i,i+1]
+       lwz     $t0,4($t0)
+       insrdi  $t3,$t0,32,0
+___
+$code.=<<___;
        ld      $t6,`$FRAME+$TRANSFER+8`($sp)   ; tp[0]
        mulld   $t7,$a0,$t3     ; ap[0]*bp[i]
 
@@ -761,6 +830,13 @@ Linner:
        stfd    $T0b,`$FRAME+8`($sp)
         add    $t7,$t7,$carry
         addc   $t3,$t0,$t1
+___
+$code.=<<___ if ($SIZE_T==4);          # adjust XER[CA]
+       extrdi  $t0,$t0,32,0
+       extrdi  $t1,$t1,32,0
+       adde    $t0,$t0,$t1
+___
+$code.=<<___;
        stfd    $T1a,`$FRAME+16`($sp)
        stfd    $T1b,`$FRAME+24`($sp)
         insrdi $t4,$t7,16,0            ; 64..127 bits
@@ -768,6 +844,13 @@ Linner:
        stfd    $T2a,`$FRAME+32`($sp)
        stfd    $T2b,`$FRAME+40`($sp)
         adde   $t5,$t4,$t2
+___
+$code.=<<___ if ($SIZE_T==4);          # adjust XER[CA]
+       extrdi  $t4,$t4,32,0
+       extrdi  $t2,$t2,32,0
+       adde    $t4,$t4,$t2
+___
+$code.=<<___;
        stfd    $T3a,`$FRAME+48`($sp)
        stfd    $T3b,`$FRAME+56`($sp)
         addze  $carry,$carry
@@ -816,7 +899,21 @@ Linner:
        ld      $t7,`$FRAME+72`($sp)
 
        addc    $t3,$t0,$t1
+___
+$code.=<<___ if ($SIZE_T==4);          # adjust XER[CA]
+       extrdi  $t0,$t0,32,0
+       extrdi  $t1,$t1,32,0
+       adde    $t0,$t0,$t1
+___
+$code.=<<___;
        adde    $t5,$t4,$t2
+___
+$code.=<<___ if ($SIZE_T==4);          # adjust XER[CA]
+       extrdi  $t4,$t4,32,0
+       extrdi  $t2,$t2,32,0
+       adde    $t4,$t4,$t2
+___
+$code.=<<___;
        addze   $carry,$carry
 
        std     $t3,-16($tp)            ; tp[j-1]
@@ -835,7 +932,9 @@ Linner:
        subf    $nap_d,$t7,$nap_d       ; rewind pointer
        cmpw    $i,$num
        blt-    Louter
+___
 \f
+$code.=<<___ if ($SIZE_T==8);
        subf    $np,$num,$np    ; rewind np
        addi    $j,$j,1         ; restore counter
        subfc   $i,$i,$i        ; j=0 and "clear" XER[CA]
@@ -883,34 +982,105 @@ Lcopy:                           ; copy or in-place refresh
        stdx    $i,$t4,$i
        addi    $i,$i,16
        bdnz-   Lcopy
+___
+$code.=<<___ if ($SIZE_T==4);
+       subf    $np,$num,$np    ; rewind np
+       addi    $j,$j,1         ; restore counter
+       subfc   $i,$i,$i        ; j=0 and "clear" XER[CA]
+       addi    $tp,$sp,`$FRAME+$TRANSFER`
+       addi    $np,$np,-4
+       addi    $rp,$rp,-4
+       addi    $ap,$sp,`$FRAME+$TRANSFER+4`
+       mtctr   $j
+
+.align 4
+Lsub:  ld      $t0,8($tp)      ; load tp[j..j+3] in 64-bit word order
+       ldu     $t2,16($tp)
+       lwz     $t4,4($np)      ; load np[j..j+3] in 32-bit word order
+       lwz     $t5,8($np)
+       lwz     $t6,12($np)
+       lwzu    $t7,16($np)
+       extrdi  $t1,$t0,32,0
+       extrdi  $t3,$t2,32,0
+       subfe   $t4,$t4,$t0     ; tp[j]-np[j]
+        stw    $t0,4($ap)      ; save tp[j..j+3] in 32-bit word order
+       subfe   $t5,$t5,$t1     ; tp[j+1]-np[j+1]
+        stw    $t1,8($ap)
+       subfe   $t6,$t6,$t2     ; tp[j+2]-np[j+2]
+        stw    $t2,12($ap)
+       subfe   $t7,$t7,$t3     ; tp[j+3]-np[j+3]
+        stwu   $t3,16($ap)
+       stw     $t4,4($rp)
+       stw     $t5,8($rp)
+       stw     $t6,12($rp)
+       stwu    $t7,16($rp)
+       bdnz-   Lsub
+
+       li      $i,0
+       subfe   $ovf,$i,$ovf    ; handle upmost overflow bit
+       addi    $tp,$sp,`$FRAME+$TRANSFER+4`
+       subf    $rp,$num,$rp    ; rewind rp
+       and     $ap,$tp,$ovf
+       andc    $np,$rp,$ovf
+       or      $ap,$ap,$np     ; ap=borrow?tp:rp
+       addi    $tp,$sp,`$FRAME+$TRANSFER`
+       mtctr   $j
+
+.align 4
+Lcopy:                         ; copy or in-place refresh
+       lwz     $t0,4($ap)
+       lwz     $t1,8($ap)
+       lwz     $t2,12($ap)
+       lwzu    $t3,16($ap)
+       std     $i,8($nap_d)    ; zap nap_d
+       std     $i,16($nap_d)
+       std     $i,24($nap_d)
+       std     $i,32($nap_d)
+       std     $i,40($nap_d)
+       std     $i,48($nap_d)
+       std     $i,56($nap_d)
+       stdu    $i,64($nap_d)
+       stw     $t0,4($rp)
+       stw     $t1,8($rp)
+       stw     $t2,12($rp)
+       stwu    $t3,16($rp)
+       std     $i,8($tp)       ; zap tp at once
+       stdu    $i,16($tp)
+       bdnz-   Lcopy
+___
 \f
-       $POP    r14,`2*$SIZE_T`($sp)
-       $POP    r15,`3*$SIZE_T`($sp)
-       $POP    r16,`4*$SIZE_T`($sp)
-       $POP    r17,`5*$SIZE_T`($sp)
-       $POP    r18,`6*$SIZE_T`($sp)
-       $POP    r19,`7*$SIZE_T`($sp)
-       $POP    r20,`8*$SIZE_T`($sp)
-       $POP    r21,`9*$SIZE_T`($sp)
-       $POP    r22,`10*$SIZE_T`($sp)
-       $POP    r23,`11*$SIZE_T`($sp)
-       lfd     f14,`12*$SIZE_T+0`($sp)
-       lfd     f15,`12*$SIZE_T+8`($sp)
-       lfd     f16,`12*$SIZE_T+16`($sp)
-       lfd     f17,`12*$SIZE_T+24`($sp)
-       lfd     f18,`12*$SIZE_T+32`($sp)
-       lfd     f19,`12*$SIZE_T+40`($sp)
-       lfd     f20,`12*$SIZE_T+48`($sp)
-       lfd     f21,`12*$SIZE_T+56`($sp)
-       lfd     f22,`12*$SIZE_T+64`($sp)
-       lfd     f23,`12*$SIZE_T+72`($sp)
-       lfd     f24,`12*$SIZE_T+80`($sp)
-       lfd     f25,`12*$SIZE_T+88`($sp)
-       $POP    $sp,0($sp)
+$code.=<<___;
+       $POP    $i,0($sp)
        li      r3,1    ; signal "handled"
+       $POP    r22,`-12*8-10*$SIZE_T`($i)
+       $POP    r23,`-12*8-9*$SIZE_T`($i)
+       $POP    r24,`-12*8-8*$SIZE_T`($i)
+       $POP    r25,`-12*8-7*$SIZE_T`($i)
+       $POP    r26,`-12*8-6*$SIZE_T`($i)
+       $POP    r27,`-12*8-5*$SIZE_T`($i)
+       $POP    r28,`-12*8-4*$SIZE_T`($i)
+       $POP    r29,`-12*8-3*$SIZE_T`($i)
+       $POP    r30,`-12*8-2*$SIZE_T`($i)
+       $POP    r31,`-12*8-1*$SIZE_T`($i)
+       lfd     f20,`-12*8`($i)
+       lfd     f21,`-11*8`($i)
+       lfd     f22,`-10*8`($i)
+       lfd     f23,`-9*8`($i)
+       lfd     f24,`-8*8`($i)
+       lfd     f25,`-7*8`($i)
+       lfd     f26,`-6*8`($i)
+       lfd     f27,`-5*8`($i)
+       lfd     f28,`-4*8`($i)
+       lfd     f29,`-3*8`($i)
+       lfd     f30,`-2*8`($i)
+       lfd     f31,`-1*8`($i)
+       mr      $sp,$i
        blr
        .long   0
-.asciz  "Montgomery Multiplication for PPC64, CRYPTOGAMS by <appro\@fy.chalmers.se>"
+       .byte   0,12,4,0,0x8c,10,6,0
+       .long   0
+
+.asciz  "Montgomery Multiplication for PPC64, CRYPTOGAMS by <appro\@openssl.org>"
 ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;

diff --git a/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl b/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl
index f61246f..9fd64e8 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/s390x-mont.pl
@@ -32,6 +32,33 @@
 # Reschedule to minimize/avoid Address Generation Interlock hazard,
 # make inner loops counter-based.
 
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific. Compatibility with 32-bit BN_ULONG
+# is achieved by swapping words after 64-bit loads, follow _dswap-s.
+# On z990 it was measured to perform 2.6-2.2 times better than
+# compiler-generated code, less for longer keys...
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+       $SIZE_T=4;
+       $g="";
+} else {
+       $SIZE_T=8;
+       $g="g";
+}
+
+while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
+$stdframe=16*$SIZE_T+4*8;
+
 $mn0="%r0";
 $num="%r1";
 
@@ -60,34 +87,44 @@ $code.=<<___;
 .globl bn_mul_mont
 .type  bn_mul_mont,\@function
 bn_mul_mont:
-       lgf     $num,164($sp)   # pull $num
-       sla     $num,3          # $num to enumerate bytes
+       lgf     $num,`$stdframe+$SIZE_T-4`($sp) # pull $num
+       sla     $num,`log($SIZE_T)/log(2)`      # $num to enumerate bytes
        la      $bp,0($num,$bp)
 
-       stg     %r2,16($sp)
+       st${g}  %r2,2*$SIZE_T($sp)
 
        cghi    $num,16         #
        lghi    %r2,0           #
        blr     %r14            # if($num<16) return 0;
+___
+$code.=<<___ if ($flavour =~ /3[12]/);
+       tmll    $num,4
+       bnzr    %r14            # if ($num&1) return 0;
+___
+$code.=<<___ if ($flavour !~ /3[12]/);
        cghi    $num,96         #
        bhr     %r14            # if($num>96) return 0;
+___
+$code.=<<___;
+       stm${g} %r3,%r15,3*$SIZE_T($sp)
 
-       stmg    %r3,%r15,24($sp)
-
-       lghi    $rp,-160-8      # leave room for carry bit
+       lghi    $rp,-$stdframe-8        # leave room for carry bit
        lcgr    $j,$num         # -$num
        lgr     %r0,$sp
        la      $rp,0($rp,$sp)
        la      $sp,0($j,$rp)   # alloca
-       stg     %r0,0($sp)      # back chain
+       st${g}  %r0,0($sp)      # back chain
 
        sra     $num,3          # restore $num
        la      $bp,0($j,$bp)   # restore $bp
        ahi     $num,-1         # adjust $num for inner loop
        lg      $n0,0($n0)      # pull n0
+       _dswap  $n0
 
        lg      $bi,0($bp)
+       _dswap  $bi
        lg      $alo,0($ap)
+       _dswap  $alo
        mlgr    $ahi,$bi        # ap[0]*bp[0]
        lgr     $AHI,$ahi
 
@@ -95,6 +132,7 @@ bn_mul_mont:
        msgr    $mn0,$n0
 
        lg      $nlo,0($np)     #
+       _dswap  $nlo
        mlgr    $nhi,$mn0       # np[0]*m1
        algr    $nlo,$alo       # +="tp[0]"
        lghi    $NHI,0
@@ -106,12 +144,14 @@ bn_mul_mont:
 .align 16
 .L1st:
        lg      $alo,0($j,$ap)
+       _dswap  $alo
        mlgr    $ahi,$bi        # ap[j]*bp[0]
        algr    $alo,$AHI
        lghi    $AHI,0
        alcgr   $AHI,$ahi
 
        lg      $nlo,0($j,$np)
+       _dswap  $nlo
        mlgr    $nhi,$mn0       # np[j]*m1
        algr    $nlo,$NHI
        lghi    $NHI,0
@@ -119,22 +159,24 @@ bn_mul_mont:
        algr    $nlo,$alo
        alcgr   $NHI,$nhi
 
-       stg     $nlo,160-8($j,$sp)      # tp[j-1]=
+       stg     $nlo,$stdframe-8($j,$sp)        # tp[j-1]=
        la      $j,8($j)        # j++
        brct    $count,.L1st
 
        algr    $NHI,$AHI
        lghi    $AHI,0
        alcgr   $AHI,$AHI       # upmost overflow bit
-       stg     $NHI,160-8($j,$sp)
-       stg     $AHI,160($j,$sp)
+       stg     $NHI,$stdframe-8($j,$sp)
+       stg     $AHI,$stdframe($j,$sp)
        la      $bp,8($bp)      # bp++
 
 .Louter:
        lg      $bi,0($bp)      # bp[i]
+       _dswap  $bi
        lg      $alo,0($ap)
+       _dswap  $alo
        mlgr    $ahi,$bi        # ap[0]*bp[i]
-       alg     $alo,160($sp)   # +=tp[0]
+       alg     $alo,$stdframe($sp)     # +=tp[0]
        lghi    $AHI,0
        alcgr   $AHI,$ahi
 
@@ -142,6 +184,7 @@ bn_mul_mont:
        msgr    $mn0,$n0        # tp[0]*n0
 
        lg      $nlo,0($np)     # np[0]
+       _dswap  $nlo
        mlgr    $nhi,$mn0       # np[0]*m1
        algr    $nlo,$alo       # +="tp[0]"
        lghi    $NHI,0
@@ -153,14 +196,16 @@ bn_mul_mont:
 .align 16
 .Linner:
        lg      $alo,0($j,$ap)
+       _dswap  $alo
        mlgr    $ahi,$bi        # ap[j]*bp[i]
        algr    $alo,$AHI
        lghi    $AHI,0
        alcgr   $ahi,$AHI
-       alg     $alo,160($j,$sp)# +=tp[j]
+       alg     $alo,$stdframe($j,$sp)# +=tp[j]
        alcgr   $AHI,$ahi
 
        lg      $nlo,0($j,$np)
+       _dswap  $nlo
        mlgr    $nhi,$mn0       # np[j]*m1
        algr    $nlo,$NHI
        lghi    $NHI,0
@@ -168,31 +213,33 @@ bn_mul_mont:
        algr    $nlo,$alo       # +="tp[j]"
        alcgr   $NHI,$nhi
 
-       stg     $nlo,160-8($j,$sp)      # tp[j-1]=
+       stg     $nlo,$stdframe-8($j,$sp)        # tp[j-1]=
        la      $j,8($j)        # j++
        brct    $count,.Linner
 
        algr    $NHI,$AHI
        lghi    $AHI,0
        alcgr   $AHI,$AHI
-       alg     $NHI,160($j,$sp)# accumulate previous upmost overflow bit
+       alg     $NHI,$stdframe($j,$sp)# accumulate previous upmost overflow bit
        lghi    $ahi,0
        alcgr   $AHI,$ahi       # new upmost overflow bit
-       stg     $NHI,160-8($j,$sp)
-       stg     $AHI,160($j,$sp)
+       stg     $NHI,$stdframe-8($j,$sp)
+       stg     $AHI,$stdframe($j,$sp)
 
        la      $bp,8($bp)      # bp++
-       clg     $bp,160+8+32($j,$sp)    # compare to &bp[num]
+       cl${g}  $bp,`$stdframe+8+4*$SIZE_T`($j,$sp)     # compare to &bp[num]
        jne     .Louter
 
-       lg      $rp,160+8+16($j,$sp)    # reincarnate rp
-       la      $ap,160($sp)
+       l${g}   $rp,`$stdframe+8+2*$SIZE_T`($j,$sp)     # reincarnate rp
+       la      $ap,$stdframe($sp)
        ahi     $num,1          # restore $num, incidentally clears "borrow"
 
        la      $j,0(%r0)
        lr      $count,$num
 .Lsub: lg      $alo,0($j,$ap)
-       slbg    $alo,0($j,$np)
+       lg      $nlo,0($j,$np)
+       _dswap  $nlo
+       slbgr   $alo,$nlo
        stg     $alo,0($j,$rp)
        la      $j,8($j)
        brct    $count,.Lsub
@@ -207,19 +254,24 @@ bn_mul_mont:
 
        la      $j,0(%r0)
        lgr     $count,$num
-.Lcopy:        lg      $alo,0($j,$ap)  # copy or in-place refresh
-       stg     $j,160($j,$sp)  # zap tp
+.Lcopy:        lg      $alo,0($j,$ap)          # copy or in-place refresh
+       _dswap  $alo
+       stg     $j,$stdframe($j,$sp)    # zap tp
        stg     $alo,0($j,$rp)
        la      $j,8($j)
        brct    $count,.Lcopy
 
-       la      %r1,160+8+48($j,$sp)
-       lmg     %r6,%r15,0(%r1)
+       la      %r1,`$stdframe+8+6*$SIZE_T`($j,$sp)
+       lm${g}  %r6,%r15,0(%r1)
        lghi    %r2,1           # signal "processed"
        br      %r14
 .size  bn_mul_mont,.-bn_mul_mont
 .string        "Montgomery Multiplication for s390x, CRYPTOGAMS by <appro\@openssl.org>"
 ___
 
-print $code;
+foreach (split("\n",$code)) {
+       s/\`([^\`]*)\`/eval $1/ge;
+       s/_dswap\s+(%r[0-9]+)/sprintf("rllg\t%s,%s,32",$1,$1) if($SIZE_T==4)/e;
+       print $_,"\n";
+}
 close STDOUT;

diff --git a/deps/openssl/openssl/crypto/bn/asm/s390x.S b/deps/openssl/openssl/crypto/bn/asm/s390x.S
old mode 100644 (file)
new mode 100755 (executable)

diff --git a/deps/openssl/openssl/crypto/bn/asm/sparcv9a-mont.pl b/deps/openssl/openssl/crypto/bn/asm/sparcv9a-mont.pl
old mode 100644 (file)
new mode 100755 (executable)

diff --git a/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl b/deps/openssl/openssl/crypto/bn/asm/x86-mont.pl
old mode 100644 (file)
new mode 100755 (executable)

diff --git a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl
index 3b7a6f2..17fb94c 100755 (executable)
--- a/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl
+++ b/deps/openssl/openssl/crypto/bn/asm/x86_64-mont.pl
@@ -1,7 +1,7 @@
 #!/usr/bin/env perl
 
 # ====================================================================
-# Written by Andy Polyakov <appro@fy.chalmers.se> for the OpenSSL
+# Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
 # project. The module is, however, dual licensed under OpenSSL and
 # CRYPTOGAMS licenses depending on where you obtain it. For further
 # details see http://www.openssl.org/~appro/cryptogams/.
@@ -15,6 +15,20 @@
 # respectful 50%. It remains to be seen if loop unrolling and
 # dedicated squaring routine can provide further improvement...
 
+# July 2011.
+#
+# Add dedicated squaring procedure. Performance improvement varies
+# from platform to platform, but in average it's ~5%/15%/25%/33%
+# for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively.
+
+# August 2011.
+#
+# Unroll and modulo-schedule inner loops in such manner that they
+# are "fallen through" for input lengths of 8, which is critical for
+# 1024-bit RSA *sign*. Average performance improvement in comparison
+# to *initial* version of this module from 2005 is ~0%/30%/40%/45%
+# for 512-/1024-/2048-/4096-bit RSA *sign* benchmarks respectively.
+
 $flavour = shift;
 $output  = shift;
 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
@@ -26,7 +40,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 # int bn_mul_mont(
 $rp="%rdi";    # BN_ULONG *rp,
@@ -37,7 +52,6 @@ $n0="%r8";    # const BN_ULONG *n0,
 $num="%r9";    # int num);
 $lo0="%r10";
 $hi0="%r11";
-$bp="%r12";    # reassign $bp
 $hi1="%r13";
 $i="%r14";
 $j="%r15";
@@ -51,6 +65,16 @@ $code=<<___;
 .type  bn_mul_mont,\@function,6
 .align 16
 bn_mul_mont:
+       test    \$3,${num}d
+       jnz     .Lmul_enter
+       cmp     \$8,${num}d
+       jb      .Lmul_enter
+       cmp     $ap,$bp
+       jne     .Lmul4x_enter
+       jmp     .Lsqr4x_enter
+
+.align 16
+.Lmul_enter:
        push    %rbx
        push    %rbp
        push    %r12
@@ -66,48 +90,66 @@ bn_mul_mont:
        and     \$-1024,%rsp            # minimize TLB usage
 
        mov     %r11,8(%rsp,$num,8)     # tp[num+1]=%rsp
-.Lprologue:
-       mov     %rdx,$bp                # $bp reassigned, remember?
-
+.Lmul_body:
+       mov     $bp,%r12                # reassign $bp
+___
+               $bp="%r12";
+$code.=<<___;
        mov     ($n0),$n0               # pull n0[0] value
+       mov     ($bp),$m0               # m0=bp[0]
+       mov     ($ap),%rax
 
        xor     $i,$i                   # i=0
        xor     $j,$j                   # j=0
 
-       mov     ($bp),$m0               # m0=bp[0]
-       mov     ($ap),%rax
+       mov     $n0,$m1
        mulq    $m0                     # ap[0]*bp[0]
        mov     %rax,$lo0
-       mov     %rdx,$hi0
+       mov     ($np),%rax
 
-       imulq   $n0,%rax                # "tp[0]"*n0
-       mov     %rax,$m1
+       imulq   $lo0,$m1                # "tp[0]"*n0
+       mov     %rdx,$hi0
 
-       mulq    ($np)                   # np[0]*m1
-       add     $lo0,%rax               # discarded
+       mulq    $m1                     # np[0]*m1
+       add     %rax,$lo0               # discarded
+       mov     8($ap),%rax
        adc     \$0,%rdx
        mov     %rdx,$hi1
 
        lea     1($j),$j                # j++
+       jmp     .L1st_enter
+
+.align 16
 .L1st:
+       add     %rax,$hi1
        mov     ($ap,$j,8),%rax
-       mulq    $m0                     # ap[j]*bp[0]
-       add     $hi0,%rax
        adc     \$0,%rdx
-       mov     %rax,$lo0
+       add     $hi0,$hi1               # np[j]*m1+ap[j]*bp[0]
+       mov     $lo0,$hi0
+       adc     \$0,%rdx
+       mov     $hi1,-16(%rsp,$j,8)     # tp[j-1]
+       mov     %rdx,$hi1
+
+.L1st_enter:
+       mulq    $m0                     # ap[j]*bp[0]
+       add     %rax,$hi0
        mov     ($np,$j,8),%rax
-       mov     %rdx,$hi0
+       adc     \$0,%rdx
+       lea     1($j),$j                # j++
+       mov     %rdx,$lo0
 
        mulq    $m1                     # np[j]*m1
-       add     $hi1,%rax
-       lea     1($j),$j                # j++
+       cmp     $num,$j
+       jne     .L1st
+
+       add     %rax,$hi1
+       mov     ($ap),%rax              # ap[0]
        adc     \$0,%rdx
-       add     $lo0,%rax               # np[j]*m1+ap[j]*bp[0]
+       add     $hi0,$hi1               # np[j]*m1+ap[j]*bp[0]
        adc     \$0,%rdx
-       mov     %rax,-16(%rsp,$j,8)     # tp[j-1]
-       cmp     $num,$j
+       mov     $hi1,-16(%rsp,$j,8)     # tp[j-1]
        mov     %rdx,$hi1
-       jl      .L1st
+       mov     $lo0,$hi0
 
        xor     %rdx,%rdx
        add     $hi0,$hi1
@@ -116,50 +158,64 @@ bn_mul_mont:
        mov     %rdx,(%rsp,$num,8)      # store upmost overflow bit
 
        lea     1($i),$i                # i++
-.align 4
+       jmp     .Louter
+.align 16
 .Louter:
-       xor     $j,$j                   # j=0
-
        mov     ($bp,$i,8),$m0          # m0=bp[i]
-       mov     ($ap),%rax              # ap[0]
+       xor     $j,$j                   # j=0
+       mov     $n0,$m1
+       mov     (%rsp),$lo0
        mulq    $m0                     # ap[0]*bp[i]
-       add     (%rsp),%rax             # ap[0]*bp[i]+tp[0]
+       add     %rax,$lo0               # ap[0]*bp[i]+tp[0]
+       mov     ($np),%rax
        adc     \$0,%rdx
-       mov     %rax,$lo0
-       mov     %rdx,$hi0
 
-       imulq   $n0,%rax                # tp[0]*n0
-       mov     %rax,$m1
+       imulq   $lo0,$m1                # tp[0]*n0
+       mov     %rdx,$hi0
 
-       mulq    ($np,$j,8)              # np[0]*m1
-       add     $lo0,%rax               # discarded
-       mov     8(%rsp),$lo0            # tp[1]
+       mulq    $m1                     # np[0]*m1
+       add     %rax,$lo0               # discarded
+       mov     8($ap),%rax
        adc     \$0,%rdx
+       mov     8(%rsp),$lo0            # tp[1]
        mov     %rdx,$hi1
 
        lea     1($j),$j                # j++
-.align 4
+       jmp     .Linner_enter
+
+.align 16
 .Linner:
+       add     %rax,$hi1
        mov     ($ap,$j,8),%rax
-       mulq    $m0                     # ap[j]*bp[i]
-       add     $hi0,%rax
        adc     \$0,%rdx
-       add     %rax,$lo0               # ap[j]*bp[i]+tp[j]
+       add     $lo0,$hi1               # np[j]*m1+ap[j]*bp[i]+tp[j]
+       mov     (%rsp,$j,8),$lo0
+       adc     \$0,%rdx
+       mov     $hi1,-16(%rsp,$j,8)     # tp[j-1]
+       mov     %rdx,$hi1
+
+.Linner_enter:
+       mulq    $m0                     # ap[j]*bp[i]
+       add     %rax,$hi0
        mov     ($np,$j,8),%rax
        adc     \$0,%rdx
+       add     $hi0,$lo0               # ap[j]*bp[i]+tp[j]
        mov     %rdx,$hi0
+       adc     \$0,$hi0
+       lea     1($j),$j                # j++
 
        mulq    $m1                     # np[j]*m1
-       add     $hi1,%rax
-       lea     1($j),$j                # j++
-       adc     \$0,%rdx
-       add     $lo0,%rax               # np[j]*m1+ap[j]*bp[i]+tp[j]
+       cmp     $num,$j
+       jne     .Linner
+
+       add     %rax,$hi1
+       mov     ($ap),%rax              # ap[0]
        adc     \$0,%rdx
+       add     $lo0,$hi1               # np[j]*m1+ap[j]*bp[i]+tp[j]
        mov     (%rsp,$j,8),$lo0
-       cmp     $num,$j
-       mov     %rax,-16(%rsp,$j,8)     # tp[j-1]
+       adc     \$0,%rdx
+       mov     $hi1,-16(%rsp,$j,8)     # tp[j-1]
        mov     %rdx,$hi1
-       jl      .Linner
 
        xor     %rdx,%rdx
        add     $hi0,$hi1
@@ -173,35 +229,449 @@ bn_mul_mont:
        cmp     $num,$i
        jl      .Louter
 
-       lea     (%rsp),$ap              # borrow ap for tp
-       lea     -1($num),$j             # j=num-1
-
-       mov     ($ap),%rax              # tp[0]
        xor     $i,$i                   # i=0 and clear CF!
+       mov     (%rsp),%rax             # tp[0]
+       lea     (%rsp),$ap              # borrow ap for tp
+       mov     $num,$j                 # j=num
        jmp     .Lsub
 .align 16
 .Lsub: sbb     ($np,$i,8),%rax
        mov     %rax,($rp,$i,8)         # rp[i]=tp[i]-np[i]
-       dec     $j                      # doesn't affect CF!
        mov     8($ap,$i,8),%rax        # tp[i+1]
        lea     1($i),$i                # i++
-       jge     .Lsub
+       dec     $j                      # doesnn't affect CF!
+       jnz     .Lsub
 
        sbb     \$0,%rax                # handle upmost overflow bit
+       xor     $i,$i
        and     %rax,$ap
        not     %rax
        mov     $rp,$np
        and     %rax,$np
-       lea     -1($num),$j
+       mov     $num,$j                 # j=num
        or      $np,$ap                 # ap=borrow?tp:rp
 .align 16
 .Lcopy:                                        # copy or in-place refresh
+       mov     ($ap,$i,8),%rax
+       mov     $i,(%rsp,$i,8)          # zap temporary vector
+       mov     %rax,($rp,$i,8)         # rp[i]=tp[i]
+       lea     1($i),$i
+       sub     \$1,$j
+       jnz     .Lcopy
+
+       mov     8(%rsp,$num,8),%rsi     # restore %rsp
+       mov     \$1,%rax
+       mov     (%rsi),%r15
+       mov     8(%rsi),%r14
+       mov     16(%rsi),%r13
+       mov     24(%rsi),%r12
+       mov     32(%rsi),%rbp
+       mov     40(%rsi),%rbx
+       lea     48(%rsi),%rsp
+.Lmul_epilogue:
+       ret
+.size  bn_mul_mont,.-bn_mul_mont
+___
+{{{
+my @A=("%r10","%r11");
+my @N=("%r13","%rdi");
+$code.=<<___;
+.type  bn_mul4x_mont,\@function,6
+.align 16
+bn_mul4x_mont:
+.Lmul4x_enter:
+       push    %rbx
+       push    %rbp
+       push    %r12
+       push    %r13
+       push    %r14
+       push    %r15
+
+       mov     ${num}d,${num}d
+       lea     4($num),%r10
+       mov     %rsp,%r11
+       neg     %r10
+       lea     (%rsp,%r10,8),%rsp      # tp=alloca(8*(num+4))
+       and     \$-1024,%rsp            # minimize TLB usage
+
+       mov     %r11,8(%rsp,$num,8)     # tp[num+1]=%rsp
+.Lmul4x_body:
+       mov     $rp,16(%rsp,$num,8)     # tp[num+2]=$rp
+       mov     %rdx,%r12               # reassign $bp
+___
+               $bp="%r12";
+$code.=<<___;
+       mov     ($n0),$n0               # pull n0[0] value
+       mov     ($bp),$m0               # m0=bp[0]
+       mov     ($ap),%rax
+
+       xor     $i,$i                   # i=0
+       xor     $j,$j                   # j=0
+
+       mov     $n0,$m1
+       mulq    $m0                     # ap[0]*bp[0]
+       mov     %rax,$A[0]
+       mov     ($np),%rax
+
+       imulq   $A[0],$m1               # "tp[0]"*n0
+       mov     %rdx,$A[1]
+
+       mulq    $m1                     # np[0]*m1
+       add     %rax,$A[0]              # discarded
+       mov     8($ap),%rax
+       adc     \$0,%rdx
+       mov     %rdx,$N[1]
+
+       mulq    $m0
+       add     %rax,$A[1]
+       mov     8($np),%rax
+       adc     \$0,%rdx
+       mov     %rdx,$A[0]
+
+       mulq    $m1
+       add     %rax,$N[1]
+       mov     16($ap),%rax
+       adc     \$0,%rdx
+       add     $A[1],$N[1]
+       lea     4($j),$j                # j++
+       adc     \$0,%rdx
+       mov     $N[1],(%rsp)
+       mov     %rdx,$N[0]
+       jmp     .L1st4x
+.align 16
+.L1st4x:
+       mulq    $m0                     # ap[j]*bp[0]
+       add     %rax,$A[0]
+       mov     -16($np,$j,8),%rax
+       adc     \$0,%rdx
+       mov     %rdx,$A[1]
+
+       mulq    $m1                     # np[j]*m1
+       add     %rax,$N[0]
+       mov     -8($ap,$j,8),%rax
+       adc     \$0,%rdx
+       add     $A[0],$N[0]             # np[j]*m1+ap[j]*bp[0]
+       adc     \$0,%rdx
+       mov     $N[0],-24(%rsp,$j,8)    # tp[j-1]
+       mov     %rdx,$N[1]
+
+       mulq    $m0                     # ap[j]*bp[0]
+       add     %rax,$A[1]
+       mov     -8($np,$j,8),%rax
+       adc     \$0,%rdx
+       mov     %rdx,$A[0]
+
+       mulq    $m1                     # np[j]*m1
+       add     %rax,$N[1]
        mov     ($ap,$j,8),%rax
-       mov     %rax,($rp,$j,8)         # rp[i]=tp[i]
-       mov     $i,(%rsp,$j,8)          # zap temporary vector
+       adc     \$0,%rdx
+       add     $A[1],$N[1]             # np[j]*m1+ap[j]*bp[0]
+       adc     \$0,%rdx
+       mov     $N[1],-16(%rsp,$j,8)    # tp[j-1]
+       mov     %rdx,$N[0]
+
+       mulq    $m0                     # ap[j]*bp[0]
+       add     %rax,$A[0]
+       mov     ($np,$j,8),%rax
+       adc     \$0,%rdx
+       mov     %rdx,$A[1]
+
+       mulq    $m1                     # np[j]*m1
+       add     %rax,$N[0]
+       mov     8($ap,$j,8),%rax
+       adc     \$0,%rdx
+       add     $A[0],$N[0]             # np[j]*m1+ap[j]*bp[0]
+       adc     \$0,%rdx
+       mov     $N[0],-8(%rsp,$j,8)     # tp[j-1]
+       mov     %rdx,$N[1]
+
+       mulq    $m0                     # ap[j]*bp[0]
+       add     %rax,$A[1]
+       mov     8($np,$j,8),%rax
+       adc     \$0,%rdx
+       lea     4($j),$j                # j++
+       mov     %rdx,$A[0]
+
+       mulq    $m1                     # np[j]*m1
+       add     %rax,$N[1]
+       mov     -16($ap,$j,8),%rax
+       adc     \$0,%rdx
+       add     $A[1],$N[1]             # np[j]*m1+ap[j]*bp[0]
+       adc     \$0,%rdx
+       mov     $N[1],-32(%rsp,$j,8)    # tp[j-1]
+       mov     %rdx,$N[0]
+       cmp     $num,$j
+       jl      .L1st4x
+
+       mulq    $m0                     # ap[j]*bp[0]
+       add     %rax,$A[0]
+       mov     -16($np,$j,8),%rax
+       adc     \$0,%rdx
+       mov     %rdx,$A[1]
+
+       mulq    $m1                     # np[j]*m1
+       add     %rax,$N[0]
+       mov     -8($ap,$j,8),%rax
+       adc     \$0,%rdx
+       add     $A[0],$N[0]             # np[j]*m1+ap[j]*bp[0]
+       adc     \$0,%rdx
+       mov     $N[0],-24(%rsp,$j,8)    # tp[j-1]
+       mov     %rdx,$N[1]
+
+       mulq    $m0                     # ap[j]*bp[0]
+       add     %rax,$A[1]
+       mov     -8($np,$j,8),%rax
+       adc     \$0,%rdx
+       mov     %rdx,$A[0]
+
+       mulq    $m1                     # np[j]*m1
+       add     %rax,$N[1]
+       mov     ($ap),%rax              # ap[0]
+       adc     \$0,%rdx
+       add     $A[1],$N[1]             # np[j]*m1+ap[j]*bp[0]
+       adc     \$0,%rdx
+       mov     $N[1],-16(%rsp,$j,8)    # tp[j-1]
+       mov     %rdx,$N[0]
+
+       xor     $N[1],$N[1]
+       add     $A[0],$N[0]
+       adc     \$0,$N[1]
+       mov     $N[0],-8(%rsp,$j,8)
+       mov     $N[1],(%rsp,$j,8)       # store upmost overflow bit
+
+       lea     1($i),$i                # i++
+.align 4
+.Louter4x:
+       mov     ($bp,$i,8),$m0          # m0=bp[i]
+       xor     $j,$j                   # j=0
+       mov     (%rsp),$A[0]
+       mov     $n0,$m1
+       mulq    $m0                     # ap[0]*bp[i]
+       add     %rax,$A[0]              # ap[0]*bp[i]+tp[0]
+       mov     ($np),%rax
+       adc     \$0,%rdx
+
+       imulq   $A[0],$m1               # tp[0]*n0
+       mov     %rdx,$A[1]
+
+       mulq    $m1                     # np[0]*m1
+       add     %rax,$A[0]              # "$N[0]", discarded
+       mov     8($ap),%rax
+       adc     \$0,%rdx
+       mov     %rdx,$N[1]
+
+       mulq    $m0                     # ap[j]*bp[i]
+       add     %rax,$A[1]
+       mov     8($np),%rax
+       adc     \$0,%rdx
+       add     8(%rsp),$A[1]           # +tp[1]
+       adc     \$0,%rdx
+       mov     %rdx,$A[0]
+
+       mulq    $m1                     # np[j]*m1
+       add     %rax,$N[1]
+       mov     16($ap),%rax
+       adc     \$0,%rdx
+       add     $A[1],$N[1]             # np[j]*m1+ap[j]*bp[i]+tp[j]
+       lea     4($j),$j                # j+=2
+       adc     \$0,%rdx
+       mov     $N[1],(%rsp)            # tp[j-1]
+       mov     %rdx,$N[0]
+       jmp     .Linner4x
+.align 16
+.Linner4x:
+       mulq    $m0                     # ap[j]*bp[i]
+       add     %rax,$A[0]
+       mov     -16($np,$j,8),%rax
+       adc     \$0,%rdx
+       add     -16(%rsp,$j,8),$A[0]    # ap[j]*bp[i]+tp[j]
+       adc     \$0,%rdx
+       mov     %rdx,$A[1]
+
+       mulq    $m1                     # np[j]*m1
+       add     %rax,$N[0]
+       mov     -8($ap,$j,8),%rax
+       adc     \$0,%rdx
+       add     $A[0],$N[0]
+       adc     \$0,%rdx
+       mov     $N[0],-24(%rsp,$j,8)    # tp[j-1]
+       mov     %rdx,$N[1]
+
+       mulq    $m0                     # ap[j]*bp[i]
+       add     %rax,$A[1]
+       mov     -8($np,$j,8),%rax
+       adc     \$0,%rdx
+       add     -8(%rsp,$j,8),$A[1]
+       adc     \$0,%rdx
+       mov     %rdx,$A[0]
+
+       mulq    $m1                     # np[j]*m1
+       add     %rax,$N[1]
+       mov     ($ap,$j,8),%rax
+       adc     \$0,%rdx
+       add     $A[1],$N[1]
+       adc     \$0,%rdx
+       mov     $N[1],-16(%rsp,$j,8)    # tp[j-1]
+       mov     %rdx,$N[0]
+
+       mulq    $m0                     # ap[j]*bp[i]
+       add     %rax,$A[0]
+       mov     ($np,$j,8),%rax
+       adc     \$0,%rdx
+       add     (%rsp,$j,8),$A[0]       # ap[j]*bp[i]+tp[j]
+       adc     \$0,%rdx
+       mov     %rdx,$A[1]
+
+       mulq    $m1                     # np[j]*m1
+       add     %rax,$N[0]
+       mov     8($ap,$j,8),%rax
+       adc     \$0,%rdx
+       add     $A[0],$N[0]
+       adc     \$0,%rdx
+       mov     $N[0],-8(%rsp,$j,8)     # tp[j-1]
+       mov     %rdx,$N[1]
+
+       mulq    $m0                     # ap[j]*bp[i]
+       add     %rax,$A[1]
+       mov     8($np,$j,8),%rax
+       adc     \$0,%rdx
+       add     8(%rsp,$j,8),$A[1]
+       adc     \$0,%rdx
+       lea     4($j),$j                # j++
+       mov     %rdx,$A[0]
+
+       mulq    $m1                     # np[j]*m1
+       add     %rax,$N[1]
+       mov     -16($ap,$j,8),%rax
+       adc     \$0,%rdx
+       add     $A[1],$N[1]
+       adc     \$0,%rdx
+       mov     $N[1],-32(%rsp,$j,8)    # tp[j-1]
+       mov     %rdx,$N[0]
+       cmp     $num,$j
+       jl      .Linner4x
+
+       mulq    $m0                     # ap[j]*bp[i]
+       add     %rax,$A[0]
+       mov     -16($np,$j,8),%rax
+       adc     \$0,%rdx
+       add     -16(%rsp,$j,8),$A[0]    # ap[j]*bp[i]+tp[j]
+       adc     \$0,%rdx
+       mov     %rdx,$A[1]
+
+       mulq    $m1                     # np[j]*m1
+       add     %rax,$N[0]
+       mov     -8($ap,$j,8),%rax
+       adc     \$0,%rdx
+       add     $A[0],$N[0]
+       adc     \$0,%rdx
+       mov     $N[0],-24(%rsp,$j,8)    # tp[j-1]
+       mov     %rdx,$N[1]
+
+       mulq    $m0                     # ap[j]*bp[i]
+       add     %rax,$A[1]
+       mov     -8($np,$j,8),%rax
+       adc     \$0,%rdx
+       add     -8(%rsp,$j,8),$A[1]
+       adc     \$0,%rdx
+       lea     1($i),$i                # i++
+       mov     %rdx,$A[0]
+
+       mulq    $m1                     # np[j]*m1
+       add     %rax,$N[1]
+       mov     ($ap),%rax              # ap[0]
+       adc     \$0,%rdx
+       add     $A[1],$N[1]
+       adc     \$0,%rdx
+       mov     $N[1],-16(%rsp,$j,8)    # tp[j-1]
+       mov     %rdx,$N[0]
+
+       xor     $N[1],$N[1]
+       add     $A[0],$N[0]
+       adc     \$0,$N[1]
+       add     (%rsp,$num,8),$N[0]     # pull upmost overflow bit
+       adc     \$0,$N[1]
+       mov     $N[0],-8(%rsp,$j,8)
+       mov     $N[1],(%rsp,$j,8)       # store upmost overflow bit
+
+       cmp     $num,$i
+       jl      .Louter4x
+___
+{
+my @ri=("%rax","%rdx",$m0,$m1);
+$code.=<<___;
+       mov     16(%rsp,$num,8),$rp     # restore $rp
+       mov     0(%rsp),@ri[0]          # tp[0]
+       pxor    %xmm0,%xmm0
+       mov     8(%rsp),@ri[1]          # tp[1]
+       shr     \$2,$num                # num/=4
+       lea     (%rsp),$ap              # borrow ap for tp
+       xor     $i,$i                   # i=0 and clear CF!
+
+       sub     0($np),@ri[0]
+       mov     16($ap),@ri[2]          # tp[2]
+       mov     24($ap),@ri[3]          # tp[3]
+       sbb     8($np),@ri[1]
+       lea     -1($num),$j             # j=num/4-1
+       jmp     .Lsub4x
+.align 16
+.Lsub4x:
+       mov     @ri[0],0($rp,$i,8)      # rp[i]=tp[i]-np[i]
+       mov     @ri[1],8($rp,$i,8)      # rp[i]=tp[i]-np[i]
+       sbb     16($np,$i,8),@ri[2]
+       mov     32($ap,$i,8),@ri[0]     # tp[i+1]
+       mov     40($ap,$i,8),@ri[1]
+       sbb     24($np,$i,8),@ri[3]
+       mov     @ri[2],16($rp,$i,8)     # rp[i]=tp[i]-np[i]
+       mov     @ri[3],24($rp,$i,8)     # rp[i]=tp[i]-np[i]
+       sbb     32($np,$i,8),@ri[0]
+       mov     48($ap,$i,8),@ri[2]
+       mov     56($ap,$i,8),@ri[3]
+       sbb     40($np,$i,8),@ri[1]
+       lea     4($i),$i                # i++
+       dec     $j                      # doesnn't affect CF!
+       jnz     .Lsub4x
+
+       mov     @ri[0],0($rp,$i,8)      # rp[i]=tp[i]-np[i]
+       mov     32($ap,$i,8),@ri[0]     # load overflow bit
+       sbb     16($np,$i,8),@ri[2]
+       mov     @ri[1],8($rp,$i,8)      # rp[i]=tp[i]-np[i]
+       sbb     24($np,$i,8),@ri[3]
+       mov     @ri[2],16($rp,$i,8)     # rp[i]=tp[i]-np[i]
+
+       sbb     \$0,@ri[0]              # handle upmost overflow bit
+       mov     @ri[3],24($rp,$i,8)     # rp[i]=tp[i]-np[i]
+       xor     $i,$i                   # i=0
+       and     @ri[0],$ap
+       not     @ri[0]
+       mov     $rp,$np
+       and     @ri[0],$np
+       lea     -1($num),$j
+       or      $np,$ap                 # ap=borrow?tp:rp
+
+       movdqu  ($ap),%xmm1
+       movdqa  %xmm0,(%rsp)
+       movdqu  %xmm1,($rp)
+       jmp     .Lcopy4x
+.align 16
+.Lcopy4x:                                      # copy or in-place refresh
+       movdqu  16($ap,$i),%xmm2
+       movdqu  32($ap,$i),%xmm1
+       movdqa  %xmm0,16(%rsp,$i)
+       movdqu  %xmm2,16($rp,$i)
+       movdqa  %xmm0,32(%rsp,$i)
+       movdqu  %xmm1,32($rp,$i)
+       lea     32($i),$i
        dec     $j
-       jge     .Lcopy
+       jnz     .Lcopy4x
 
+       shl     \$2,$num
+       movdqu  16($ap,$i),%xmm2
+       movdqa  %xmm0,16(%rsp,$i)
+       movdqu  %xmm2,16($rp,$i)
+___
+}
+$code.=<<___;
        mov     8(%rsp,$num,8),%rsi     # restore %rsp
        mov     \$1,%rax
        mov     (%rsi),%r15
@@ -211,9 +681,823 @@ bn_mul_mont:
        mov     32(%rsi),%rbp
        mov     40(%rsi),%rbx
        lea     48(%rsi),%rsp
-.Lepilogue:
+.Lmul4x_epilogue:
        ret
-.size  bn_mul_mont,.-bn_mul_mont
+.size  bn_mul4x_mont,.-bn_mul4x_mont
+___
+}}}
+\f{{{
+######################################################################
+# void bn_sqr4x_mont(
+my $rptr="%rdi";       # const BN_ULONG *rptr,
+my $aptr="%rsi";       # const BN_ULONG *aptr,
+my $bptr="%rdx";       # not used
+my $nptr="%rcx";       # const BN_ULONG *nptr,
+my $n0  ="%r8";                # const BN_ULONG *n0);
+my $num ="%r9";                # int num, has to be divisible by 4 and
+                       # not less than 8
+
+my ($i,$j,$tptr)=("%rbp","%rcx",$rptr);
+my @A0=("%r10","%r11");
+my @A1=("%r12","%r13");
+my ($a0,$a1,$ai)=("%r14","%r15","%rbx");
+
+$code.=<<___;
+.type  bn_sqr4x_mont,\@function,6
+.align 16
+bn_sqr4x_mont:
+.Lsqr4x_enter:
+       push    %rbx
+       push    %rbp
+       push    %r12
+       push    %r13
+       push    %r14
+       push    %r15
+
+       shl     \$3,${num}d             # convert $num to bytes
+       xor     %r10,%r10
+       mov     %rsp,%r11               # put aside %rsp
+       sub     $num,%r10               # -$num
+       mov     ($n0),$n0               # *n0
+       lea     -72(%rsp,%r10,2),%rsp   # alloca(frame+2*$num)
+       and     \$-1024,%rsp            # minimize TLB usage
+       ##############################################################
+       # Stack layout
+       #
+       # +0    saved $num, used in reduction section
+       # +8    &t[2*$num], used in reduction section
+       # +32   saved $rptr
+       # +40   saved $nptr
+       # +48   saved *n0
+       # +56   saved %rsp
+       # +64   t[2*$num]
+       #
+       mov     $rptr,32(%rsp)          # save $rptr
+       mov     $nptr,40(%rsp)
+       mov     $n0,  48(%rsp)
+       mov     %r11, 56(%rsp)          # save original %rsp
+.Lsqr4x_body:
+       ##############################################################
+       # Squaring part:
+       #
+       # a) multiply-n-add everything but a[i]*a[i];
+       # b) shift result of a) by 1 to the left and accumulate
+       #    a[i]*a[i] products;
+       #
+       lea     32(%r10),$i             # $i=-($num-32)
+       lea     ($aptr,$num),$aptr      # end of a[] buffer, ($aptr,$i)=&ap[2]
+
+       mov     $num,$j                 # $j=$num
+
+                                       # comments apply to $num==8 case
+       mov     -32($aptr,$i),$a0       # a[0]
+       lea     64(%rsp,$num,2),$tptr   # end of tp[] buffer, &tp[2*$num]
+       mov     -24($aptr,$i),%rax      # a[1]
+       lea     -32($tptr,$i),$tptr     # end of tp[] window, &tp[2*$num-"$i"]
+       mov     -16($aptr,$i),$ai       # a[2]
+       mov     %rax,$a1
+
+       mul     $a0                     # a[1]*a[0]
+       mov     %rax,$A0[0]             # a[1]*a[0]
+        mov    $ai,%rax                # a[2]
+       mov     %rdx,$A0[1]
+       mov     $A0[0],-24($tptr,$i)    # t[1]
+
+       xor     $A0[0],$A0[0]
+       mul     $a0                     # a[2]*a[0]
+       add     %rax,$A0[1]
+        mov    $ai,%rax
+       adc     %rdx,$A0[0]
+       mov     $A0[1],-16($tptr,$i)    # t[2]
+
+       lea     -16($i),$j              # j=-16
+
+
+        mov    8($aptr,$j),$ai         # a[3]
+       mul     $a1                     # a[2]*a[1]
+       mov     %rax,$A1[0]             # a[2]*a[1]+t[3]
+        mov    $ai,%rax
+       mov     %rdx,$A1[1]
+
+       xor     $A0[1],$A0[1]
+       add     $A1[0],$A0[0]
+        lea    16($j),$j
+       adc     \$0,$A0[1]
+       mul     $a0                     # a[3]*a[0]
+       add     %rax,$A0[0]             # a[3]*a[0]+a[2]*a[1]+t[3]
+        mov    $ai,%rax
+       adc     %rdx,$A0[1]
+       mov     $A0[0],-8($tptr,$j)     # t[3]
+       jmp     .Lsqr4x_1st
+
+.align 16
+.Lsqr4x_1st:
+        mov    ($aptr,$j),$ai          # a[4]
+       xor     $A1[0],$A1[0]
+       mul     $a1                     # a[3]*a[1]
+       add     %rax,$A1[1]             # a[3]*a[1]+t[4]
+        mov    $ai,%rax
+       adc     %rdx,$A1[0]
+
+       xor     $A0[0],$A0[0]
+       add     $A1[1],$A0[1]
+       adc     \$0,$A0[0]
+       mul     $a0                     # a[4]*a[0]
+       add     %rax,$A0[1]             # a[4]*a[0]+a[3]*a[1]+t[4]
+        mov    $ai,%rax                # a[3]
+       adc     %rdx,$A0[0]
+       mov     $A0[1],($tptr,$j)       # t[4]
+
+
+        mov    8($aptr,$j),$ai         # a[5]
+       xor     $A1[1],$A1[1]
+       mul     $a1                     # a[4]*a[3]
+       add     %rax,$A1[0]             # a[4]*a[3]+t[5]
+        mov    $ai,%rax
+       adc     %rdx,$A1[1]
+
+       xor     $A0[1],$A0[1]
+       add     $A1[0],$A0[0]
+       adc     \$0,$A0[1]
+       mul     $a0                     # a[5]*a[2]
+       add     %rax,$A0[0]             # a[5]*a[2]+a[4]*a[3]+t[5]
+        mov    $ai,%rax
+       adc     %rdx,$A0[1]
+       mov     $A0[0],8($tptr,$j)      # t[5]
+
+        mov    16($aptr,$j),$ai        # a[6]
+       xor     $A1[0],$A1[0]
+       mul     $a1                     # a[5]*a[3]
+       add     %rax,$A1[1]             # a[5]*a[3]+t[6]
+        mov    $ai,%rax
+       adc     %rdx,$A1[0]
+
+       xor     $A0[0],$A0[0]
+       add     $A1[1],$A0[1]
+       adc     \$0,$A0[0]
+       mul     $a0                     # a[6]*a[2]
+       add     %rax,$A0[1]             # a[6]*a[2]+a[5]*a[3]+t[6]
+        mov    $ai,%rax                # a[3]
+       adc     %rdx,$A0[0]
+       mov     $A0[1],16($tptr,$j)     # t[6]
+
+
+        mov    24($aptr,$j),$ai        # a[7]
+       xor     $A1[1],$A1[1]
+       mul     $a1                     # a[6]*a[5]
+       add     %rax,$A1[0]             # a[6]*a[5]+t[7]
+        mov    $ai,%rax
+       adc     %rdx,$A1[1]
+
+       xor     $A0[1],$A0[1]
+       add     $A1[0],$A0[0]
+        lea    32($j),$j
+       adc     \$0,$A0[1]
+       mul     $a0                     # a[7]*a[4]
+       add     %rax,$A0[0]             # a[7]*a[4]+a[6]*a[5]+t[6]
+        mov    $ai,%rax
+       adc     %rdx,$A0[1]
+       mov     $A0[0],-8($tptr,$j)     # t[7]
+
+       cmp     \$0,$j
+       jne     .Lsqr4x_1st
+
+       xor     $A1[0],$A1[0]
+       add     $A0[1],$A1[1]
+       adc     \$0,$A1[0]
+       mul     $a1                     # a[7]*a[5]
+       add     %rax,$A1[1]
+       adc     %rdx,$A1[0]
+
+       mov     $A1[1],($tptr)          # t[8]
+       lea     16($i),$i
+       mov     $A1[0],8($tptr)         # t[9]
+       jmp     .Lsqr4x_outer
+
+.align 16
+.Lsqr4x_outer:                         # comments apply to $num==6 case
+       mov     -32($aptr,$i),$a0       # a[0]
+       lea     64(%rsp,$num,2),$tptr   # end of tp[] buffer, &tp[2*$num]
+       mov     -24($aptr,$i),%rax      # a[1]
+       lea     -32($tptr,$i),$tptr     # end of tp[] window, &tp[2*$num-"$i"]
+       mov     -16($aptr,$i),$ai       # a[2]
+       mov     %rax,$a1
+
+       mov     -24($tptr,$i),$A0[0]    # t[1]
+       xor     $A0[1],$A0[1]
+       mul     $a0                     # a[1]*a[0]
+       add     %rax,$A0[0]             # a[1]*a[0]+t[1]
+        mov    $ai,%rax                # a[2]
+       adc     %rdx,$A0[1]
+       mov     $A0[0],-24($tptr,$i)    # t[1]
+
+       xor     $A0[0],$A0[0]
+       add     -16($tptr,$i),$A0[1]    # a[2]*a[0]+t[2]
+       adc     \$0,$A0[0]
+       mul     $a0                     # a[2]*a[0]
+       add     %rax,$A0[1]
+        mov    $ai,%rax
+       adc     %rdx,$A0[0]
+       mov     $A0[1],-16($tptr,$i)    # t[2]
+
+       lea     -16($i),$j              # j=-16
+       xor     $A1[0],$A1[0]
+
+
+        mov    8($aptr,$j),$ai         # a[3]
+       xor     $A1[1],$A1[1]
+       add     8($tptr,$j),$A1[0]
+       adc     \$0,$A1[1]
+       mul     $a1                     # a[2]*a[1]
+       add     %rax,$A1[0]             # a[2]*a[1]+t[3]
+        mov    $ai,%rax
+       adc     %rdx,$A1[1]
+
+       xor     $A0[1],$A0[1]
+       add     $A1[0],$A0[0]
+       adc     \$0,$A0[1]
+       mul     $a0                     # a[3]*a[0]
+       add     %rax,$A0[0]             # a[3]*a[0]+a[2]*a[1]+t[3]
+        mov    $ai,%rax
+       adc     %rdx,$A0[1]
+       mov     $A0[0],8($tptr,$j)      # t[3]
+
+       lea     16($j),$j
+       jmp     .Lsqr4x_inner
+
+.align 16
+.Lsqr4x_inner:
+        mov    ($aptr,$j),$ai          # a[4]
+       xor     $A1[0],$A1[0]
+       add     ($tptr,$j),$A1[1]
+       adc     \$0,$A1[0]
+       mul     $a1                     # a[3]*a[1]
+       add     %rax,$A1[1]             # a[3]*a[1]+t[4]
+        mov    $ai,%rax
+       adc     %rdx,$A1[0]
+
+       xor     $A0[0],$A0[0]
+       add     $A1[1],$A0[1]
+       adc     \$0,$A0[0]
+       mul     $a0                     # a[4]*a[0]
+       add     %rax,$A0[1]             # a[4]*a[0]+a[3]*a[1]+t[4]
+        mov    $ai,%rax                # a[3]
+       adc     %rdx,$A0[0]
+       mov     $A0[1],($tptr,$j)       # t[4]
+
+        mov    8($aptr,$j),$ai         # a[5]
+       xor     $A1[1],$A1[1]
+       add     8($tptr,$j),$A1[0]
+       adc     \$0,$A1[1]
+       mul     $a1                     # a[4]*a[3]
+       add     %rax,$A1[0]             # a[4]*a[3]+t[5]
+        mov    $ai,%rax
+       adc     %rdx,$A1[1]
+
+       xor     $A0[1],$A0[1]
+       add     $A1[0],$A0[0]
+       lea     16($j),$j               # j++
+       adc     \$0,$A0[1]
+       mul     $a0                     # a[5]*a[2]
+       add     %rax,$A0[0]             # a[5]*a[2]+a[4]*a[3]+t[5]
+        mov    $ai,%rax
+       adc     %rdx,$A0[1]
+       mov     $A0[0],-8($tptr,$j)     # t[5], "preloaded t[1]" below
+
+       cmp     \$0,$j
+       jne     .Lsqr4x_inner
+
+       xor     $A1[0],$A1[0]
+       add     $A0[1],$A1[1]
+       adc     \$0,$A1[0]
+       mul     $a1                     # a[5]*a[3]
+       add     %rax,$A1[1]
+       adc     %rdx,$A1[0]
+
+       mov     $A1[1],($tptr)          # t[6], "preloaded t[2]" below
+       mov     $A1[0],8($tptr)         # t[7], "preloaded t[3]" below
+
+       add     \$16,$i
+       jnz     .Lsqr4x_outer
+
+                                       # comments apply to $num==4 case
+       mov     -32($aptr),$a0          # a[0]
+       lea     64(%rsp,$num,2),$tptr   # end of tp[] buffer, &tp[2*$num]
+       mov     -24($aptr),%rax         # a[1]
+       lea     -32($tptr,$i),$tptr     # end of tp[] window, &tp[2*$num-"$i"]
+       mov     -16($aptr),$ai          # a[2]
+       mov     %rax,$a1
+
+       xor     $A0[1],$A0[1]
+       mul     $a0                     # a[1]*a[0]
+       add     %rax,$A0[0]             # a[1]*a[0]+t[1], preloaded t[1]
+        mov    $ai,%rax                # a[2]
+       adc     %rdx,$A0[1]
+       mov     $A0[0],-24($tptr)       # t[1]
+
+       xor     $A0[0],$A0[0]
+       add     $A1[1],$A0[1]           # a[2]*a[0]+t[2], preloaded t[2]
+       adc     \$0,$A0[0]
+       mul     $a0                     # a[2]*a[0]
+       add     %rax,$A0[1]
+        mov    $ai,%rax
+       adc     %rdx,$A0[0]
+       mov     $A0[1],-16($tptr)       # t[2]
+
+        mov    -8($aptr),$ai           # a[3]
+       mul     $a1                     # a[2]*a[1]
+       add     %rax,$A1[0]             # a[2]*a[1]+t[3], preloaded t[3]
+        mov    $ai,%rax
+       adc     \$0,%rdx
+
+       xor     $A0[1],$A0[1]
+       add     $A1[0],$A0[0]
+        mov    %rdx,$A1[1]
+       adc     \$0,$A0[1]
+       mul     $a0                     # a[3]*a[0]
+       add     %rax,$A0[0]             # a[3]*a[0]+a[2]*a[1]+t[3]
+        mov    $ai,%rax
+       adc     %rdx,$A0[1]
+       mov     $A0[0],-8($tptr)        # t[3]
+
+       xor     $A1[0],$A1[0]
+       add     $A0[1],$A1[1]
+       adc     \$0,$A1[0]
+       mul     $a1                     # a[3]*a[1]
+       add     %rax,$A1[1]
+        mov    -16($aptr),%rax         # a[2]
+       adc     %rdx,$A1[0]
+
+       mov     $A1[1],($tptr)          # t[4]
+       mov     $A1[0],8($tptr)         # t[5]
+
+       mul     $ai                     # a[2]*a[3]
+___
+{
+my ($shift,$carry)=($a0,$a1);
+my @S=(@A1,$ai,$n0);
+$code.=<<___;
+        add    \$16,$i
+        xor    $shift,$shift
+        sub    $num,$i                 # $i=16-$num
+        xor    $carry,$carry
+
+       add     $A1[0],%rax             # t[5]
+       adc     \$0,%rdx
+       mov     %rax,8($tptr)           # t[5]
+       mov     %rdx,16($tptr)          # t[6]
+       mov     $carry,24($tptr)        # t[7]
+
+        mov    -16($aptr,$i),%rax      # a[0]
+       lea     64(%rsp,$num,2),$tptr
+        xor    $A0[0],$A0[0]           # t[0]
+        mov    -24($tptr,$i,2),$A0[1]  # t[1]
+
+       lea     ($shift,$A0[0],2),$S[0] # t[2*i]<<1 | shift
+       shr     \$63,$A0[0]
+       lea     ($j,$A0[1],2),$S[1]     # t[2*i+1]<<1 |
+       shr     \$63,$A0[1]
+       or      $A0[0],$S[1]            # | t[2*i]>>63
+        mov    -16($tptr,$i,2),$A0[0]  # t[2*i+2]      # prefetch
+       mov     $A0[1],$shift           # shift=t[2*i+1]>>63
+       mul     %rax                    # a[i]*a[i]
+       neg     $carry                  # mov $carry,cf
+        mov    -8($tptr,$i,2),$A0[1]   # t[2*i+2+1]    # prefetch
+       adc     %rax,$S[0]
+        mov    -8($aptr,$i),%rax       # a[i+1]        # prefetch
+       mov     $S[0],-32($tptr,$i,2)
+       adc     %rdx,$S[1]
+
+       lea     ($shift,$A0[0],2),$S[2] # t[2*i]<<1 | shift
+        mov    $S[1],-24($tptr,$i,2)
+        sbb    $carry,$carry           # mov cf,$carry
+       shr     \$63,$A0[0]
+       lea     ($j,$A0[1],2),$S[3]     # t[2*i+1]<<1 |
+       shr     \$63,$A0[1]
+       or      $A0[0],$S[3]            # | t[2*i]>>63
+        mov    0($tptr,$i,2),$A0[0]    # t[2*i+2]      # prefetch
+       mov     $A0[1],$shift           # shift=t[2*i+1]>>63
+       mul     %rax                    # a[i]*a[i]
+       neg     $carry                  # mov $carry,cf
+        mov    8($tptr,$i,2),$A0[1]    # t[2*i+2+1]    # prefetch
+       adc     %rax,$S[2]
+        mov    0($aptr,$i),%rax        # a[i+1]        # prefetch
+       mov     $S[2],-16($tptr,$i,2)
+       adc     %rdx,$S[3]
+       lea     16($i),$i
+       mov     $S[3],-40($tptr,$i,2)
+       sbb     $carry,$carry           # mov cf,$carry
+       jmp     .Lsqr4x_shift_n_add
+
+.align 16
+.Lsqr4x_shift_n_add:
+       lea     ($shift,$A0[0],2),$S[0] # t[2*i]<<1 | shift
+       shr     \$63,$A0[0]
+       lea     ($j,$A0[1],2),$S[1]     # t[2*i+1]<<1 |
+       shr     \$63,$A0[1]
+       or      $A0[0],$S[1]            # | t[2*i]>>63
+        mov    -16($tptr,$i,2),$A0[0]  # t[2*i+2]      # prefetch
+       mov     $A0[1],$shift           # shift=t[2*i+1]>>63
+       mul     %rax                    # a[i]*a[i]
+       neg     $carry                  # mov $carry,cf
+        mov    -8($tptr,$i,2),$A0[1]   # t[2*i+2+1]    # prefetch
+       adc     %rax,$S[0]
+        mov    -8($aptr,$i),%rax       # a[i+1]        # prefetch
+       mov     $S[0],-32($tptr,$i,2)
+       adc     %rdx,$S[1]
+
+       lea     ($shift,$A0[0],2),$S[2] # t[2*i]<<1 | shift
+        mov    $S[1],-24($tptr,$i,2)
+        sbb    $carry,$carry           # mov cf,$carry
+       shr     \$63,$A0[0]
+       lea     ($j,$A0[1],2),$S[3]     # t[2*i+1]<<1 |
+       shr     \$63,$A0[1]
+       or      $A0[0],$S[3]            # | t[2*i]>>63
+        mov    0($tptr,$i,2),$A0[0]    # t[2*i+2]      # prefetch
+       mov     $A0[1],$shift           # shift=t[2*i+1]>>63
+       mul     %rax                    # a[i]*a[i]
+       neg     $carry                  # mov $carry,cf
+        mov    8($tptr,$i,2),$A0[1]    # t[2*i+2+1]    # prefetch
+       adc     %rax,$S[2]
+        mov    0($aptr,$i),%rax        # a[i+1]        # prefetch
+       mov     $S[2],-16($tptr,$i,2)
+       adc     %rdx,$S[3]
+
+       lea     ($shift,$A0[0],2),$S[0] # t[2*i]<<1 | shift
+        mov    $S[3],-8($tptr,$i,2)
+        sbb    $carry,$carry           # mov cf,$carry
+       shr     \$63,$A0[0]
+       lea     ($j,$A0[1],2),$S[1]     # t[2*i+1]<<1 |
+       shr     \$63,$A0[1]
+       or      $A0[0],$S[1]            # | t[2*i]>>63
+        mov    16($tptr,$i,2),$A0[0]   # t[2*i+2]      # prefetch
+       mov     $A0[1],$shift           # shift=t[2*i+1]>>63
+       mul     %rax                    # a[i]*a[i]
+       neg     $carry                  # mov $carry,cf
+        mov    24($tptr,$i,2),$A0[1]   # t[2*i+2+1]    # prefetch
+       adc     %rax,$S[0]
+        mov    8($aptr,$i),%rax        # a[i+1]        # prefetch
+       mov     $S[0],0($tptr,$i,2)
+       adc     %rdx,$S[1]
+
+       lea     ($shift,$A0[0],2),$S[2] # t[2*i]<<1 | shift
+        mov    $S[1],8($tptr,$i,2)
+        sbb    $carry,$carry           # mov cf,$carry
+       shr     \$63,$A0[0]
+       lea     ($j,$A0[1],2),$S[3]     # t[2*i+1]<<1 |
+       shr     \$63,$A0[1]
+       or      $A0[0],$S[3]            # | t[2*i]>>63
+        mov    32($tptr,$i,2),$A0[0]   # t[2*i+2]      # prefetch
+       mov     $A0[1],$shift           # shift=t[2*i+1]>>63
+       mul     %rax                    # a[i]*a[i]
+       neg     $carry                  # mov $carry,cf
+        mov    40($tptr,$i,2),$A0[1]   # t[2*i+2+1]    # prefetch
+       adc     %rax,$S[2]
+        mov    16($aptr,$i),%rax       # a[i+1]        # prefetch
+       mov     $S[2],16($tptr,$i,2)
+       adc     %rdx,$S[3]
+       mov     $S[3],24($tptr,$i,2)
+       sbb     $carry,$carry           # mov cf,$carry
+       add     \$32,$i
+       jnz     .Lsqr4x_shift_n_add
+
+       lea     ($shift,$A0[0],2),$S[0] # t[2*i]<<1 | shift
+       shr     \$63,$A0[0]
+       lea     ($j,$A0[1],2),$S[1]     # t[2*i+1]<<1 |
+       shr     \$63,$A0[1]
+       or      $A0[0],$S[1]            # | t[2*i]>>63
+        mov    -16($tptr),$A0[0]       # t[2*i+2]      # prefetch
+       mov     $A0[1],$shift           # shift=t[2*i+1]>>63
+       mul     %rax                    # a[i]*a[i]
+       neg     $carry                  # mov $carry,cf
+        mov    -8($tptr),$A0[1]        # t[2*i+2+1]    # prefetch
+       adc     %rax,$S[0]
+        mov    -8($aptr),%rax          # a[i+1]        # prefetch
+       mov     $S[0],-32($tptr)
+       adc     %rdx,$S[1]
+
+       lea     ($shift,$A0[0],2),$S[2] # t[2*i]<<1|shift
+        mov    $S[1],-24($tptr)
+        sbb    $carry,$carry           # mov cf,$carry
+       shr     \$63,$A0[0]
+       lea     ($j,$A0[1],2),$S[3]     # t[2*i+1]<<1 |
+       shr     \$63,$A0[1]
+       or      $A0[0],$S[3]            # | t[2*i]>>63
+       mul     %rax                    # a[i]*a[i]
+       neg     $carry                  # mov $carry,cf
+       adc     %rax,$S[2]
+       adc     %rdx,$S[3]
+       mov     $S[2],-16($tptr)
+       mov     $S[3],-8($tptr)
+___
+}\f
+##############################################################
+# Montgomery reduction part, "word-by-word" algorithm.
+#
+{
+my ($topbit,$nptr)=("%rbp",$aptr);
+my ($m0,$m1)=($a0,$a1);
+my @Ni=("%rbx","%r9");
+$code.=<<___;
+       mov     40(%rsp),$nptr          # restore $nptr
+       mov     48(%rsp),$n0            # restore *n0
+       xor     $j,$j
+       mov     $num,0(%rsp)            # save $num
+       sub     $num,$j                 # $j=-$num
+        mov    64(%rsp),$A0[0]         # t[0]          # modsched #
+        mov    $n0,$m0                 #               # modsched #
+       lea     64(%rsp,$num,2),%rax    # end of t[] buffer
+       lea     64(%rsp,$num),$tptr     # end of t[] window
+       mov     %rax,8(%rsp)            # save end of t[] buffer
+       lea     ($nptr,$num),$nptr      # end of n[] buffer
+       xor     $topbit,$topbit         # $topbit=0
+
+       mov     0($nptr,$j),%rax        # n[0]          # modsched #
+       mov     8($nptr,$j),$Ni[1]      # n[1]          # modsched #
+        imulq  $A0[0],$m0              # m0=t[0]*n0    # modsched #
+        mov    %rax,$Ni[0]             #               # modsched #
+       jmp     .Lsqr4x_mont_outer
+
+.align 16
+.Lsqr4x_mont_outer:
+       xor     $A0[1],$A0[1]
+       mul     $m0                     # n[0]*m0
+       add     %rax,$A0[0]             # n[0]*m0+t[0]
+        mov    $Ni[1],%rax
+       adc     %rdx,$A0[1]
+       mov     $n0,$m1
+
+       xor     $A0[0],$A0[0]
+       add     8($tptr,$j),$A0[1]
+       adc     \$0,$A0[0]
+       mul     $m0                     # n[1]*m0
+       add     %rax,$A0[1]             # n[1]*m0+t[1]
+        mov    $Ni[0],%rax
+       adc     %rdx,$A0[0]
+
+       imulq   $A0[1],$m1
+
+       mov     16($nptr,$j),$Ni[0]     # n[2]
+       xor     $A1[1],$A1[1]
+       add     $A0[1],$A1[0]
+       adc     \$0,$A1[1]
+       mul     $m1                     # n[0]*m1
+       add     %rax,$A1[0]             # n[0]*m1+"t[1]"
+        mov    $Ni[0],%rax
+       adc     %rdx,$A1[1]
+       mov     $A1[0],8($tptr,$j)      # "t[1]"
+
+       xor     $A0[1],$A0[1]
+       add     16($tptr,$j),$A0[0]
+       adc     \$0,$A0[1]
+       mul     $m0                     # n[2]*m0
+       add     %rax,$A0[0]             # n[2]*m0+t[2]
+        mov    $Ni[1],%rax
+       adc     %rdx,$A0[1]
+
+       mov     24($nptr,$j),$Ni[1]     # n[3]
+       xor     $A1[0],$A1[0]
+       add     $A0[0],$A1[1]
+       adc     \$0,$A1[0]
+       mul     $m1                     # n[1]*m1
+       add     %rax,$A1[1]             # n[1]*m1+"t[2]"
+        mov    $Ni[1],%rax
+       adc     %rdx,$A1[0]
+       mov     $A1[1],16($tptr,$j)     # "t[2]"
+
+       xor     $A0[0],$A0[0]
+       add     24($tptr,$j),$A0[1]
+       lea     32($j),$j
+       adc     \$0,$A0[0]
+       mul     $m0                     # n[3]*m0
+       add     %rax,$A0[1]             # n[3]*m0+t[3]
+        mov    $Ni[0],%rax
+       adc     %rdx,$A0[0]
+       jmp     .Lsqr4x_mont_inner
+
+.align 16
+.Lsqr4x_mont_inner:
+       mov     ($nptr,$j),$Ni[0]       # n[4]
+       xor     $A1[1],$A1[1]
+       add     $A0[1],$A1[0]
+       adc     \$0,$A1[1]
+       mul     $m1                     # n[2]*m1
+       add     %rax,$A1[0]             # n[2]*m1+"t[3]"
+        mov    $Ni[0],%rax
+       adc     %rdx,$A1[1]
+       mov     $A1[0],-8($tptr,$j)     # "t[3]"
+
+       xor     $A0[1],$A0[1]
+       add     ($tptr,$j),$A0[0]
+       adc     \$0,$A0[1]
+       mul     $m0                     # n[4]*m0
+       add     %rax,$A0[0]             # n[4]*m0+t[4]
+        mov    $Ni[1],%rax
+       adc     %rdx,$A0[1]
+
+       mov     8($nptr,$j),$Ni[1]      # n[5]
+       xor     $A1[0],$A1[0]
+       add     $A0[0],$A1[1]
+       adc     \$0,$A1[0]
+       mul     $m1                     # n[3]*m1
+       add     %rax,$A1[1]             # n[3]*m1+"t[4]"
+        mov    $Ni[1],%rax
+       adc     %rdx,$A1[0]
+       mov     $A1[1],($tptr,$j)       # "t[4]"
+
+       xor     $A0[0],$A0[0]
+       add     8($tptr,$j),$A0[1]
+       adc     \$0,$A0[0]
+       mul     $m0                     # n[5]*m0
+       add     %rax,$A0[1]             # n[5]*m0+t[5]
+        mov    $Ni[0],%rax
+       adc     %rdx,$A0[0]
+
+
+       mov     16($nptr,$j),$Ni[0]     # n[6]
+       xor     $A1[1],$A1[1]
+       add     $A0[1],$A1[0]
+       adc     \$0,$A1[1]
+       mul     $m1                     # n[4]*m1
+       add     %rax,$A1[0]             # n[4]*m1+"t[5]"
+        mov    $Ni[0],%rax
+       adc     %rdx,$A1[1]
+       mov     $A1[0],8($tptr,$j)      # "t[5]"
+
+       xor     $A0[1],$A0[1]
+       add     16($tptr,$j),$A0[0]
+       adc     \$0,$A0[1]
+       mul     $m0                     # n[6]*m0
+       add     %rax,$A0[0]             # n[6]*m0+t[6]
+        mov    $Ni[1],%rax
+       adc     %rdx,$A0[1]
+
+       mov     24($nptr,$j),$Ni[1]     # n[7]
+       xor     $A1[0],$A1[0]
+       add     $A0[0],$A1[1]
+       adc     \$0,$A1[0]
+       mul     $m1                     # n[5]*m1
+       add     %rax,$A1[1]             # n[5]*m1+"t[6]"
+        mov    $Ni[1],%rax
+       adc     %rdx,$A1[0]
+       mov     $A1[1],16($tptr,$j)     # "t[6]"
+
+       xor     $A0[0],$A0[0]
+       add     24($tptr,$j),$A0[1]
+       lea     32($j),$j
+       adc     \$0,$A0[0]
+       mul     $m0                     # n[7]*m0
+       add     %rax,$A0[1]             # n[7]*m0+t[7]
+        mov    $Ni[0],%rax
+       adc     %rdx,$A0[0]
+       cmp     \$0,$j
+       jne     .Lsqr4x_mont_inner
+
+        sub    0(%rsp),$j              # $j=-$num      # modsched #
+        mov    $n0,$m0                 #               # modsched #
+
+       xor     $A1[1],$A1[1]
+       add     $A0[1],$A1[0]
+       adc     \$0,$A1[1]
+       mul     $m1                     # n[6]*m1
+       add     %rax,$A1[0]             # n[6]*m1+"t[7]"
+       mov     $Ni[1],%rax
+       adc     %rdx,$A1[1]
+       mov     $A1[0],-8($tptr)        # "t[7]"
+
+       xor     $A0[1],$A0[1]
+       add     ($tptr),$A0[0]          # +t[8]
+       adc     \$0,$A0[1]
+        mov    0($nptr,$j),$Ni[0]      # n[0]          # modsched #
+       add     $topbit,$A0[0]
+       adc     \$0,$A0[1]
+
+        imulq  16($tptr,$j),$m0        # m0=t[0]*n0    # modsched #
+       xor     $A1[0],$A1[0]
+        mov    8($nptr,$j),$Ni[1]      # n[1]          # modsched #
+       add     $A0[0],$A1[1]
+        mov    16($tptr,$j),$A0[0]     # t[0]          # modsched #
+       adc     \$0,$A1[0]
+       mul     $m1                     # n[7]*m1
+       add     %rax,$A1[1]             # n[7]*m1+"t[8]"
+        mov    $Ni[0],%rax             #               # modsched #
+       adc     %rdx,$A1[0]
+       mov     $A1[1],($tptr)          # "t[8]"
+
+       xor     $topbit,$topbit
+       add     8($tptr),$A1[0]         # +t[9]
+       adc     $topbit,$topbit
+       add     $A0[1],$A1[0]
+       lea     16($tptr),$tptr         # "t[$num]>>128"
+       adc     \$0,$topbit
+       mov     $A1[0],-8($tptr)        # "t[9]"
+       cmp     8(%rsp),$tptr           # are we done?
+       jb      .Lsqr4x_mont_outer
+
+       mov     0(%rsp),$num            # restore $num
+       mov     $topbit,($tptr)         # save $topbit
+___
+}\f
+##############################################################
+# Post-condition, 4x unrolled copy from bn_mul_mont
+#
+{
+my ($tptr,$nptr)=("%rbx",$aptr);
+my @ri=("%rax","%rdx","%r10","%r11");
+$code.=<<___;
+       mov     64(%rsp,$num),@ri[0]    # tp[0]
+       lea     64(%rsp,$num),$tptr     # upper half of t[2*$num] holds result
+       mov     40(%rsp),$nptr          # restore $nptr
+       shr     \$5,$num                # num/4
+       mov     8($tptr),@ri[1]         # t[1]
+       xor     $i,$i                   # i=0 and clear CF!
+
+       mov     32(%rsp),$rptr          # restore $rptr
+       sub     0($nptr),@ri[0]
+       mov     16($tptr),@ri[2]        # t[2]
+       mov     24($tptr),@ri[3]        # t[3]
+       sbb     8($nptr),@ri[1]
+       lea     -1($num),$j             # j=num/4-1
+       jmp     .Lsqr4x_sub
+.align 16
+.Lsqr4x_sub:
+       mov     @ri[0],0($rptr,$i,8)    # rp[i]=tp[i]-np[i]
+       mov     @ri[1],8($rptr,$i,8)    # rp[i]=tp[i]-np[i]
+       sbb     16($nptr,$i,8),@ri[2]
+       mov     32($tptr,$i,8),@ri[0]   # tp[i+1]
+       mov     40($tptr,$i,8),@ri[1]
+       sbb     24($nptr,$i,8),@ri[3]
+       mov     @ri[2],16($rptr,$i,8)   # rp[i]=tp[i]-np[i]
+       mov     @ri[3],24($rptr,$i,8)   # rp[i]=tp[i]-np[i]
+       sbb     32($nptr,$i,8),@ri[0]
+       mov     48($tptr,$i,8),@ri[2]
+       mov     56($tptr,$i,8),@ri[3]
+       sbb     40($nptr,$i,8),@ri[1]
+       lea     4($i),$i                # i++
+       dec     $j                      # doesn't affect CF!
+       jnz     .Lsqr4x_sub
+
+       mov     @ri[0],0($rptr,$i,8)    # rp[i]=tp[i]-np[i]
+       mov     32($tptr,$i,8),@ri[0]   # load overflow bit
+       sbb     16($nptr,$i,8),@ri[2]
+       mov     @ri[1],8($rptr,$i,8)    # rp[i]=tp[i]-np[i]
+       sbb     24($nptr,$i,8),@ri[3]
+       mov     @ri[2],16($rptr,$i,8)   # rp[i]=tp[i]-np[i]
+
+       sbb     \$0,@ri[0]              # handle upmost overflow bit
+       mov     @ri[3],24($rptr,$i,8)   # rp[i]=tp[i]-np[i]
+       xor     $i,$i                   # i=0
+       and     @ri[0],$tptr
+       not     @ri[0]
+       mov     $rptr,$nptr
+       and     @ri[0],$nptr
+       lea     -1($num),$j
+       or      $nptr,$tptr             # tp=borrow?tp:rp
+
+       pxor    %xmm0,%xmm0
+       lea     64(%rsp,$num,8),$nptr
+       movdqu  ($tptr),%xmm1
+       lea     ($nptr,$num,8),$nptr
+       movdqa  %xmm0,64(%rsp)          # zap lower half of temporary vector
+       movdqa  %xmm0,($nptr)           # zap upper half of temporary vector
+       movdqu  %xmm1,($rptr)
+       jmp     .Lsqr4x_copy
+.align 16
+.Lsqr4x_copy:                          # copy or in-place refresh
+       movdqu  16($tptr,$i),%xmm2
+       movdqu  32($tptr,$i),%xmm1
+       movdqa  %xmm0,80(%rsp,$i)       # zap lower half of temporary vector
+       movdqa  %xmm0,96(%rsp,$i)       # zap lower half of temporary vector
+       movdqa  %xmm0,16($nptr,$i)      # zap upper half of temporary vector
+       movdqa  %xmm0,32($nptr,$i)      # zap upper half of temporary vector
+       movdqu  %xmm2,16($rptr,$i)
+       movdqu  %xmm1,32($rptr,$i)
+       lea     32($i),$i
+       dec     $j
+       jnz     .Lsqr4x_copy
+
+       movdqu  16($tptr,$i),%xmm2
+       movdqa  %xmm0,80(%rsp,$i)       # zap lower half of temporary vector
+       movdqa  %xmm0,16($nptr,$i)      # zap upper half of temporary vector
+       movdqu  %xmm2,16($rptr,$i)
+___
+}
+$code.=<<___;
+       mov     56(%rsp),%rsi           # restore %rsp
+       mov     \$1,%rax
+       mov     0(%rsi),%r15
+       mov     8(%rsi),%r14
+       mov     16(%rsi),%r13
+       mov     24(%rsi),%r12
+       mov     32(%rsi),%rbp
+       mov     40(%rsi),%rbx
+       lea     48(%rsi),%rsp
+.Lsqr4x_epilogue:
+       ret
+.size  bn_sqr4x_mont,.-bn_sqr4x_mont
+___
+}}}
+$code.=<<___;
 .asciz "Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
 .align 16
 ___
@@ -228,9 +1512,9 @@ $disp="%r9";
 
 $code.=<<___;
 .extern        __imp_RtlVirtualUnwind
-.type  se_handler,\@abi-omnipotent
+.type  mul_handler,\@abi-omnipotent
 .align 16
-se_handler:
+mul_handler:
        push    %rsi
        push    %rdi
        push    %rbx
@@ -245,15 +1529,20 @@ se_handler:
        mov     120($context),%rax      # pull context->Rax
        mov     248($context),%rbx      # pull context->Rip
 
-       lea     .Lprologue(%rip),%r10
-       cmp     %r10,%rbx               # context->Rip<.Lprologue
-       jb      .Lin_prologue
+       mov     8($disp),%rsi           # disp->ImageBase
+       mov     56($disp),%r11          # disp->HandlerData
+
+       mov     0(%r11),%r10d           # HandlerData[0]
+       lea     (%rsi,%r10),%r10        # end of prologue label
+       cmp     %r10,%rbx               # context->Rip<end of prologue label
+       jb      .Lcommon_seh_tail
 
        mov     152($context),%rax      # pull context->Rsp
 
-       lea     .Lepilogue(%rip),%r10
-       cmp     %r10,%rbx               # context->Rip>=.Lepilogue
-       jae     .Lin_prologue
+       mov     4(%r11),%r10d           # HandlerData[1]
+       lea     (%rsi,%r10),%r10        # epilogue label
+       cmp     %r10,%rbx               # context->Rip>=epilogue label
+       jae     .Lcommon_seh_tail
 
        mov     192($context),%r10      # pull $num
        mov     8(%rax,%r10,8),%rax     # pull saved stack pointer
@@ -272,7 +1561,53 @@ se_handler:
        mov     %r14,232($context)      # restore context->R14
        mov     %r15,240($context)      # restore context->R15
 
-.Lin_prologue:
+       jmp     .Lcommon_seh_tail
+.size  mul_handler,.-mul_handler
+
+.type  sqr_handler,\@abi-omnipotent
+.align 16
+sqr_handler:
+       push    %rsi
+       push    %rdi
+       push    %rbx
+       push    %rbp
+       push    %r12
+       push    %r13
+       push    %r14
+       push    %r15
+       pushfq
+       sub     \$64,%rsp
+
+       mov     120($context),%rax      # pull context->Rax
+       mov     248($context),%rbx      # pull context->Rip
+
+       lea     .Lsqr4x_body(%rip),%r10
+       cmp     %r10,%rbx               # context->Rip<.Lsqr_body
+       jb      .Lcommon_seh_tail
+
+       mov     152($context),%rax      # pull context->Rsp
+
+       lea     .Lsqr4x_epilogue(%rip),%r10
+       cmp     %r10,%rbx               # context->Rip>=.Lsqr_epilogue
+       jae     .Lcommon_seh_tail
+
+       mov     56(%rax),%rax           # pull saved stack pointer
+       lea     48(%rax),%rax
+
+       mov     -8(%rax),%rbx
+       mov     -16(%rax),%rbp
+       mov     -24(%rax),%r12
+       mov     -32(%rax),%r13
+       mov     -40(%rax),%r14
+       mov     -48(%rax),%r15
+       mov     %rbx,144($context)      # restore context->Rbx
+       mov     %rbp,160($context)      # restore context->Rbp
+       mov     %r12,216($context)      # restore context->R12
+       mov     %r13,224($context)      # restore context->R13
+       mov     %r14,232($context)      # restore context->R14
+       mov     %r15,240($context)      # restore context->R15
+
+.Lcommon_seh_tail:
        mov     8(%rax),%rdi
        mov     16(%rax),%rsi
        mov     %rax,152($context)      # restore context->Rsp
@@ -310,7 +1645,7 @@ se_handler:
        pop     %rdi
        pop     %rsi
        ret
-.size  se_handler,.-se_handler
+.size  sqr_handler,.-sqr_handler
 
 .section       .pdata
 .align 4
@@ -318,11 +1653,27 @@ se_handler:
        .rva    .LSEH_end_bn_mul_mont
        .rva    .LSEH_info_bn_mul_mont
 
+       .rva    .LSEH_begin_bn_mul4x_mont
+       .rva    .LSEH_end_bn_mul4x_mont
+       .rva    .LSEH_info_bn_mul4x_mont
+
+       .rva    .LSEH_begin_bn_sqr4x_mont
+       .rva    .LSEH_end_bn_sqr4x_mont
+       .rva    .LSEH_info_bn_sqr4x_mont
+
 .section       .xdata
 .align 8
 .LSEH_info_bn_mul_mont:
        .byte   9,0,0,0
-       .rva    se_handler
+       .rva    mul_handler
+       .rva    .Lmul_body,.Lmul_epilogue       # HandlerData[]
+.LSEH_info_bn_mul4x_mont:
+       .byte   9,0,0,0
+       .rva    mul_handler
+       .rva    .Lmul4x_body,.Lmul4x_epilogue   # HandlerData[]
+.LSEH_info_bn_sqr4x_mont:
+       .byte   9,0,0,0
+       .rva    sqr_handler
 ___
 }
 

diff --git a/deps/openssl/openssl/crypto/bn/bn.h b/deps/openssl/openssl/crypto/bn/bn.h
index a0bc478..f34248e 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/bn.h
+++ b/deps/openssl/openssl/crypto/bn/bn.h
@@ -558,6 +558,17 @@ int        BN_is_prime_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx, BN_GENCB *cb);
 int    BN_is_prime_fasttest_ex(const BIGNUM *p,int nchecks, BN_CTX *ctx,
                int do_trial_division, BN_GENCB *cb);
 
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+                       const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
+                       const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+                       BIGNUM *Xp1, BIGNUM *Xp2,
+                       const BIGNUM *Xp,
+                       const BIGNUM *e, BN_CTX *ctx,
+                       BN_GENCB *cb);
+
 BN_MONT_CTX *BN_MONT_CTX_new(void );
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
 int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,
@@ -612,6 +623,8 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 int    BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
        BN_RECP_CTX *recp, BN_CTX *ctx);
 
+#ifndef OPENSSL_NO_EC2M
+
 /* Functions for arithmetic over binary polynomials represented by BIGNUMs. 
  *
  * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
@@ -663,6 +676,8 @@ int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
 int    BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
 int    BN_GF2m_arr2poly(const int p[], BIGNUM *a);
 
+#endif
+
 /* faster mod functions for the 'NIST primes' 
  * 0 <= a < p^2 */
 int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);

diff --git a/deps/openssl/openssl/crypto/bn/bn_div.c b/deps/openssl/openssl/crypto/bn/bn_div.c
index 802a43d..7b24031 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/bn_div.c
+++ b/deps/openssl/openssl/crypto/bn/bn_div.c
@@ -141,6 +141,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     *
     *                                  <appro@fy.chalmers.se>
     */
+#undef bn_div_words
 #  define bn_div_words(n0,n1,d0)               \
        ({  asm volatile (                      \
                "divl   %4"                     \
@@ -155,6 +156,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     * Same story here, but it's 128-bit by 64-bit division. Wow!
     *                                  <appro@fy.chalmers.se>
     */
+#  undef bn_div_words
 #  define bn_div_words(n0,n1,d0)               \
        ({  asm volatile (                      \
                "divq   %4"                     \
@@ -169,15 +171,13 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
 #endif /* OPENSSL_NO_ASM */
 
 
-/* BN_div[_no_branch] computes  dv := num / divisor,  rounding towards
+/* BN_div computes  dv := num / divisor,  rounding towards
  * zero, and sets up rm  such that  dv*divisor + rm = num  holds.
  * Thus:
  *     dv->neg == num->neg ^ divisor->neg  (unless the result is zero)
  *     rm->neg == num->neg                 (unless the remainder is zero)
  * If 'dv' or 'rm' is NULL, the respective value is not returned.
  */
-static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
-        const BIGNUM *divisor, BN_CTX *ctx);
 int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
           BN_CTX *ctx)
        {
@@ -186,6 +186,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
        BN_ULONG *resp,*wnump;
        BN_ULONG d0,d1;
        int num_n,div_n;
+       int no_branch=0;
 
        /* Invalid zero-padding would have particularly bad consequences
         * in the case of 'num', so don't just rely on bn_check_top() for this one
@@ -200,7 +201,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
 
        if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0))
                {
-               return BN_div_no_branch(dv, rm, num, divisor, ctx);
+               no_branch=1;
                }
 
        bn_check_top(dv);
@@ -214,7 +215,7 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
                return(0);
                }
 
-       if (BN_ucmp(num,divisor) < 0)
+       if (!no_branch && BN_ucmp(num,divisor) < 0)
                {
                if (rm != NULL)
                        { if (BN_copy(rm,num) == NULL) return(0); }
@@ -239,242 +240,25 @@ int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
        norm_shift+=BN_BITS2;
        if (!(BN_lshift(snum,num,norm_shift))) goto err;
        snum->neg=0;
-       div_n=sdiv->top;
-       num_n=snum->top;
-       loop=num_n-div_n;
-       /* Lets setup a 'window' into snum
-        * This is the part that corresponds to the current
-        * 'area' being divided */
-       wnum.neg   = 0;
-       wnum.d     = &(snum->d[loop]);
-       wnum.top   = div_n;
-       /* only needed when BN_ucmp messes up the values between top and max */
-       wnum.dmax  = snum->dmax - loop; /* so we don't step out of bounds */
-
-       /* Get the top 2 words of sdiv */
-       /* div_n=sdiv->top; */
-       d0=sdiv->d[div_n-1];
-       d1=(div_n == 1)?0:sdiv->d[div_n-2];
-
-       /* pointer to the 'top' of snum */
-       wnump= &(snum->d[num_n-1]);
-
-       /* Setup to 'res' */
-       res->neg= (num->neg^divisor->neg);
-       if (!bn_wexpand(res,(loop+1))) goto err;
-       res->top=loop;
-       resp= &(res->d[loop-1]);
-
-       /* space for temp */
-       if (!bn_wexpand(tmp,(div_n+1))) goto err;
 
-       if (BN_ucmp(&wnum,sdiv) >= 0)
+       if (no_branch)
                {
-               /* If BN_DEBUG_RAND is defined BN_ucmp changes (via
-                * bn_pollute) the const bignum arguments =>
-                * clean the values between top and max again */
-               bn_clear_top2max(&wnum);
-               bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
-               *resp=1;
-               }
-       else
-               res->top--;
-       /* if res->top == 0 then clear the neg value otherwise decrease
-        * the resp pointer */
-       if (res->top == 0)
-               res->neg = 0;
-       else
-               resp--;
-
-       for (i=0; i<loop-1; i++, wnump--, resp--)
-               {
-               BN_ULONG q,l0;
-               /* the first part of the loop uses the top two words of
-                * snum and sdiv to calculate a BN_ULONG q such that
-                * | wnum - sdiv * q | < sdiv */
-#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
-               BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
-               q=bn_div_3_words(wnump,d1,d0);
-#else
-               BN_ULONG n0,n1,rem=0;
-
-               n0=wnump[0];
-               n1=wnump[-1];
-               if (n0 == d0)
-                       q=BN_MASK2;
-               else                    /* n0 < d0 */
-                       {
-#ifdef BN_LLONG
-                       BN_ULLONG t2;
-
-#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
-                       q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
-#else
-                       q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
-                       fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
-                               n0, n1, d0, q);
-#endif
-#endif
-
-#ifndef REMAINDER_IS_ALREADY_CALCULATED
-                       /*
-                        * rem doesn't have to be BN_ULLONG. The least we
-                        * know it's less that d0, isn't it?
-                        */
-                       rem=(n1-q*d0)&BN_MASK2;
-#endif
-                       t2=(BN_ULLONG)d1*q;
-
-                       for (;;)
-                               {
-                               if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
-                                       break;
-                               q--;
-                               rem += d0;
-                               if (rem < d0) break; /* don't let rem overflow */
-                               t2 -= d1;
-                               }
-#else /* !BN_LLONG */
-                       BN_ULONG t2l,t2h;
-
-                       q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
-                       fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
-                               n0, n1, d0, q);
-#endif
-#ifndef REMAINDER_IS_ALREADY_CALCULATED
-                       rem=(n1-q*d0)&BN_MASK2;
-#endif
-
-#if defined(BN_UMULT_LOHI)
-                       BN_UMULT_LOHI(t2l,t2h,d1,q);
-#elif defined(BN_UMULT_HIGH)
-                       t2l = d1 * q;
-                       t2h = BN_UMULT_HIGH(d1,q);
-#else
+               /* Since we don't know whether snum is larger than sdiv,
+                * we pad snum with enough zeroes without changing its
+                * value. 
+                */
+               if (snum->top <= sdiv->top+1) 
                        {
-                       BN_ULONG ql, qh;
-                       t2l=LBITS(d1); t2h=HBITS(d1);
-                       ql =LBITS(q);  qh =HBITS(q);
-                       mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
+                       if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err;
+                       for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0;
+                       snum->top = sdiv->top + 2;
                        }
-#endif
-
-                       for (;;)
-                               {
-                               if ((t2h < rem) ||
-                                       ((t2h == rem) && (t2l <= wnump[-2])))
-                                       break;
-                               q--;
-                               rem += d0;
-                               if (rem < d0) break; /* don't let rem overflow */
-                               if (t2l < d1) t2h--; t2l -= d1;
-                               }
-#endif /* !BN_LLONG */
-                       }
-#endif /* !BN_DIV3W */
-
-               l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
-               tmp->d[div_n]=l0;
-               wnum.d--;
-               /* ingore top values of the bignums just sub the two 
-                * BN_ULONG arrays with bn_sub_words */
-               if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1))
+               else
                        {
-                       /* Note: As we have considered only the leading
-                        * two BN_ULONGs in the calculation of q, sdiv * q
-                        * might be greater than wnum (but then (q-1) * sdiv
-                        * is less or equal than wnum)
-                        */
-                       q--;
-                       if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
-                               /* we can't have an overflow here (assuming
-                                * that q != 0, but if q == 0 then tmp is
-                                * zero anyway) */
-                               (*wnump)++;
+                       if (bn_wexpand(snum, snum->top + 1) == NULL) goto err;
+                       snum->d[snum->top] = 0;
+                       snum->top ++;
                        }
-               /* store part of the result */
-               *resp = q;
-               }
-       bn_correct_top(snum);
-       if (rm != NULL)
-               {
-               /* Keep a copy of the neg flag in num because if rm==num
-                * BN_rshift() will overwrite it.
-                */
-               int neg = num->neg;
-               BN_rshift(rm,snum,norm_shift);
-               if (!BN_is_zero(rm))
-                       rm->neg = neg;
-               bn_check_top(rm);
-               }
-       BN_CTX_end(ctx);
-       return(1);
-err:
-       bn_check_top(rm);
-       BN_CTX_end(ctx);
-       return(0);
-       }
-
-
-/* BN_div_no_branch is a special version of BN_div. It does not contain
- * branches that may leak sensitive information.
- */
-static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, 
-       const BIGNUM *divisor, BN_CTX *ctx)
-       {
-       int norm_shift,i,loop;
-       BIGNUM *tmp,wnum,*snum,*sdiv,*res;
-       BN_ULONG *resp,*wnump;
-       BN_ULONG d0,d1;
-       int num_n,div_n;
-
-       bn_check_top(dv);
-       bn_check_top(rm);
-       /* bn_check_top(num); */ /* 'num' has been checked in BN_div() */
-       bn_check_top(divisor);
-
-       if (BN_is_zero(divisor))
-               {
-               BNerr(BN_F_BN_DIV_NO_BRANCH,BN_R_DIV_BY_ZERO);
-               return(0);
-               }
-
-       BN_CTX_start(ctx);
-       tmp=BN_CTX_get(ctx);
-       snum=BN_CTX_get(ctx);
-       sdiv=BN_CTX_get(ctx);
-       if (dv == NULL)
-               res=BN_CTX_get(ctx);
-       else    res=dv;
-       if (sdiv == NULL || res == NULL) goto err;
-
-       /* First we normalise the numbers */
-       norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
-       if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
-       sdiv->neg=0;
-       norm_shift+=BN_BITS2;
-       if (!(BN_lshift(snum,num,norm_shift))) goto err;
-       snum->neg=0;
-
-       /* Since we don't know whether snum is larger than sdiv,
-        * we pad snum with enough zeroes without changing its
-        * value. 
-        */
-       if (snum->top <= sdiv->top+1) 
-               {
-               if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err;
-               for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0;
-               snum->top = sdiv->top + 2;
-               }
-       else
-               {
-               if (bn_wexpand(snum, snum->top + 1) == NULL) goto err;
-               snum->d[snum->top] = 0;
-               snum->top ++;
                }
 
        div_n=sdiv->top;
@@ -500,12 +284,27 @@ static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
        /* Setup to 'res' */
        res->neg= (num->neg^divisor->neg);
        if (!bn_wexpand(res,(loop+1))) goto err;
-       res->top=loop-1;
+       res->top=loop-no_branch;
        resp= &(res->d[loop-1]);
 
        /* space for temp */
        if (!bn_wexpand(tmp,(div_n+1))) goto err;
 
+       if (!no_branch)
+               {
+               if (BN_ucmp(&wnum,sdiv) >= 0)
+                       {
+                       /* If BN_DEBUG_RAND is defined BN_ucmp changes (via
+                        * bn_pollute) the const bignum arguments =>
+                        * clean the values between top and max again */
+                       bn_clear_top2max(&wnum);
+                       bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
+                       *resp=1;
+                       }
+               else
+                       res->top--;
+               }
+
        /* if res->top == 0 then clear the neg value otherwise decrease
         * the resp pointer */
        if (res->top == 0)
@@ -638,7 +437,7 @@ X) -> 0x%08X\n",
                        rm->neg = neg;
                bn_check_top(rm);
                }
-       bn_correct_top(res);
+       if (no_branch)  bn_correct_top(res);
        BN_CTX_end(ctx);
        return(1);
 err:
@@ -646,5 +445,4 @@ err:
        BN_CTX_end(ctx);
        return(0);
        }
-
 #endif

diff --git a/deps/openssl/openssl/crypto/bn/bn_exp.c b/deps/openssl/openssl/crypto/bn/bn_exp.c
index d9b6c73..2abf6fd 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/bn_exp.c
+++ b/deps/openssl/openssl/crypto/bn/bn_exp.c
@@ -113,6 +113,18 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
+#include <stdlib.h>
+#ifdef _WIN32
+# include <malloc.h>
+# ifndef alloca
+#  define alloca _alloca
+# endif
+#elif defined(__GNUC__)
+# ifndef alloca
+#  define alloca(s) __builtin_alloca((s))
+# endif
+#endif
+
 /* maximum precomputation table size for *variable* sliding windows */
 #define TABLE_SIZE     32
 
@@ -522,23 +534,17 @@ err:
  * as cache lines are concerned.  The following functions are used to transfer a BIGNUM
  * from/to that table. */
 
-static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
+static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top, unsigned char *buf, int idx, int width)
        {
        size_t i, j;
 
-       if (bn_wexpand(b, top) == NULL)
-               return 0;
-       while (b->top < top)
-               {
-               b->d[b->top++] = 0;
-               }
-       
+       if (top > b->top)
+               top = b->top; /* this works because 'buf' is explicitly zeroed */
        for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
                {
                buf[j] = ((unsigned char*)b->d)[i];
                }
 
-       bn_correct_top(b);
        return 1;
        }
 
@@ -561,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf
 
 /* Given a pointer value, compute the next address that is a cache line multiple. */
 #define MOD_EXP_CTIME_ALIGN(x_) \
-       ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+       ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
 
 /* This variant of BN_mod_exp_mont() uses fixed windows and the special
  * precomputation memory layout to limit data-dependency to a minimum
@@ -572,17 +578,15 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf
 int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
        {
-       int i,bits,ret=0,idx,window,wvalue;
+       int i,bits,ret=0,window,wvalue;
        int top;
-       BIGNUM *r;
-       const BIGNUM *aa;
        BN_MONT_CTX *mont=NULL;
 
        int numPowers;
        unsigned char *powerbufFree=NULL;
        int powerbufLen = 0;
        unsigned char *powerbuf=NULL;
-       BIGNUM *computeTemp=NULL, *am=NULL;
+       BIGNUM tmp, am;
 
        bn_check_top(a);
        bn_check_top(p);
@@ -602,10 +606,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
                return ret;
                }
 
-       /* Initialize BIGNUM context and allocate intermediate result */
        BN_CTX_start(ctx);
-       r = BN_CTX_get(ctx);
-       if (r == NULL) goto err;
 
        /* Allocate a montgomery context if it was not supplied by the caller.
         * If this is not done, things will break in the montgomery part.
@@ -620,40 +621,154 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
 
        /* Get the window size to use with size of p. */
        window = BN_window_bits_for_ctime_exponent_size(bits);
+#if defined(OPENSSL_BN_ASM_MONT5)
+       if (window==6 && bits<=1024) window=5;  /* ~5% improvement of 2048-bit RSA sign */
+#endif
 
        /* Allocate a buffer large enough to hold all of the pre-computed
-        * powers of a.
+        * powers of am, am itself and tmp.
         */
        numPowers = 1 << window;
-       powerbufLen = sizeof(m->d[0])*top*numPowers;
+       powerbufLen = sizeof(m->d[0])*(top*numPowers +
+                               ((2*top)>numPowers?(2*top):numPowers));
+#ifdef alloca
+       if (powerbufLen < 3072)
+               powerbufFree = alloca(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
+       else
+#endif
        if ((powerbufFree=(unsigned char*)OPENSSL_malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
                goto err;
                
        powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
        memset(powerbuf, 0, powerbufLen);
 
-       /* Initialize the intermediate result. Do this early to save double conversion,
-        * once each for a^0 and intermediate result.
-        */
-       if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
-       if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers)) goto err;
+#ifdef alloca
+       if (powerbufLen < 3072)
+               powerbufFree = NULL;
+#endif
 
-       /* Initialize computeTemp as a^1 with montgomery precalcs */
-       computeTemp = BN_CTX_get(ctx);
-       am = BN_CTX_get(ctx);
-       if (computeTemp==NULL || am==NULL) goto err;
+       /* lay down tmp and am right after powers table */
+       tmp.d     = (BN_ULONG *)(powerbuf + sizeof(m->d[0])*top*numPowers);
+       am.d      = tmp.d + top;
+       tmp.top   = am.top  = 0;
+       tmp.dmax  = am.dmax = top;
+       tmp.neg   = am.neg  = 0;
+       tmp.flags = am.flags = BN_FLG_STATIC_DATA;
+
+       /* prepare a^0 in Montgomery domain */
+#if 1
+       if (!BN_to_montgomery(&tmp,BN_value_one(),mont,ctx))    goto err;
+#else
+       tmp.d[0] = (0-m->d[0])&BN_MASK2;        /* 2^(top*BN_BITS2) - m */
+       for (i=1;i<top;i++)
+               tmp.d[i] = (~m->d[i])&BN_MASK2;
+       tmp.top = top;
+#endif
 
+       /* prepare a^1 in Montgomery domain */
        if (a->neg || BN_ucmp(a,m) >= 0)
                {
-               if (!BN_mod(am,a,m,ctx))
-                       goto err;
-               aa= am;
+               if (!BN_mod(&am,a,m,ctx))                       goto err;
+               if (!BN_to_montgomery(&am,&am,mont,ctx))        goto err;
                }
-       else
-               aa=a;
-       if (!BN_to_montgomery(am,aa,mont,ctx)) goto err;
-       if (!BN_copy(computeTemp, am)) goto err;
-       if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers)) goto err;
+       else    if (!BN_to_montgomery(&am,a,mont,ctx))          goto err;
+
+#if defined(OPENSSL_BN_ASM_MONT5)
+    /* This optimization uses ideas from http://eprint.iacr.org/2011/239,
+     * specifically optimization of cache-timing attack countermeasures
+     * and pre-computation optimization. */
+
+    /* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
+     * 512-bit RSA is hardly relevant, we omit it to spare size... */ 
+    if (window==5)
+       {
+       void bn_mul_mont_gather5(BN_ULONG *rp,const BN_ULONG *ap,
+                       const void *table,const BN_ULONG *np,
+                       const BN_ULONG *n0,int num,int power);
+       void bn_scatter5(const BN_ULONG *inp,size_t num,
+                       void *table,size_t power);
+       void bn_gather5(BN_ULONG *out,size_t num,
+                       void *table,size_t power);
+
+       BN_ULONG *np=mont->N.d, *n0=mont->n0;
+
+       /* BN_to_montgomery can contaminate words above .top
+        * [in BN_DEBUG[_DEBUG] build]... */
+       for (i=am.top; i<top; i++)      am.d[i]=0;
+       for (i=tmp.top; i<top; i++)     tmp.d[i]=0;
+
+       bn_scatter5(tmp.d,top,powerbuf,0);
+       bn_scatter5(am.d,am.top,powerbuf,1);
+       bn_mul_mont(tmp.d,am.d,am.d,np,n0,top);
+       bn_scatter5(tmp.d,top,powerbuf,2);
+
+#if 0
+       for (i=3; i<32; i++)
+               {
+               /* Calculate a^i = a^(i-1) * a */
+               bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1);
+               bn_scatter5(tmp.d,top,powerbuf,i);
+               }
+#else
+       /* same as above, but uses squaring for 1/2 of operations */
+       for (i=4; i<32; i*=2)
+               {
+               bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
+               bn_scatter5(tmp.d,top,powerbuf,i);
+               }
+       for (i=3; i<8; i+=2)
+               {
+               int j;
+               bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1);
+               bn_scatter5(tmp.d,top,powerbuf,i);
+               for (j=2*i; j<32; j*=2)
+                       {
+                       bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
+                       bn_scatter5(tmp.d,top,powerbuf,j);
+                       }
+               }
+       for (; i<16; i+=2)
+               {
+               bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1);
+               bn_scatter5(tmp.d,top,powerbuf,i);
+               bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
+               bn_scatter5(tmp.d,top,powerbuf,2*i);
+               }
+       for (; i<32; i+=2)
+               {
+               bn_mul_mont_gather5(tmp.d,am.d,powerbuf,np,n0,top,i-1);
+               bn_scatter5(tmp.d,top,powerbuf,i);
+               }
+#endif
+       bits--;
+       for (wvalue=0, i=bits%5; i>=0; i--,bits--)
+               wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
+       bn_gather5(tmp.d,top,powerbuf,wvalue);
+
+       /* Scan the exponent one window at a time starting from the most
+        * significant bits.
+        */
+       while (bits >= 0)
+               {
+               for (wvalue=0, i=0; i<5; i++,bits--)
+                       wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
+
+               bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
+               bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
+               bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
+               bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
+               bn_mul_mont(tmp.d,tmp.d,tmp.d,np,n0,top);
+               bn_mul_mont_gather5(tmp.d,tmp.d,powerbuf,np,n0,top,wvalue);
+               }
+
+       tmp.top=top;
+       bn_correct_top(&tmp);
+       }
+    else
+#endif
+       {
+       if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, numPowers)) goto err;
+       if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am,  top, powerbuf, 1, numPowers)) goto err;
 
        /* If the window size is greater than 1, then calculate
         * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
@@ -662,62 +777,54 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
         */
        if (window > 1)
                {
-               for (i=2; i<numPowers; i++)
+               if (!BN_mod_mul_montgomery(&tmp,&am,&am,mont,ctx))      goto err;
+               if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2, numPowers)) goto err;
+               for (i=3; i<numPowers; i++)
                        {
                        /* Calculate a^i = a^(i-1) * a */
-                       if (!BN_mod_mul_montgomery(computeTemp,am,computeTemp,mont,ctx))
+                       if (!BN_mod_mul_montgomery(&tmp,&am,&tmp,mont,ctx))
                                goto err;
-                       if (!MOD_EXP_CTIME_COPY_TO_PREBUF(computeTemp, top, powerbuf, i, numPowers)) goto err;
+                       if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i, numPowers)) goto err;
                        }
                }
 
-       /* Adjust the number of bits up to a multiple of the window size.
-        * If the exponent length is not a multiple of the window size, then
-        * this pads the most significant bits with zeros to normalize the
-        * scanning loop to there's no special cases.
-        *
-        * * NOTE: Making the window size a power of two less than the native
-        * * word size ensures that the padded bits won't go past the last
-        * * word in the internal BIGNUM structure. Going past the end will
-        * * still produce the correct result, but causes a different branch
-        * * to be taken in the BN_is_bit_set function.
-        */
-       bits = ((bits+window-1)/window)*window;
-       idx=bits-1;     /* The top bit of the window */
-
-       /* Scan the exponent one window at a time starting from the most
-        * significant bits.
-        */
-       while (idx >= 0)
+       bits--;
+       for (wvalue=0, i=bits%window; i>=0; i--,bits--)
+               wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
+       if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp,top,powerbuf,wvalue,numPowers)) goto err;
+ 
+       /* Scan the exponent one window at a time starting from the most
+        * significant bits.
+        */
+       while (bits >= 0)
                {
                wvalue=0; /* The 'value' of the window */
                
                /* Scan the window, squaring the result as we go */
-               for (i=0; i<window; i++,idx--)
+               for (i=0; i<window; i++,bits--)
                        {
-                       if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))     goto err;
-                       wvalue = (wvalue<<1)+BN_is_bit_set(p,idx);
+                       if (!BN_mod_mul_montgomery(&tmp,&tmp,&tmp,mont,ctx))    goto err;
+                       wvalue = (wvalue<<1)+BN_is_bit_set(p,bits);
                        }
                
                /* Fetch the appropriate pre-computed value from the pre-buf */
-               if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(computeTemp, top, powerbuf, wvalue, numPowers)) goto err;
+               if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue, numPowers)) goto err;
 
                /* Multiply the result into the intermediate result */
-               if (!BN_mod_mul_montgomery(r,r,computeTemp,mont,ctx)) goto err;
+               if (!BN_mod_mul_montgomery(&tmp,&tmp,&am,mont,ctx)) goto err;
                }
+       }
 
        /* Convert the final result from montgomery to standard format */
-       if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
+       if (!BN_from_montgomery(rr,&tmp,mont,ctx)) goto err;
        ret=1;
 err:
        if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
        if (powerbuf!=NULL)
                {
                OPENSSL_cleanse(powerbuf,powerbufLen);
-               OPENSSL_free(powerbufFree);
+               if (powerbufFree) OPENSSL_free(powerbufFree);
                }
-       if (am!=NULL) BN_clear(am);
-       if (computeTemp!=NULL) BN_clear(computeTemp);
        BN_CTX_end(ctx);
        return(ret);
        }
@@ -988,4 +1095,3 @@ err:
        bn_check_top(r);
        return(ret);
        }
-

diff --git a/deps/openssl/openssl/crypto/bn/bn_gcd.c b/deps/openssl/openssl/crypto/bn/bn_gcd.c
index 4a35211..a808f53 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/bn_gcd.c
+++ b/deps/openssl/openssl/crypto/bn/bn_gcd.c
@@ -205,6 +205,7 @@ err:
 /* solves ax == 1 (mod n) */
 static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
         const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+
 BIGNUM *BN_mod_inverse(BIGNUM *in,
        const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
        {

diff --git a/deps/openssl/openssl/crypto/bn/bn_gf2m.c b/deps/openssl/openssl/crypto/bn/bn_gf2m.c
index 432a3aa..8a4dc20 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/bn_gf2m.c
+++ b/deps/openssl/openssl/crypto/bn/bn_gf2m.c
@@ -94,6 +94,8 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
+#ifndef OPENSSL_NO_EC2M
+
 /* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should fail. */
 #define MAX_ITERATIONS 50
 
@@ -122,6 +124,7 @@ static const BN_ULONG SQR_tb[16] =
     SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]
 #endif
 
+#if !defined(OPENSSL_BN_ASM_GF2m)
 /* Product of two polynomials a, b each with degree < BN_BITS2 - 1,
  * result is a polynomial r with degree < 2 * BN_BITS - 1
  * The caller MUST ensure that the variables have the right amount
@@ -216,7 +219,9 @@ static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, c
        r[2] ^= m1 ^ r[1] ^ r[3];  /* h0 ^= m1 ^ l1 ^ h1; */
        r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0;  /* l1 ^= l0 ^ h0 ^ m0; */
        }
-
+#else
+void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1, BN_ULONG b0);
+#endif 
 
 /* Add polynomials a and b and store result in r; r could be a or b, a and b 
  * could be equal; r is the bitwise XOR of a and b.
@@ -360,21 +365,17 @@ int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
 int    BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
        {
        int ret = 0;
-       const int max = BN_num_bits(p) + 1;
-       int *arr=NULL;
+       int arr[6];
        bn_check_top(a);
        bn_check_top(p);
-       if ((arr = (int *)OPENSSL_malloc(sizeof(int) * max)) == NULL) goto err;
-       ret = BN_GF2m_poly2arr(p, arr, max);
-       if (!ret || ret > max)
+       ret = BN_GF2m_poly2arr(p, arr, sizeof(arr)/sizeof(arr[0]));
+       if (!ret || ret > (int)(sizeof(arr)/sizeof(arr[0])))
                {
                BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH);
-               goto err;
+               return 0;
                }
        ret = BN_GF2m_mod_arr(r, a, arr);
        bn_check_top(r);
-err:
-       if (arr) OPENSSL_free(arr);
        return ret;
        }
 
@@ -521,7 +522,7 @@ err:
  */
 int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        {
-       BIGNUM *b, *c, *u, *v, *tmp;
+       BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp;
        int ret = 0;
 
        bn_check_top(a);
@@ -529,18 +530,18 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
 
        BN_CTX_start(ctx);
        
-       b = BN_CTX_get(ctx);
-       c = BN_CTX_get(ctx);
-       u = BN_CTX_get(ctx);
-       v = BN_CTX_get(ctx);
-       if (v == NULL) goto err;
+       if ((b = BN_CTX_get(ctx))==NULL) goto err;
+       if ((c = BN_CTX_get(ctx))==NULL) goto err;
+       if ((u = BN_CTX_get(ctx))==NULL) goto err;
+       if ((v = BN_CTX_get(ctx))==NULL) goto err;
 
-       if (!BN_one(b)) goto err;
        if (!BN_GF2m_mod(u, a, p)) goto err;
-       if (!BN_copy(v, p)) goto err;
-
        if (BN_is_zero(u)) goto err;
 
+       if (!BN_copy(v, p)) goto err;
+#if 0
+       if (!BN_one(b)) goto err;
+
        while (1)
                {
                while (!BN_is_odd(u))
@@ -565,13 +566,89 @@ int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                if (!BN_GF2m_add(u, u, v)) goto err;
                if (!BN_GF2m_add(b, b, c)) goto err;
                }
+#else
+       {
+       int i,  ubits = BN_num_bits(u),
+               vbits = BN_num_bits(v), /* v is copy of p */
+               top = p->top;
+       BN_ULONG *udp,*bdp,*vdp,*cdp;
+
+       bn_wexpand(u,top);      udp = u->d;
+                               for (i=u->top;i<top;i++) udp[i] = 0;
+                               u->top = top;
+       bn_wexpand(b,top);      bdp = b->d;
+                               bdp[0] = 1;
+                               for (i=1;i<top;i++) bdp[i] = 0;
+                               b->top = top;
+       bn_wexpand(c,top);      cdp = c->d;
+                               for (i=0;i<top;i++) cdp[i] = 0;
+                               c->top = top;
+       vdp = v->d;     /* It pays off to "cache" *->d pointers, because
+                        * it allows optimizer to be more aggressive.
+                        * But we don't have to "cache" p->d, because *p
+                        * is declared 'const'... */
+       while (1)
+               {
+               while (ubits && !(udp[0]&1))
+                       {
+                       BN_ULONG u0,u1,b0,b1,mask;
+
+                       u0   = udp[0];
+                       b0   = bdp[0];
+                       mask = (BN_ULONG)0-(b0&1);
+                       b0  ^= p->d[0]&mask;
+                       for (i=0;i<top-1;i++)
+                               {
+                               u1 = udp[i+1];
+                               udp[i] = ((u0>>1)|(u1<<(BN_BITS2-1)))&BN_MASK2;
+                               u0 = u1;
+                               b1 = bdp[i+1]^(p->d[i+1]&mask);
+                               bdp[i] = ((b0>>1)|(b1<<(BN_BITS2-1)))&BN_MASK2;
+                               b0 = b1;
+                               }
+                       udp[i] = u0>>1;
+                       bdp[i] = b0>>1;
+                       ubits--;
+                       }
 
+               if (ubits<=BN_BITS2 && udp[0]==1) break;
+
+               if (ubits<vbits)
+                       {
+                       i = ubits; ubits = vbits; vbits = i;
+                       tmp = u; u = v; v = tmp;
+                       tmp = b; b = c; c = tmp;
+                       udp = vdp; vdp = v->d;
+                       bdp = cdp; cdp = c->d;
+                       }
+               for(i=0;i<top;i++)
+                       {
+                       udp[i] ^= vdp[i];
+                       bdp[i] ^= cdp[i];
+                       }
+               if (ubits==vbits)
+                       {
+                       BN_ULONG ul;
+                       int utop = (ubits-1)/BN_BITS2;
+
+                       while ((ul=udp[utop])==0 && utop) utop--;
+                       ubits = utop*BN_BITS2 + BN_num_bits_word(ul);
+                       }
+               }
+       bn_correct_top(b);
+       }
+#endif
 
        if (!BN_copy(r, b)) goto err;
        bn_check_top(r);
        ret = 1;
 
 err:
+#ifdef BN_DEBUG /* BN_CTX_end would complain about the expanded form */
+        bn_correct_top(c);
+        bn_correct_top(u);
+        bn_correct_top(v);
+#endif
        BN_CTX_end(ctx);
        return ret;
        }
@@ -1033,3 +1110,4 @@ int BN_GF2m_arr2poly(const int p[], BIGNUM *a)
        return 1;
        }
 
+#endif

diff --git a/deps/openssl/openssl/crypto/bn/bn_lcl.h b/deps/openssl/openssl/crypto/bn/bn_lcl.h
index 8e5e98e..817c773 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/bn_lcl.h
+++ b/deps/openssl/openssl/crypto/bn/bn_lcl.h
@@ -238,7 +238,7 @@ extern "C" {
 #  if defined(__DECC)
 #   include <c_asm.h>
 #   define BN_UMULT_HIGH(a,b)  (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))
-#  elif defined(__GNUC__)
+#  elif defined(__GNUC__) && __GNUC__>=2
 #   define BN_UMULT_HIGH(a,b)  ({      \
        register BN_ULONG ret;          \
        asm ("umulh     %1,%2,%0"       \
@@ -247,7 +247,7 @@ extern "C" {
        ret;                    })
 #  endif       /* compiler */
 # elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG)
-#  if defined(__GNUC__)
+#  if defined(__GNUC__) && __GNUC__>=2
 #   define BN_UMULT_HIGH(a,b)  ({      \
        register BN_ULONG ret;          \
        asm ("mulhdu    %0,%1,%2"       \
@@ -257,7 +257,7 @@ extern "C" {
 #  endif       /* compiler */
 # elif (defined(__x86_64) || defined(__x86_64__)) && \
        (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
-#  if defined(__GNUC__)
+#  if defined(__GNUC__) && __GNUC__>=2
 #   define BN_UMULT_HIGH(a,b)  ({      \
        register BN_ULONG ret,discard;  \
        asm ("mulq      %3"             \
@@ -280,6 +280,26 @@ extern "C" {
 #   define BN_UMULT_HIGH(a,b)          __umulh((a),(b))
 #   define BN_UMULT_LOHI(low,high,a,b) ((low)=_umul128((a),(b),&(high)))
 #  endif
+# elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
+#  if defined(__GNUC__) && __GNUC__>=2
+#   if __GNUC__>=4 && __GNUC_MINOR__>=4 /* "h" constraint is no more since 4.4 */
+#     define BN_UMULT_HIGH(a,b)                 (((__uint128_t)(a)*(b))>>64)
+#     define BN_UMULT_LOHI(low,high,a,b) ({    \
+       __uint128_t ret=(__uint128_t)(a)*(b);   \
+       (high)=ret>>64; (low)=ret;       })
+#   else
+#     define BN_UMULT_HIGH(a,b)        ({      \
+       register BN_ULONG ret;          \
+       asm ("dmultu    %1,%2"          \
+            : "=h"(ret)                \
+            : "r"(a), "r"(b) : "l");   \
+       ret;                    })
+#     define BN_UMULT_LOHI(low,high,a,b)\
+       asm ("dmultu    %2,%3"          \
+            : "=l"(low),"=h"(high)     \
+            : "r"(a), "r"(b));
+#    endif
+#  endif
 # endif                /* cpu */
 #endif         /* OPENSSL_NO_ASM */
 
@@ -459,6 +479,10 @@ extern "C" {
        }
 #endif /* !BN_LLONG */
 
+#if defined(OPENSSL_DOING_MAKEDEPEND) && defined(OPENSSL_FIPS)
+#undef bn_div_words
+#endif
+
 void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb);
 void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
 void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);

diff --git a/deps/openssl/openssl/crypto/bn/bn_lib.c b/deps/openssl/openssl/crypto/bn/bn_lib.c
index 5470fbe..7a5676d 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/bn_lib.c
+++ b/deps/openssl/openssl/crypto/bn/bn_lib.c
@@ -139,25 +139,6 @@ const BIGNUM *BN_value_one(void)
        return(&const_one);
        }
 
-char *BN_options(void)
-       {
-       static int init=0;
-       static char data[16];
-
-       if (!init)
-               {
-               init++;
-#ifdef BN_LLONG
-               BIO_snprintf(data,sizeof data,"bn(%d,%d)",
-                            (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
-#else
-               BIO_snprintf(data,sizeof data,"bn(%d,%d)",
-                            (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
-#endif
-               }
-       return(data);
-       }
-
 int BN_num_bits_word(BN_ULONG l)
        {
        static const unsigned char bits[256]={

diff --git a/deps/openssl/openssl/crypto/bn/bn_mont.c b/deps/openssl/openssl/crypto/bn/bn_mont.c
index 1a86688..427b5cf 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/bn_mont.c
+++ b/deps/openssl/openssl/crypto/bn/bn_mont.c
@@ -177,31 +177,26 @@ err:
 static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
        {
        BIGNUM *n;
-       BN_ULONG *ap,*np,*rp,n0,v,*nrp;
-       int al,nl,max,i,x,ri;
+       BN_ULONG *ap,*np,*rp,n0,v,carry;
+       int nl,max,i;
 
        n= &(mont->N);
-       /* mont->ri is the size of mont->N in bits (rounded up
-          to the word size) */
-       al=ri=mont->ri/BN_BITS2;
-
        nl=n->top;
-       if ((al == 0) || (nl == 0)) { ret->top=0; return(1); }
+       if (nl == 0) { ret->top=0; return(1); }
 
-       max=(nl+al+1); /* allow for overflow (no?) XXX */
+       max=(2*nl); /* carry is stored separately */
        if (bn_wexpand(r,max) == NULL) return(0);
 
        r->neg^=n->neg;
        np=n->d;
        rp=r->d;
-       nrp= &(r->d[nl]);
 
        /* clear the top words of T */
 #if 1
        for (i=r->top; i<max; i++) /* memset? XXX */
-               r->d[i]=0;
+               rp[i]=0;
 #else
-       memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
+       memset(&(rp[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
 #endif
 
        r->top=max;
@@ -210,7 +205,7 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
 #ifdef BN_COUNT
        fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl);
 #endif
-       for (i=0; i<nl; i++)
+       for (carry=0, i=0; i<nl; i++, rp++)
                {
 #ifdef __TANDEM
                 {
@@ -228,61 +223,33 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
 #else
                v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
 #endif
-               nrp++;
-               rp++;
-               if (((nrp[-1]+=v)&BN_MASK2) >= v)
-                       continue;
-               else
-                       {
-                       if (((++nrp[0])&BN_MASK2) != 0) continue;
-                       if (((++nrp[1])&BN_MASK2) != 0) continue;
-                       for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
-                       }
-               }
-       bn_correct_top(r);
-
-       /* mont->ri will be a multiple of the word size and below code
-        * is kind of BN_rshift(ret,r,mont->ri) equivalent */
-       if (r->top <= ri)
-               {
-               ret->top=0;
-               return(1);
+               v = (v+carry+rp[nl])&BN_MASK2;
+               carry |= (v != rp[nl]);
+               carry &= (v <= rp[nl]);
+               rp[nl]=v;
                }
-       al=r->top-ri;
 
-#define BRANCH_FREE 1
-#if BRANCH_FREE
-       if (bn_wexpand(ret,ri) == NULL) return(0);
-       x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
-       ret->top=x=(ri&~x)|(al&x);      /* min(ri,al) */
+       if (bn_wexpand(ret,nl) == NULL) return(0);
+       ret->top=nl;
        ret->neg=r->neg;
 
        rp=ret->d;
-       ap=&(r->d[ri]);
+       ap=&(r->d[nl]);
 
+#define BRANCH_FREE 1
+#if BRANCH_FREE
        {
-       size_t m1,m2;
-
-       v=bn_sub_words(rp,ap,np,ri);
-       /* this ----------------^^ works even in al<ri case
-        * thanks to zealous zeroing of top of the vector in the
-        * beginning. */
+       BN_ULONG *nrp;
+       size_t m;
 
-       /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
-       /* in other words if subtraction result is real, then
+       v=bn_sub_words(rp,ap,np,nl)-carry;
+       /* if subtraction result is real, then
         * trick unconditional memcpy below to perform in-place
         * "refresh" instead of actual copy. */
-       m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1);   /* al<ri */
-       m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1);   /* al>ri */
-       m1|=m2;                 /* (al!=ri) */
-       m1|=(0-(size_t)v);      /* (al!=ri || v) */
-       m1&=~m2;                /* (al!=ri || v) && !al>ri */
-       nrp=(BN_ULONG *)(((PTR_SIZE_INT)rp&~m1)|((PTR_SIZE_INT)ap&m1));
-       }
+       m=(0-(size_t)v);
+       nrp=(BN_ULONG *)(((PTR_SIZE_INT)rp&~m)|((PTR_SIZE_INT)ap&m));
 
-       /* 'i<ri' is chosen to eliminate dependency on input data, even
-        * though it results in redundant copy in al<ri case. */
-       for (i=0,ri-=4; i<ri; i+=4)
+       for (i=0,nl-=4; i<nl; i+=4)
                {
                BN_ULONG t1,t2,t3,t4;
                
@@ -295,40 +262,15 @@ static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
                rp[i+2]=t3;
                rp[i+3]=t4;
                }
-       for (ri+=4; i<ri; i++)
+       for (nl+=4; i<nl; i++)
                rp[i]=nrp[i], ap[i]=0;
-       bn_correct_top(r);
-       bn_correct_top(ret);
+       }
 #else
-       if (bn_wexpand(ret,al) == NULL) return(0);
-       ret->top=al;
-       ret->neg=r->neg;
-
-       rp=ret->d;
-       ap=&(r->d[ri]);
-       al-=4;
-       for (i=0; i<al; i+=4)
-               {
-               BN_ULONG t1,t2,t3,t4;
-               
-               t1=ap[i+0];
-               t2=ap[i+1];
-               t3=ap[i+2];
-               t4=ap[i+3];
-               rp[i+0]=t1;
-               rp[i+1]=t2;
-               rp[i+2]=t3;
-               rp[i+3]=t4;
-               }
-       al+=4;
-       for (; i<al; i++)
-               rp[i]=ap[i];
-
-       if (BN_ucmp(ret, &(mont->N)) >= 0)
-               {
-               if (!BN_usub(ret,ret,&(mont->N))) return(0);
-               }
+       if (bn_sub_words (rp,ap,np,nl)-carry)
+               memcpy(rp,ap,nl*sizeof(BN_ULONG));
 #endif
+       bn_correct_top(r);
+       bn_correct_top(ret);
        bn_check_top(ret);
 
        return(1);

diff --git a/deps/openssl/openssl/crypto/bn/bn_nist.c b/deps/openssl/openssl/crypto/bn/bn_nist.c
index c6de032..43caee4 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/bn_nist.c
+++ b/deps/openssl/openssl/crypto/bn/bn_nist.c
@@ -319,6 +319,13 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
                                                :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l)))
 #define bn_32_set_0(to, n)             (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0));
 #define bn_cp_32(to,n,from,m)          ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n)
+# if defined(L_ENDIAN)
+#  if defined(__arch64__)
+#   define NIST_INT64 long
+#  else
+#   define NIST_INT64 long long
+#  endif
+# endif
 #else
 #define bn_cp_64(to, n, from, m) \
        { \
@@ -330,13 +337,15 @@ static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
        bn_32_set_0(to, (n)*2); \
        bn_32_set_0(to, (n)*2+1); \
        }
-#if BN_BITS2 == 32
 #define bn_cp_32(to, n, from, m)       (to)[n] = (m>=0)?((from)[m]):0;
 #define bn_32_set_0(to, n)             (to)[n] = (BN_ULONG)0;
-#endif
+# if defined(_WIN32) && !defined(__GNUC__)
+#  define NIST_INT64 __int64
+# elif defined(BN_LLONG)
+#  define NIST_INT64 long long
+# endif
 #endif /* BN_BITS2 != 64 */
 
-
 #define nist_set_192(to, from, a1, a2, a3) \
        { \
        bn_cp_64(to, 0, from, (a3) - 3) \
@@ -350,9 +359,11 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        int      top = a->top, i;
        int      carry;
        register BN_ULONG *r_d, *a_d = a->d;
-       BN_ULONG t_d[BN_NIST_192_TOP],
-                buf[BN_NIST_192_TOP],
-                c_d[BN_NIST_192_TOP],
+       union   {
+               BN_ULONG        bn[BN_NIST_192_TOP];
+               unsigned int    ui[BN_NIST_192_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)];
+               } buf;
+       BN_ULONG c_d[BN_NIST_192_TOP],
                *res;
        PTR_SIZE_INT mask;
        static const BIGNUM _bignum_nist_p_192_sqr = {
@@ -385,15 +396,48 @@ int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        else
                r_d = a_d;
 
-       nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP);
+       nist_cp_bn_0(buf.bn, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP);
+
+#if defined(NIST_INT64)
+       {
+       NIST_INT64              acc;    /* accumulator */
+       unsigned int            *rp=(unsigned int *)r_d;
+       const unsigned int      *bp=(const unsigned int *)buf.ui;
+
+       acc  = rp[0];   acc += bp[3*2-6];
+                       acc += bp[5*2-6]; rp[0] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[1];   acc += bp[3*2-5];
+                       acc += bp[5*2-5]; rp[1] = (unsigned int)acc; acc >>= 32;
 
-       nist_set_192(t_d, buf, 0, 3, 3);
+       acc += rp[2];   acc += bp[3*2-6];
+                       acc += bp[4*2-6];
+                       acc += bp[5*2-6]; rp[2] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[3];   acc += bp[3*2-5];
+                       acc += bp[4*2-5];
+                       acc += bp[5*2-5]; rp[3] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[4];   acc += bp[4*2-6];
+                       acc += bp[5*2-6]; rp[4] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[5];   acc += bp[4*2-5];
+                       acc += bp[5*2-5]; rp[5] = (unsigned int)acc;
+
+       carry = (int)(acc>>32);
+       }
+#else
+       {
+       BN_ULONG t_d[BN_NIST_192_TOP];
+
+       nist_set_192(t_d, buf.bn, 0, 3, 3);
        carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
-       nist_set_192(t_d, buf, 4, 4, 0);
+       nist_set_192(t_d, buf.bn, 4, 4, 0);
        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
-       nist_set_192(t_d, buf, 5, 5, 5)
+       nist_set_192(t_d, buf.bn, 5, 5, 5)
        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
-
+       }
+#endif
        if (carry > 0)
                carry = (int)bn_sub_words(r_d,r_d,_nist_p_192[carry-1],BN_NIST_192_TOP);
        else
@@ -435,8 +479,7 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        int     top = a->top, i;
        int     carry;
        BN_ULONG *r_d, *a_d = a->d;
-       BN_ULONG t_d[BN_NIST_224_TOP],
-                buf[BN_NIST_224_TOP],
+       BN_ULONG buf[BN_NIST_224_TOP],
                 c_d[BN_NIST_224_TOP],
                *res;
        PTR_SIZE_INT mask;
@@ -474,14 +517,54 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 
 #if BN_BITS2==64
        /* copy upper 256 bits of 448 bit number ... */
-       nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP);
+       nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP);
        /* ... and right shift by 32 to obtain upper 224 bits */
-       nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8);
+       nist_set_224(buf, c_d, 14, 13, 12, 11, 10, 9, 8);
        /* truncate lower part to 224 bits too */
        r_d[BN_NIST_224_TOP-1] &= BN_MASK2l;
 #else
        nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
 #endif
+
+#if defined(NIST_INT64) && BN_BITS2!=64
+       {
+       NIST_INT64              acc;    /* accumulator */
+       unsigned int            *rp=(unsigned int *)r_d;
+       const unsigned int      *bp=(const unsigned int *)buf;
+
+       acc  = rp[0];   acc -= bp[7-7];
+                       acc -= bp[11-7]; rp[0] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[1];   acc -= bp[8-7];
+                       acc -= bp[12-7]; rp[1] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[2];   acc -= bp[9-7];
+                       acc -= bp[13-7]; rp[2] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[3];   acc += bp[7-7];
+                       acc += bp[11-7];
+                       acc -= bp[10-7]; rp[3] = (unsigned int)acc; acc>>= 32;
+
+       acc += rp[4];   acc += bp[8-7];
+                       acc += bp[12-7];
+                       acc -= bp[11-7]; rp[4] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[5];   acc += bp[9-7];
+                       acc += bp[13-7];
+                       acc -= bp[12-7]; rp[5] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[6];   acc += bp[10-7];
+                       acc -= bp[13-7]; rp[6] = (unsigned int)acc;
+
+       carry = (int)(acc>>32);
+# if BN_BITS2==64
+       rp[7] = carry;
+# endif
+       }       
+#else
+       {
+       BN_ULONG t_d[BN_NIST_224_TOP];
+
        nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
        carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
        nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
@@ -494,6 +577,8 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 #if BN_BITS2==64
        carry = (int)(r_d[BN_NIST_224_TOP-1]>>32);
 #endif
+       }
+#endif
        u.f = bn_sub_words;
        if (carry > 0)
                {
@@ -548,9 +633,11 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        int     i, top = a->top;
        int     carry = 0;
        register BN_ULONG *a_d = a->d, *r_d;
-       BN_ULONG t_d[BN_NIST_256_TOP],
-                buf[BN_NIST_256_TOP],
-                c_d[BN_NIST_256_TOP],
+       union   {
+               BN_ULONG bn[BN_NIST_256_TOP];
+               unsigned int ui[BN_NIST_256_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)];
+               } buf;
+       BN_ULONG c_d[BN_NIST_256_TOP],
                *res;
        PTR_SIZE_INT mask;
        union { bn_addsub_f f; PTR_SIZE_INT p; } u;
@@ -584,12 +671,87 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        else
                r_d = a_d;
 
-       nist_cp_bn_0(buf, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, BN_NIST_256_TOP);
+       nist_cp_bn_0(buf.bn, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, BN_NIST_256_TOP);
+
+#if defined(NIST_INT64)
+       {
+       NIST_INT64              acc;    /* accumulator */
+       unsigned int            *rp=(unsigned int *)r_d;
+       const unsigned int      *bp=(const unsigned int *)buf.ui;
+
+       acc = rp[0];    acc += bp[8-8];
+                       acc += bp[9-8];
+                       acc -= bp[11-8];
+                       acc -= bp[12-8];
+                       acc -= bp[13-8];
+                       acc -= bp[14-8]; rp[0] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[1];   acc += bp[9-8];
+                       acc += bp[10-8];
+                       acc -= bp[12-8];
+                       acc -= bp[13-8];
+                       acc -= bp[14-8];
+                       acc -= bp[15-8]; rp[1] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[2];   acc += bp[10-8];
+                       acc += bp[11-8];
+                       acc -= bp[13-8];
+                       acc -= bp[14-8];
+                       acc -= bp[15-8]; rp[2] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[3];   acc += bp[11-8];
+                       acc += bp[11-8];
+                       acc += bp[12-8];
+                       acc += bp[12-8];
+                       acc += bp[13-8];
+                       acc -= bp[15-8];
+                       acc -= bp[8-8];
+                       acc -= bp[9-8];  rp[3] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[4];   acc += bp[12-8];
+                       acc += bp[12-8];
+                       acc += bp[13-8];
+                       acc += bp[13-8];
+                       acc += bp[14-8];
+                       acc -= bp[9-8];
+                       acc -= bp[10-8]; rp[4] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[5];   acc += bp[13-8];
+                       acc += bp[13-8];
+                       acc += bp[14-8];
+                       acc += bp[14-8];
+                       acc += bp[15-8];
+                       acc -= bp[10-8];
+                       acc -= bp[11-8]; rp[5] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[6];   acc += bp[14-8];
+                       acc += bp[14-8];
+                       acc += bp[15-8];
+                       acc += bp[15-8];
+                       acc += bp[14-8];
+                       acc += bp[13-8];
+                       acc -= bp[8-8];
+                       acc -= bp[9-8];  rp[6] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[7];   acc += bp[15-8];
+                       acc += bp[15-8];
+                       acc += bp[15-8];
+                       acc += bp[8 -8];
+                       acc -= bp[10-8];
+                       acc -= bp[11-8];
+                       acc -= bp[12-8];
+                       acc -= bp[13-8]; rp[7] = (unsigned int)acc;
+
+       carry = (int)(acc>>32);
+       }
+#else
+       {
+       BN_ULONG t_d[BN_NIST_256_TOP];
 
        /*S1*/
-       nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0);
+       nist_set_256(t_d, buf.bn, 15, 14, 13, 12, 11, 0, 0, 0);
        /*S2*/
-       nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0);
+       nist_set_256(c_d, buf.bn, 0, 15, 14, 13, 12, 0, 0, 0);
        carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
        /* left shift */
                {
@@ -607,24 +769,26 @@ int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
                }
        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
        /*S3*/
-       nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8);
+       nist_set_256(t_d, buf.bn, 15, 14, 0, 0, 0, 10, 9, 8);
        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
        /*S4*/
-       nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9);
+       nist_set_256(t_d, buf.bn, 8, 13, 15, 14, 13, 11, 10, 9);
        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
        /*D1*/
-       nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11);
+       nist_set_256(t_d, buf.bn, 10, 8, 0, 0, 0, 13, 12, 11);
        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
        /*D2*/
-       nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12);
+       nist_set_256(t_d, buf.bn, 11, 9, 0, 0, 15, 14, 13, 12);
        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
        /*D3*/
-       nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13);
+       nist_set_256(t_d, buf.bn, 12, 0, 10, 9, 8, 15, 14, 13);
        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
        /*D4*/
-       nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14);
+       nist_set_256(t_d, buf.bn, 13, 0, 11, 10, 9, 0, 15, 14);
        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
 
+       }
+#endif
        /* see BN_nist_mod_224 for explanation */
        u.f = bn_sub_words;
        if (carry > 0)
@@ -672,9 +836,11 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        int     i, top = a->top;
        int     carry = 0;
        register BN_ULONG *r_d, *a_d = a->d;
-       BN_ULONG t_d[BN_NIST_384_TOP],
-                buf[BN_NIST_384_TOP],
-                c_d[BN_NIST_384_TOP],
+       union   {
+               BN_ULONG bn[BN_NIST_384_TOP];
+               unsigned int ui[BN_NIST_384_TOP*sizeof(BN_ULONG)/sizeof(unsigned int)];
+               } buf;
+       BN_ULONG c_d[BN_NIST_384_TOP],
                *res;
        PTR_SIZE_INT mask;
        union { bn_addsub_f f; PTR_SIZE_INT p; } u;
@@ -709,10 +875,100 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        else
                r_d = a_d;
 
-       nist_cp_bn_0(buf, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, BN_NIST_384_TOP);
+       nist_cp_bn_0(buf.bn, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, BN_NIST_384_TOP);
+
+#if defined(NIST_INT64)
+       {
+       NIST_INT64              acc;    /* accumulator */
+       unsigned int            *rp=(unsigned int *)r_d;
+       const unsigned int      *bp=(const unsigned int *)buf.ui;
+
+       acc = rp[0];    acc += bp[12-12];
+                       acc += bp[21-12];
+                       acc += bp[20-12];
+                       acc -= bp[23-12]; rp[0] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[1];   acc += bp[13-12];
+                       acc += bp[22-12];
+                       acc += bp[23-12];
+                       acc -= bp[12-12];
+                       acc -= bp[20-12]; rp[1] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[2];   acc += bp[14-12];
+                       acc += bp[23-12];
+                       acc -= bp[13-12];
+                       acc -= bp[21-12]; rp[2] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[3];   acc += bp[15-12];
+                       acc += bp[12-12];
+                       acc += bp[20-12];
+                       acc += bp[21-12];
+                       acc -= bp[14-12];
+                       acc -= bp[22-12];
+                       acc -= bp[23-12]; rp[3] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[4];   acc += bp[21-12];
+                       acc += bp[21-12];
+                       acc += bp[16-12];
+                       acc += bp[13-12];
+                       acc += bp[12-12];
+                       acc += bp[20-12];
+                       acc += bp[22-12];
+                       acc -= bp[15-12];
+                       acc -= bp[23-12];
+                       acc -= bp[23-12]; rp[4] = (unsigned int)acc; acc >>= 32;
+
+       acc += rp[5];   acc += bp[22-12];
+                       acc += bp[22-12];
+                       acc += bp[17-12];
+                       acc += bp[14-12];
+                       acc += bp[13-12];
+                       acc += bp[21-12];
+                       acc += bp[23-12];
+                       acc -= bp[16-12]; rp[5] = (unsigned int)acc; acc >>= 32;
+                       
+       acc += rp[6];   acc += bp[23-12];
+                       acc += bp[23-12];
+                       acc += bp[18-12];
+                       acc += bp[15-12];
+                       acc += bp[14-12];
+                       acc += bp[22-12];
+                       acc -= bp[17-12]; rp[6] = (unsigned int)acc; acc >>= 32;
+                       
+       acc += rp[7];   acc += bp[19-12];
+                       acc += bp[16-12];
+                       acc += bp[15-12];
+                       acc += bp[23-12];
+                       acc -= bp[18-12]; rp[7] = (unsigned int)acc; acc >>= 32;
+                       
+       acc += rp[8];   acc += bp[20-12];
+                       acc += bp[17-12];
+                       acc += bp[16-12];
+                       acc -= bp[19-12]; rp[8] = (unsigned int)acc; acc >>= 32;
+                       
+       acc += rp[9];   acc += bp[21-12];
+                       acc += bp[18-12];
+                       acc += bp[17-12];
+                       acc -= bp[20-12]; rp[9] = (unsigned int)acc; acc >>= 32;
+                       
+       acc += rp[10];  acc += bp[22-12];
+                       acc += bp[19-12];
+                       acc += bp[18-12];
+                       acc -= bp[21-12]; rp[10] = (unsigned int)acc; acc >>= 32;
+                       
+       acc += rp[11];  acc += bp[23-12];
+                       acc += bp[20-12];
+                       acc += bp[19-12];
+                       acc -= bp[22-12]; rp[11] = (unsigned int)acc;
+
+       carry = (int)(acc>>32);
+       }
+#else
+       {
+       BN_ULONG t_d[BN_NIST_384_TOP];
 
        /*S1*/
-       nist_set_256(t_d, buf, 0, 0, 0, 0, 0, 23-4, 22-4, 21-4);
+       nist_set_256(t_d, buf.bn, 0, 0, 0, 0, 0, 23-4, 22-4, 21-4);
                /* left shift */
                {
                register BN_ULONG *ap,t,c;
@@ -729,29 +985,31 @@ int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
        carry = (int)bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), 
                t_d, BN_NIST_256_TOP);
        /*S2 */
-       carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP);
+       carry += (int)bn_add_words(r_d, r_d, buf.bn, BN_NIST_384_TOP);
        /*S3*/
-       nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21);
+       nist_set_384(t_d,buf.bn,20,19,18,17,16,15,14,13,12,23,22,21);
        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
        /*S4*/
-       nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0);
+       nist_set_384(t_d,buf.bn,19,18,17,16,15,14,13,12,20,0,23,0);
        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
        /*S5*/
-       nist_set_384(t_d, buf,0,0,0,0,23,22,21,20,0,0,0,0);
+       nist_set_384(t_d, buf.bn,0,0,0,0,23,22,21,20,0,0,0,0);
        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
        /*S6*/
-       nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20);
+       nist_set_384(t_d,buf.bn,0,0,0,0,0,0,23,22,21,0,0,20);
        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
        /*D1*/
-       nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23);
+       nist_set_384(t_d,buf.bn,22,21,20,19,18,17,16,15,14,13,12,23);
        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
        /*D2*/
-       nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0);
+       nist_set_384(t_d,buf.bn,0,0,0,0,0,0,0,23,22,21,20,0);
        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
        /*D3*/
-       nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0);
+       nist_set_384(t_d,buf.bn,0,0,0,0,0,0,0,23,23,0,0,0);
        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
 
+       }
+#endif
        /* see BN_nist_mod_224 for explanation */
        u.f = bn_sub_words;
        if (carry > 0)

diff --git a/deps/openssl/openssl/crypto/bn/bn_print.c b/deps/openssl/openssl/crypto/bn/bn_print.c
index bebb466..1743b6a 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/bn_print.c
+++ b/deps/openssl/openssl/crypto/bn/bn_print.c
@@ -357,3 +357,22 @@ end:
        return(ret);
        }
 #endif
+
+char *BN_options(void)
+       {
+       static int init=0;
+       static char data[16];
+
+       if (!init)
+               {
+               init++;
+#ifdef BN_LLONG
+               BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+                            (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
+#else
+               BIO_snprintf(data,sizeof data,"bn(%d,%d)",
+                            (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
+#endif
+               }
+       return(data);
+       }

diff --git a/deps/openssl/openssl/crypto/bn/bn_shift.c b/deps/openssl/openssl/crypto/bn/bn_shift.c
index c4d301a..a6fca2c 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/bn_shift.c
+++ b/deps/openssl/openssl/crypto/bn/bn_shift.c
@@ -99,7 +99,7 @@ int BN_lshift1(BIGNUM *r, const BIGNUM *a)
 int BN_rshift1(BIGNUM *r, const BIGNUM *a)
        {
        BN_ULONG *ap,*rp,t,c;
-       int i;
+       int i,j;
 
        bn_check_top(r);
        bn_check_top(a);
@@ -109,22 +109,25 @@ int BN_rshift1(BIGNUM *r, const BIGNUM *a)
                BN_zero(r);
                return(1);
                }
+       i = a->top;
+       ap= a->d;
+       j = i-(ap[i-1]==1);
        if (a != r)
                {
-               if (bn_wexpand(r,a->top) == NULL) return(0);
-               r->top=a->top;
+               if (bn_wexpand(r,j) == NULL) return(0);
                r->neg=a->neg;
                }
-       ap=a->d;
        rp=r->d;
-       c=0;
-       for (i=a->top-1; i>=0; i--)
+       t=ap[--i];
+       c=(t&1)?BN_TBIT:0;
+       if (t>>=1) rp[i]=t;
+       while (i>0)
                {
-               t=ap[i];
+               t=ap[--i];
                rp[i]=((t>>1)&BN_MASK2)|c;
                c=(t&1)?BN_TBIT:0;
                }
-       bn_correct_top(r);
+       r->top=j;
        bn_check_top(r);
        return(1);
        }
@@ -182,10 +185,11 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
                BN_zero(r);
                return(1);
                }
+       i = (BN_num_bits(a)-n+(BN_BITS2-1))/BN_BITS2;
        if (r != a)
                {
                r->neg=a->neg;
-               if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
+               if (bn_wexpand(r,i) == NULL) return(0);
                }
        else
                {
@@ -196,7 +200,7 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
        f= &(a->d[nw]);
        t=r->d;
        j=a->top-nw;
-       r->top=j;
+       r->top=i;
 
        if (rb == 0)
                {
@@ -212,9 +216,8 @@ int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
                        l= *(f++);
                        *(t++) =(tmp|(l<<lb))&BN_MASK2;
                        }
-               *(t++) =(l>>rb)&BN_MASK2;
+               if ((l = (l>>rb)&BN_MASK2)) *(t) = l;
                }
-       bn_correct_top(r);
        bn_check_top(r);
        return(1);
        }

diff --git a/deps/openssl/openssl/crypto/bn/bn_word.c b/deps/openssl/openssl/crypto/bn/bn_word.c
index ee7b87c..de83a15 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/bn_word.c
+++ b/deps/openssl/openssl/crypto/bn/bn_word.c
@@ -144,26 +144,17 @@ int BN_add_word(BIGNUM *a, BN_ULONG w)
                        a->neg=!(a->neg);
                return(i);
                }
-       /* Only expand (and risk failing) if it's possibly necessary */
-       if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) &&
-                       (bn_wexpand(a,a->top+1) == NULL))
-               return(0);
-       i=0;
-       for (;;)
+       for (i=0;w!=0 && i<a->top;i++)
                {
-               if (i >= a->top)
-                       l=w;
-               else
-                       l=(a->d[i]+w)&BN_MASK2;
-               a->d[i]=l;
-               if (w > l)
-                       w=1;
-               else
-                       break;
-               i++;
+               a->d[i] = l = (a->d[i]+w)&BN_MASK2;
+               w = (w>l)?1:0;
                }
-       if (i >= a->top)
+       if (w && i==a->top)
+               {
+               if (bn_wexpand(a,a->top+1) == NULL) return 0;
                a->top++;
+               a->d[i]=w;
+               }
        bn_check_top(a);
        return(1);
        }

diff --git a/deps/openssl/openssl/crypto/bn/bntest.c b/deps/openssl/openssl/crypto/bn/bntest.c
index 0cd99c5..06f5954 100644 (file)
--- a/deps/openssl/openssl/crypto/bn/bntest.c
+++ b/deps/openssl/openssl/crypto/bn/bntest.c
@@ -262,7 +262,7 @@ int main(int argc, char *argv[])
        message(out,"BN_mod_sqrt");
        if (!test_sqrt(out,ctx)) goto err;
        (void)BIO_flush(out);
-
+#ifndef OPENSSL_NO_EC2M
        message(out,"BN_GF2m_add");
        if (!test_gf2m_add(out)) goto err;
        (void)BIO_flush(out);
@@ -298,7 +298,7 @@ int main(int argc, char *argv[])
        message(out,"BN_GF2m_mod_solve_quad");
        if (!test_gf2m_mod_solve_quad(out,ctx)) goto err;
        (void)BIO_flush(out);
-
+#endif
        BN_CTX_free(ctx);
        BIO_free(out);
 
@@ -1061,7 +1061,7 @@ int test_exp(BIO *bp, BN_CTX *ctx)
        BN_free(one);
        return(1);
        }
-
+#ifndef OPENSSL_NO_EC2M
 int test_gf2m_add(BIO *bp)
        {
        BIGNUM a,b,c;
@@ -1636,7 +1636,7 @@ int test_gf2m_mod_solve_quad(BIO *bp,BN_CTX *ctx)
        BN_free(e);
        return ret;
        }
-
+#endif
 static int genprime_cb(int p, int n, BN_GENCB *arg)
        {
        char c='*';

diff --git a/deps/openssl/openssl/crypto/buffer/Makefile b/deps/openssl/openssl/crypto/buffer/Makefile
index 9f3a88d..2efba47 100644 (file)
--- a/deps/openssl/openssl/crypto/buffer/Makefile
+++ b/deps/openssl/openssl/crypto/buffer/Makefile
@@ -17,8 +17,8 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= buffer.c buf_err.c
-LIBOBJ= buffer.o buf_err.o
+LIBSRC= buffer.c buf_str.c buf_err.c
+LIBOBJ= buffer.o buf_str.o buf_err.o
 
 SRC= $(LIBSRC)
 
@@ -81,6 +81,13 @@ buf_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 buf_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 buf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 buf_err.o: buf_err.c
+buf_str.o: ../../e_os.h ../../include/openssl/bio.h
+buf_str.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+buf_str.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+buf_str.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+buf_str.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+buf_str.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+buf_str.o: ../../include/openssl/symhacks.h ../cryptlib.h buf_str.c
 buffer.o: ../../e_os.h ../../include/openssl/bio.h
 buffer.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h

diff --git a/deps/openssl/openssl/crypto/buffer/buffer.c b/deps/openssl/openssl/crypto/buffer/buffer.c
index 40361f9..d7aa79a 100644 (file)
--- a/deps/openssl/openssl/crypto/buffer/buffer.c
+++ b/deps/openssl/openssl/crypto/buffer/buffer.c
@@ -179,64 +179,6 @@ int BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
        return(len);
        }
 
-char *BUF_strdup(const char *str)
-       {
-       if (str == NULL) return(NULL);
-       return BUF_strndup(str, strlen(str));
-       }
-
-char *BUF_strndup(const char *str, size_t siz)
-       {
-       char *ret;
-
-       if (str == NULL) return(NULL);
-
-       ret=OPENSSL_malloc(siz+1);
-       if (ret == NULL) 
-               {
-               BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE);
-               return(NULL);
-               }
-       BUF_strlcpy(ret,str,siz+1);
-       return(ret);
-       }
-
-void *BUF_memdup(const void *data, size_t siz)
-       {
-       void *ret;
-
-       if (data == NULL) return(NULL);
-
-       ret=OPENSSL_malloc(siz);
-       if (ret == NULL) 
-               {
-               BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE);
-               return(NULL);
-               }
-       return memcpy(ret, data, siz);
-       }       
-
-size_t BUF_strlcpy(char *dst, const char *src, size_t size)
-       {
-       size_t l = 0;
-       for(; size > 1 && *src; size--)
-               {
-               *dst++ = *src++;
-               l++;
-               }
-       if (size)
-               *dst = '\0';
-       return l + strlen(src);
-       }
-
-size_t BUF_strlcat(char *dst, const char *src, size_t size)
-       {
-       size_t l = 0;
-       for(; size > 0 && *dst; size--, dst++)
-               l++;
-       return l + BUF_strlcpy(dst, src, size);
-       }
-
 void BUF_reverse(unsigned char *out, unsigned char *in, size_t size)
        {
        size_t i;

diff --git a/deps/openssl/openssl/crypto/camellia/Makefile b/deps/openssl/openssl/crypto/camellia/Makefile
index ff5fe4a..6ce6fc9 100644 (file)
--- a/deps/openssl/openssl/crypto/camellia/Makefile
+++ b/deps/openssl/openssl/crypto/camellia/Makefile
@@ -23,9 +23,9 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC=camellia.c cmll_misc.c cmll_ecb.c cmll_cbc.c cmll_ofb.c \
-          cmll_cfb.c cmll_ctr.c 
+          cmll_cfb.c cmll_ctr.c cmll_utl.c
 
-LIBOBJ= cmll_ecb.o cmll_ofb.o cmll_cfb.o cmll_ctr.o $(CMLL_ENC)
+LIBOBJ= cmll_ecb.o cmll_ofb.o cmll_cfb.o cmll_ctr.o cmll_utl.o $(CMLL_ENC)
 
 SRC= $(LIBSRC)
 
@@ -96,8 +96,15 @@ cmll_ctr.o: ../../include/openssl/camellia.h ../../include/openssl/modes.h
 cmll_ctr.o: ../../include/openssl/opensslconf.h cmll_ctr.c
 cmll_ecb.o: ../../include/openssl/camellia.h
 cmll_ecb.o: ../../include/openssl/opensslconf.h cmll_ecb.c cmll_locl.h
-cmll_misc.o: ../../include/openssl/camellia.h
-cmll_misc.o: ../../include/openssl/opensslconf.h
-cmll_misc.o: ../../include/openssl/opensslv.h cmll_locl.h cmll_misc.c
+cmll_misc.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h
+cmll_misc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cmll_misc.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cmll_misc.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cmll_misc.o: ../../include/openssl/symhacks.h cmll_locl.h cmll_misc.c
 cmll_ofb.o: ../../include/openssl/camellia.h ../../include/openssl/modes.h
 cmll_ofb.o: ../../include/openssl/opensslconf.h cmll_ofb.c
+cmll_utl.o: ../../include/openssl/camellia.h ../../include/openssl/crypto.h
+cmll_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+cmll_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cmll_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cmll_utl.o: ../../include/openssl/symhacks.h cmll_locl.h cmll_utl.c

diff --git a/deps/openssl/openssl/crypto/camellia/asm/cmll-x86.pl b/deps/openssl/openssl/crypto/camellia/asm/cmll-x86.pl
index 027302a..c314d62 100644 (file)
--- a/deps/openssl/openssl/crypto/camellia/asm/cmll-x86.pl
+++ b/deps/openssl/openssl/crypto/camellia/asm/cmll-x86.pl
@@ -723,11 +723,11 @@ my $bias=int(@T[0])?shift(@T):0;
 &function_end("Camellia_Ekeygen");
 
 if ($OPENSSL) {
-# int Camellia_set_key (
+# int private_Camellia_set_key (
 #              const unsigned char *userKey,
 #              int bits,
 #              CAMELLIA_KEY *key)
-&function_begin_B("Camellia_set_key");
+&function_begin_B("private_Camellia_set_key");
        &push   ("ebx");
        &mov    ("ecx",&wparam(0));     # pull arguments
        &mov    ("ebx",&wparam(1));
@@ -760,7 +760,7 @@ if ($OPENSSL) {
 &set_label("done",4);
        &pop    ("ebx");
        &ret    ();
-&function_end_B("Camellia_set_key");
+&function_end_B("private_Camellia_set_key");
 }
 
 @SBOX=(

diff --git a/deps/openssl/openssl/crypto/camellia/asm/cmll-x86_64.pl b/deps/openssl/openssl/crypto/camellia/asm/cmll-x86_64.pl
index 76955e4..9f4b82f 100644 (file)
--- a/deps/openssl/openssl/crypto/camellia/asm/cmll-x86_64.pl
+++ b/deps/openssl/openssl/crypto/camellia/asm/cmll-x86_64.pl
@@ -40,7 +40,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 sub hi() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1h/;    $r; }
 sub lo() { my $r=shift; $r =~ s/%[er]([a-d])x/%\1l/;

diff --git a/deps/openssl/openssl/crypto/camellia/camellia.h b/deps/openssl/openssl/crypto/camellia/camellia.h
index cf0457d..67911e0 100644 (file)
--- a/deps/openssl/openssl/crypto/camellia/camellia.h
+++ b/deps/openssl/openssl/crypto/camellia/camellia.h
@@ -88,6 +88,10 @@ struct camellia_key_st
        };
 typedef struct camellia_key_st CAMELLIA_KEY;
 
+#ifdef OPENSSL_FIPS
+int private_Camellia_set_key(const unsigned char *userKey, const int bits,
+       CAMELLIA_KEY *key);
+#endif
 int Camellia_set_key(const unsigned char *userKey, const int bits,
        CAMELLIA_KEY *key);
 

diff --git a/deps/openssl/openssl/crypto/camellia/cmll_locl.h b/deps/openssl/openssl/crypto/camellia/cmll_locl.h
index 4a4d880..246b6ce 100644 (file)
--- a/deps/openssl/openssl/crypto/camellia/cmll_locl.h
+++ b/deps/openssl/openssl/crypto/camellia/cmll_locl.h
@@ -71,7 +71,8 @@
 typedef unsigned int  u32;
 typedef unsigned char u8;
 
-int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE keyTable);
+int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey,
+                    KEY_TABLE_TYPE keyTable);
 void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[], 
                const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
 void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[], 
@@ -80,4 +81,6 @@ void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
                const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
 void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[], 
                const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
+int private_Camellia_set_key(const unsigned char *userKey, const int bits,
+                            CAMELLIA_KEY *key);
 #endif /* #ifndef HEADER_CAMELLIA_LOCL_H */

diff --git a/deps/openssl/openssl/crypto/camellia/cmll_misc.c b/deps/openssl/openssl/crypto/camellia/cmll_misc.c
index f446891..f44d485 100644 (file)
--- a/deps/openssl/openssl/crypto/camellia/cmll_misc.c
+++ b/deps/openssl/openssl/crypto/camellia/cmll_misc.c
@@ -50,12 +50,13 @@
  */
  
 #include <openssl/opensslv.h>
+#include <openssl/crypto.h>
 #include <openssl/camellia.h>
 #include "cmll_locl.h"
 
 const char CAMELLIA_version[]="CAMELLIA" OPENSSL_VERSION_PTEXT;
 
-int Camellia_set_key(const unsigned char *userKey, const int bits,
+int private_Camellia_set_key(const unsigned char *userKey, const int bits,
        CAMELLIA_KEY *key)
        {
        if(!userKey || !key)

diff --git a/deps/openssl/openssl/crypto/cast/Makefile b/deps/openssl/openssl/crypto/cast/Makefile
index 0acc38f..f3f4859 100644 (file)
--- a/deps/openssl/openssl/crypto/cast/Makefile
+++ b/deps/openssl/openssl/crypto/cast/Makefile
@@ -95,5 +95,8 @@ c_ofb64.o: ../../e_os.h ../../include/openssl/cast.h
 c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 c_ofb64.o: c_ofb64.c cast_lcl.h
 c_skey.o: ../../e_os.h ../../include/openssl/cast.h
-c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+c_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+c_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+c_skey.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+c_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 c_skey.o: c_skey.c cast_lcl.h cast_s.h

diff --git a/deps/openssl/openssl/crypto/cast/c_skey.c b/deps/openssl/openssl/crypto/cast/c_skey.c
index 76e4000..cb6bf9f 100644 (file)
--- a/deps/openssl/openssl/crypto/cast/c_skey.c
+++ b/deps/openssl/openssl/crypto/cast/c_skey.c
@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/crypto.h>
 #include <openssl/cast.h>
 #include "cast_lcl.h"
 #include "cast_s.h"
@@ -71,8 +72,14 @@
 #define S5 CAST_S_table5
 #define S6 CAST_S_table6
 #define S7 CAST_S_table7
-
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
+#ifdef OPENSSL_FIPS
+       {
+       fips_cipher_abort(CAST);
+       private_CAST_set_key(key, len, data);
+       }
+void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
+#endif
        {
        CAST_LONG x[16];
        CAST_LONG z[16];

diff --git a/deps/openssl/openssl/crypto/cast/cast.h b/deps/openssl/openssl/crypto/cast/cast.h
index 1a264f8..203922e 100644 (file)
--- a/deps/openssl/openssl/crypto/cast/cast.h
+++ b/deps/openssl/openssl/crypto/cast/cast.h
@@ -83,7 +83,9 @@ typedef struct cast_key_st
        int short_key;  /* Use reduced rounds for short key */
        } CAST_KEY;
 
- 
+#ifdef OPENSSL_FIPS 
+void private_CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+#endif
 void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
 void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, const CAST_KEY *key,
                      int enc);

diff --git a/deps/openssl/openssl/crypto/cms/Makefile b/deps/openssl/openssl/crypto/cms/Makefile
index 5837049..9820adb 100644 (file)
--- a/deps/openssl/openssl/crypto/cms/Makefile
+++ b/deps/openssl/openssl/crypto/cms/Makefile
@@ -18,9 +18,11 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c \
-       cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c
+       cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c \
+       cms_pwri.c
 LIBOBJ= cms_lib.o cms_asn1.o cms_att.o cms_io.o cms_smime.o cms_err.o \
-       cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o
+       cms_sd.o cms_dd.o cms_cd.o cms_env.o cms_enc.o cms_ess.o \
+       cms_pwri.o
 
 SRC= $(LIBSRC)
 
@@ -230,6 +232,24 @@ cms_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 cms_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 cms_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h cms.h
 cms_lib.o: cms_lcl.h cms_lib.c
+cms_pwri.o: ../../e_os.h ../../include/openssl/aes.h
+cms_pwri.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
+cms_pwri.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+cms_pwri.o: ../../include/openssl/cms.h ../../include/openssl/conf.h
+cms_pwri.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cms_pwri.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+cms_pwri.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+cms_pwri.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+cms_pwri.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+cms_pwri.o: ../../include/openssl/opensslconf.h
+cms_pwri.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cms_pwri.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+cms_pwri.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+cms_pwri.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+cms_pwri.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cms_pwri.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+cms_pwri.o: ../../include/openssl/x509v3.h ../asn1/asn1_locl.h ../cryptlib.h
+cms_pwri.o: cms_lcl.h cms_pwri.c
 cms_sd.o: ../../e_os.h ../../include/openssl/asn1.h
 cms_sd.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 cms_sd.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h

diff --git a/deps/openssl/openssl/crypto/cms/cms.h b/deps/openssl/openssl/crypto/cms/cms.h
index 09c45d0..36994fa 100644 (file)
--- a/deps/openssl/openssl/crypto/cms/cms.h
+++ b/deps/openssl/openssl/crypto/cms/cms.h
@@ -111,6 +111,7 @@ DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 #define CMS_PARTIAL                    0x4000
 #define CMS_REUSE_DIGEST               0x8000
 #define CMS_USE_KEYID                  0x10000
+#define CMS_DEBUG_DECRYPT              0x20000
 
 const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms);
 
@@ -184,6 +185,8 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
 int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 
                                unsigned char *key, size_t keylen,
                                unsigned char *id, size_t idlen);
+int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 
+                               unsigned char *pass, ossl_ssize_t passlen);
 
 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
@@ -219,6 +222,16 @@ int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
 int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 
                                        const unsigned char *id, size_t idlen);
 
+int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, 
+                                       unsigned char *pass,
+                                       ossl_ssize_t passlen);
+
+CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
+                                       int iter, int wrap_nid, int pbe_nid,
+                                       unsigned char *pass,
+                                       ossl_ssize_t passlen,
+                                       const EVP_CIPHER *kekciph);
+
 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
        
 int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
@@ -330,6 +343,7 @@ void ERR_load_CMS_strings(void);
 #define CMS_F_CHECK_CONTENT                             99
 #define CMS_F_CMS_ADD0_CERT                             164
 #define CMS_F_CMS_ADD0_RECIPIENT_KEY                    100
+#define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD               165
 #define CMS_F_CMS_ADD1_RECEIPTREQUEST                   158
 #define CMS_F_CMS_ADD1_RECIPIENT_CERT                   101
 #define CMS_F_CMS_ADD1_SIGNER                           102
@@ -344,6 +358,7 @@ void ERR_load_CMS_strings(void);
 #define CMS_F_CMS_DATAINIT                              111
 #define CMS_F_CMS_DECRYPT                               112
 #define CMS_F_CMS_DECRYPT_SET1_KEY                      113
+#define CMS_F_CMS_DECRYPT_SET1_PASSWORD                         166
 #define CMS_F_CMS_DECRYPT_SET1_PKEY                     114
 #define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX              115
 #define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO              116
@@ -378,7 +393,9 @@ void ERR_load_CMS_strings(void);
 #define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT            141
 #define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS          142
 #define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID     143
+#define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT              167
 #define CMS_F_CMS_RECIPIENTINFO_SET0_KEY                144
+#define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD           168
 #define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY               145
 #define CMS_F_CMS_SET1_SIGNERIDENTIFIER                         146
 #define CMS_F_CMS_SET_DETACHED                          147
@@ -419,6 +436,7 @@ void ERR_load_CMS_strings(void);
 #define CMS_R_ERROR_SETTING_KEY                                 115
 #define CMS_R_ERROR_SETTING_RECIPIENTINFO               116
 #define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH              117
+#define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER          176
 #define CMS_R_INVALID_KEY_LENGTH                        118
 #define CMS_R_MD_BIO_INIT_ERROR                                 119
 #define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH      120
@@ -431,6 +449,7 @@ void ERR_load_CMS_strings(void);
 #define CMS_R_NOT_ENCRYPTED_DATA                        122
 #define CMS_R_NOT_KEK                                   123
 #define CMS_R_NOT_KEY_TRANSPORT                                 124
+#define CMS_R_NOT_PWRI                                  177
 #define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE           125
 #define CMS_R_NO_CIPHER                                         126
 #define CMS_R_NO_CONTENT                                127
@@ -443,6 +462,7 @@ void ERR_load_CMS_strings(void);
 #define CMS_R_NO_MATCHING_RECIPIENT                     132
 #define CMS_R_NO_MATCHING_SIGNATURE                     166
 #define CMS_R_NO_MSGSIGDIGEST                           167
+#define CMS_R_NO_PASSWORD                               178
 #define CMS_R_NO_PRIVATE_KEY                            133
 #define CMS_R_NO_PUBLIC_KEY                             134
 #define CMS_R_NO_RECEIPT_REQUEST                        168
@@ -466,10 +486,12 @@ void ERR_load_CMS_strings(void);
 #define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM                 151
 #define CMS_R_UNSUPPORTED_CONTENT_TYPE                  152
 #define CMS_R_UNSUPPORTED_KEK_ALGORITHM                         153
+#define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM      179
 #define CMS_R_UNSUPPORTED_RECIPIENT_TYPE                154
 #define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE             155
 #define CMS_R_UNSUPPORTED_TYPE                          156
 #define CMS_R_UNWRAP_ERROR                              157
+#define CMS_R_UNWRAP_FAILURE                            180
 #define CMS_R_VERIFICATION_FAILURE                      158
 #define CMS_R_WRAP_ERROR                                159
 

diff --git a/deps/openssl/openssl/crypto/cms/cms_asn1.c b/deps/openssl/openssl/crypto/cms/cms_asn1.c
index fcba4dc..cfe67fb 100644 (file)
--- a/deps/openssl/openssl/crypto/cms/cms_asn1.c
+++ b/deps/openssl/openssl/crypto/cms/cms_asn1.c
@@ -237,6 +237,15 @@ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                                OPENSSL_free(kekri->key);
                                }
                        }
+               else if (ri->type == CMS_RECIPINFO_PASS)
+                       {
+                       CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
+                       if (pwri->pass)
+                               {
+                               OPENSSL_cleanse(pwri->pass, pwri->passlen);
+                               OPENSSL_free(pwri->pass);
+                               }
+                       }
                }
        return 1;
        }

diff --git a/deps/openssl/openssl/crypto/cms/cms_cd.c b/deps/openssl/openssl/crypto/cms/cms_cd.c
index a5fc2c4..2021688 100644 (file)
--- a/deps/openssl/openssl/crypto/cms/cms_cd.c
+++ b/deps/openssl/openssl/crypto/cms/cms_cd.c
@@ -58,7 +58,9 @@
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include <openssl/bio.h>
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
+#endif
 #include "cms_lcl.h"
 
 DECLARE_ASN1_ITEM(CMS_CompressedData)

diff --git a/deps/openssl/openssl/crypto/cms/cms_enc.c b/deps/openssl/openssl/crypto/cms/cms_enc.c
index bab2623..bebeaf2 100644 (file)
--- a/deps/openssl/openssl/crypto/cms/cms_enc.c
+++ b/deps/openssl/openssl/crypto/cms/cms_enc.c
@@ -73,6 +73,8 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
        const EVP_CIPHER *ciph;
        X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
        unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
+       unsigned char *tkey = NULL;
+       size_t tkeylen = 0;
 
        int ok = 0;
 
@@ -137,32 +139,57 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
                                CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
                goto err;
                }
-
-
-       if (enc && !ec->key)
+       tkeylen = EVP_CIPHER_CTX_key_length(ctx);
+       /* Generate random session key */
+       if (!enc || !ec->key)
                {
-               /* Generate random key */
-               if (!ec->keylen)
-                       ec->keylen = EVP_CIPHER_CTX_key_length(ctx);
-               ec->key = OPENSSL_malloc(ec->keylen);
-               if (!ec->key)
+               tkey = OPENSSL_malloc(tkeylen);
+               if (!tkey)
                        {
                        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
                                                        ERR_R_MALLOC_FAILURE);
                        goto err;
                        }
-               if (EVP_CIPHER_CTX_rand_key(ctx, ec->key) <= 0)
+               if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
                        goto err;
-               keep_key = 1;
                }
-       else if (ec->keylen != (unsigned int)EVP_CIPHER_CTX_key_length(ctx))
+
+       if (!ec->key)
+               {
+               ec->key = tkey;
+               ec->keylen = tkeylen;
+               tkey = NULL;
+               if (enc)
+                       keep_key = 1;
+               else
+                       ERR_clear_error();
+               
+               }
+
+       if (ec->keylen != tkeylen)
                {
                /* If necessary set key length */
                if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
                        {
-                       CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-                               CMS_R_INVALID_KEY_LENGTH);
-                       goto err;
+                       /* Only reveal failure if debugging so we don't
+                        * leak information which may be useful in MMA.
+                        */
+                       if (enc || ec->debug)
+                               {
+                               CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                                               CMS_R_INVALID_KEY_LENGTH);
+                               goto err;
+                               }
+                       else
+                               {
+                               /* Use random key */
+                               OPENSSL_cleanse(ec->key, ec->keylen);
+                               OPENSSL_free(ec->key);
+                               ec->key = tkey;
+                               ec->keylen = tkeylen;
+                               tkey = NULL;
+                               ERR_clear_error();
+                               }
                        }
                }
 
@@ -198,6 +225,11 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
                OPENSSL_free(ec->key);
                ec->key = NULL;
                }
+       if (tkey)
+               {
+               OPENSSL_cleanse(tkey, tkeylen);
+               OPENSSL_free(tkey);
+               }
        if (ok)
                return b;
        BIO_free(b);

diff --git a/deps/openssl/openssl/crypto/cms/cms_env.c b/deps/openssl/openssl/crypto/cms/cms_env.c
index b3237d4..be20b1c 100644 (file)
--- a/deps/openssl/openssl/crypto/cms/cms_env.c
+++ b/deps/openssl/openssl/crypto/cms/cms_env.c
@@ -65,14 +65,13 @@
 /* CMS EnvelopedData Utilities */
 
 DECLARE_ASN1_ITEM(CMS_EnvelopedData)
-DECLARE_ASN1_ITEM(CMS_RecipientInfo)
 DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
 DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
 DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
 
 DECLARE_STACK_OF(CMS_RecipientInfo)
 
-static CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
+CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
        {
        if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped)
                {
@@ -371,6 +370,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
        unsigned char *ek = NULL;
        size_t eklen;
        int ret = 0;
+       CMS_EncryptedContentInfo *ec;
+       ec = cms->d.envelopedData->encryptedContentInfo;
 
        if (ktri->pkey == NULL)
                {
@@ -417,8 +418,14 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
 
        ret = 1;
 
-       cms->d.envelopedData->encryptedContentInfo->key = ek;
-       cms->d.envelopedData->encryptedContentInfo->keylen = eklen;
+       if (ec->key)
+               {
+               OPENSSL_cleanse(ec->key, ec->keylen);
+               OPENSSL_free(ec->key);
+               }
+
+       ec->key = ek;
+       ec->keylen = eklen;
 
        err:
        if (pctx)
@@ -786,6 +793,9 @@ int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
                case CMS_RECIPINFO_KEK:
                return cms_RecipientInfo_kekri_decrypt(cms, ri);
 
+               case CMS_RECIPINFO_PASS:
+               return cms_RecipientInfo_pwri_crypt(cms, ri, 0);
+
                default:
                CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
                        CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
@@ -829,6 +839,10 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
                        r = cms_RecipientInfo_kekri_encrypt(cms, ri);
                        break;
 
+                       case CMS_RECIPINFO_PASS:
+                       r = cms_RecipientInfo_pwri_crypt(cms, ri, 1);
+                       break;
+
                        default:
                        CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
                                CMS_R_UNSUPPORTED_RECIPIENT_TYPE);

diff --git a/deps/openssl/openssl/crypto/cms/cms_err.c b/deps/openssl/openssl/crypto/cms/cms_err.c
index ff7b030..8330ead 100644 (file)
--- a/deps/openssl/openssl/crypto/cms/cms_err.c
+++ b/deps/openssl/openssl/crypto/cms/cms_err.c
@@ -1,6 +1,6 @@
 /* crypto/cms/cms_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2009 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -73,6 +73,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
 {ERR_FUNC(CMS_F_CHECK_CONTENT),        "CHECK_CONTENT"},
 {ERR_FUNC(CMS_F_CMS_ADD0_CERT),        "CMS_add0_cert"},
 {ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY),       "CMS_add0_recipient_key"},
+{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD),  "CMS_add0_recipient_password"},
 {ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST),      "CMS_add1_ReceiptRequest"},
 {ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT),      "CMS_add1_recipient_cert"},
 {ERR_FUNC(CMS_F_CMS_ADD1_SIGNER),      "CMS_add1_signer"},
@@ -87,6 +88,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
 {ERR_FUNC(CMS_F_CMS_DATAINIT), "CMS_dataInit"},
 {ERR_FUNC(CMS_F_CMS_DECRYPT),  "CMS_decrypt"},
 {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY), "CMS_decrypt_set1_key"},
+{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PASSWORD),    "CMS_decrypt_set1_password"},
 {ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY),        "CMS_decrypt_set1_pkey"},
 {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX), "cms_DigestAlgorithm_find_ctx"},
 {ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO), "cms_DigestAlgorithm_init_bio"},
@@ -105,7 +107,7 @@ static ERR_STRING_DATA CMS_str_functs[]=
 {ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES), "CMS_GET0_CERTIFICATE_CHOICES"},
 {ERR_FUNC(CMS_F_CMS_GET0_CONTENT),     "CMS_get0_content"},
 {ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE),       "CMS_GET0_ECONTENT_TYPE"},
-{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED),   "CMS_GET0_ENVELOPED"},
+{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED),   "cms_get0_enveloped"},
 {ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES),  "CMS_GET0_REVOCATION_CHOICES"},
 {ERR_FUNC(CMS_F_CMS_GET0_SIGNED),      "CMS_GET0_SIGNED"},
 {ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1),        "cms_msgSigDigest_add1"},
@@ -121,7 +123,9 @@ static ERR_STRING_DATA CMS_str_functs[]=
 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT),       "CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS),     "CMS_RecipientInfo_ktri_get0_algs"},
 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID),        "CMS_RecipientInfo_ktri_get0_signer_id"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT), "cms_RecipientInfo_pwri_crypt"},
 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY),   "CMS_RecipientInfo_set0_key"},
+{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD),      "CMS_RecipientInfo_set0_password"},
 {ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY),  "CMS_RecipientInfo_set0_pkey"},
 {ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER),    "cms_set1_SignerIdentifier"},
 {ERR_FUNC(CMS_F_CMS_SET_DETACHED),     "CMS_set_detached"},
@@ -165,6 +169,7 @@ static ERR_STRING_DATA CMS_str_reasons[]=
 {ERR_REASON(CMS_R_ERROR_SETTING_KEY)     ,"error setting key"},
 {ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),"error setting recipientinfo"},
 {ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),"invalid encrypted key length"},
+{ERR_REASON(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),"invalid key encryption parameter"},
 {ERR_REASON(CMS_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
 {ERR_REASON(CMS_R_MD_BIO_INIT_ERROR)     ,"md bio init error"},
 {ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"},
@@ -177,6 +182,7 @@ static ERR_STRING_DATA CMS_str_reasons[]=
 {ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA)    ,"not encrypted data"},
 {ERR_REASON(CMS_R_NOT_KEK)               ,"not kek"},
 {ERR_REASON(CMS_R_NOT_KEY_TRANSPORT)     ,"not key transport"},
+{ERR_REASON(CMS_R_NOT_PWRI)              ,"not pwri"},
 {ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"},
 {ERR_REASON(CMS_R_NO_CIPHER)             ,"no cipher"},
 {ERR_REASON(CMS_R_NO_CONTENT)            ,"no content"},
@@ -189,6 +195,7 @@ static ERR_STRING_DATA CMS_str_reasons[]=
 {ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) ,"no matching recipient"},
 {ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) ,"no matching signature"},
 {ERR_REASON(CMS_R_NO_MSGSIGDIGEST)       ,"no msgsigdigest"},
+{ERR_REASON(CMS_R_NO_PASSWORD)           ,"no password"},
 {ERR_REASON(CMS_R_NO_PRIVATE_KEY)        ,"no private key"},
 {ERR_REASON(CMS_R_NO_PUBLIC_KEY)         ,"no public key"},
 {ERR_REASON(CMS_R_NO_RECEIPT_REQUEST)    ,"no receipt request"},
@@ -212,10 +219,12 @@ static ERR_STRING_DATA CMS_str_reasons[]=
 {ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
 {ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
 {ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsupported kek algorithm"},
+{ERR_REASON(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),"unsupported key encryption algorithm"},
 {ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsupported recipient type"},
 {ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),"unsupported recpientinfo type"},
 {ERR_REASON(CMS_R_UNSUPPORTED_TYPE)      ,"unsupported type"},
 {ERR_REASON(CMS_R_UNWRAP_ERROR)          ,"unwrap error"},
+{ERR_REASON(CMS_R_UNWRAP_FAILURE)        ,"unwrap failure"},
 {ERR_REASON(CMS_R_VERIFICATION_FAILURE)  ,"verification failure"},
 {ERR_REASON(CMS_R_WRAP_ERROR)            ,"wrap error"},
 {0,NULL}

diff --git a/deps/openssl/openssl/crypto/cms/cms_lcl.h b/deps/openssl/openssl/crypto/cms/cms_lcl.h
index c8ecfa7..a9f9730 100644 (file)
--- a/deps/openssl/openssl/crypto/cms/cms_lcl.h
+++ b/deps/openssl/openssl/crypto/cms/cms_lcl.h
@@ -175,6 +175,8 @@ struct CMS_EncryptedContentInfo_st
        const EVP_CIPHER *cipher;
        unsigned char *key;
        size_t keylen;
+       /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
+       int debug;
        };
 
 struct CMS_RecipientInfo_st
@@ -273,6 +275,9 @@ struct CMS_PasswordRecipientInfo_st
        X509_ALGOR *keyDerivationAlgorithm;
        X509_ALGOR *keyEncryptionAlgorithm;
        ASN1_OCTET_STRING *encryptedKey;
+       /* Extra info: password to use */
+       unsigned char *pass;
+       size_t passlen;
        };
 
 struct CMS_OtherRecipientInfo_st
@@ -411,6 +416,8 @@ DECLARE_ASN1_ITEM(CMS_SignerInfo)
 DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
 DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
 DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
+DECLARE_ASN1_ITEM(CMS_RecipientInfo)
+DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
 DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
 
 #define CMS_SIGNERINFO_ISSUER_SERIAL   0
@@ -454,6 +461,11 @@ int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
 ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
 
 BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
+CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms);
+
+/* PWRI routines */
+int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+                                                       int en_de);
        
 #ifdef  __cplusplus
 }

diff --git a/deps/openssl/openssl/crypto/cms/cms_lib.c b/deps/openssl/openssl/crypto/cms/cms_lib.c
index d00fe0f..b62d1bf 100644 (file)
--- a/deps/openssl/openssl/crypto/cms/cms_lib.c
+++ b/deps/openssl/openssl/crypto/cms/cms_lib.c
@@ -411,10 +411,7 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
                 * algorithm  OID instead of digest.
                 */
                        || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
-                       {
-                       EVP_MD_CTX_copy_ex(mctx, mtmp);
-                       return 1;
-                       }
+                       return EVP_MD_CTX_copy_ex(mctx, mtmp);
                chain = BIO_next(chain);
                }
        }

diff --git a/deps/openssl/openssl/crypto/cms/cms_sd.c b/deps/openssl/openssl/crypto/cms/cms_sd.c
index e3192b9..77fbd13 100644 (file)
--- a/deps/openssl/openssl/crypto/cms/cms_sd.c
+++ b/deps/openssl/openssl/crypto/cms/cms_sd.c
@@ -641,7 +641,8 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
                        cms->d.signedData->encapContentInfo->eContentType; 
                unsigned char md[EVP_MAX_MD_SIZE];
                unsigned int mdlen;
-               EVP_DigestFinal_ex(&mctx, md, &mdlen);
+               if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
+                       goto err;
                if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
                                                V_ASN1_OCTET_STRING,
                                                md, mdlen))

diff --git a/deps/openssl/openssl/crypto/cms/cms_smime.c b/deps/openssl/openssl/crypto/cms/cms_smime.c
index 4a799eb..8c56e3a 100644 (file)
--- a/deps/openssl/openssl/crypto/cms/cms_smime.c
+++ b/deps/openssl/openssl/crypto/cms/cms_smime.c
@@ -611,7 +611,10 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
        STACK_OF(CMS_RecipientInfo) *ris;
        CMS_RecipientInfo *ri;
        int i, r;
+       int debug = 0;
        ris = CMS_get0_RecipientInfos(cms);
+       if (ris)
+               debug = cms->d.envelopedData->encryptedContentInfo->debug;
        for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
                {
                ri = sk_CMS_RecipientInfo_value(ris, i);
@@ -625,17 +628,38 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
                        CMS_RecipientInfo_set0_pkey(ri, pk);
                        r = CMS_RecipientInfo_decrypt(cms, ri);
                        CMS_RecipientInfo_set0_pkey(ri, NULL);
-                       if (r > 0)
-                               return 1;
                        if (cert)
                                {
+                               /* If not debugging clear any error and
+                                * return success to avoid leaking of
+                                * information useful to MMA
+                                */
+                               if (!debug)
+                                       {
+                                       ERR_clear_error();
+                                       return 1;
+                                       }
+                               if (r > 0)
+                                       return 1;
                                CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
                                                CMS_R_DECRYPT_ERROR);
                                return 0;
                                }
-                       ERR_clear_error();
+                       /* If no cert and not debugging don't leave loop
+                        * after first successful decrypt. Always attempt
+                        * to decrypt all recipients to avoid leaking timing
+                        * of a successful decrypt.
+                        */
+                       else if (r > 0 && debug)
+                               return 1;
                        }
                }
+       /* If no cert and not debugging always return success */
+       if (!cert && !debug)
+               {
+               ERR_clear_error();
+               return 1;
+               }
 
        CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
        return 0;
@@ -680,6 +704,30 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
        return 0;
 
        }
+
+int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 
+                               unsigned char *pass, ossl_ssize_t passlen)
+       {
+       STACK_OF(CMS_RecipientInfo) *ris;
+       CMS_RecipientInfo *ri;
+       int i, r;
+       ris = CMS_get0_RecipientInfos(cms);
+       for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
+               {
+               ri = sk_CMS_RecipientInfo_value(ris, i);
+               if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
+                               continue;
+               CMS_RecipientInfo_set0_password(ri, pass, passlen);
+               r = CMS_RecipientInfo_decrypt(cms, ri);
+               CMS_RecipientInfo_set0_password(ri, NULL, 0);
+               if (r > 0)
+                       return 1;
+               }
+
+       CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
+       return 0;
+
+       }
        
 int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
                                BIO *dcont, BIO *out,
@@ -694,9 +742,14 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
                }
        if (!dcont && !check_content(cms))
                return 0;
+       if (flags & CMS_DEBUG_DECRYPT)
+               cms->d.envelopedData->encryptedContentInfo->debug = 1;
+       else
+               cms->d.envelopedData->encryptedContentInfo->debug = 0;
+       if (!pk && !cert && !dcont && !out)
+               return 1;
        if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
                return 0;
-
        cont = CMS_dataInit(cms, dcont);
        if (!cont)
                return 0;

diff --git a/deps/openssl/openssl/crypto/comp/c_rle.c b/deps/openssl/openssl/crypto/comp/c_rle.c
index 18bceae..47dfb67 100644 (file)
--- a/deps/openssl/openssl/crypto/comp/c_rle.c
+++ b/deps/openssl/openssl/crypto/comp/c_rle.c
@@ -30,7 +30,7 @@ static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
        {
        /* int i; */
 
-       if (olen < (ilen+1))
+       if (ilen == 0 || olen < (ilen-1))
                {
                /* ZZZZZZZZZZZZZZZZZZZZZZ */
                return(-1);
@@ -46,7 +46,7 @@ static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
        {
        int i;
 
-       if (ilen == 0 || olen < (ilen-1))
+       if (olen < (ilen-1))
                {
                /* ZZZZZZZZZZZZZZZZZZZZZZ */
                return(-1);

diff --git a/deps/openssl/openssl/crypto/conf/conf_mall.c b/deps/openssl/openssl/crypto/conf/conf_mall.c
index c6f4cb2..213890e 100644 (file)
--- a/deps/openssl/openssl/crypto/conf/conf_mall.c
+++ b/deps/openssl/openssl/crypto/conf/conf_mall.c
@@ -76,5 +76,6 @@ void OPENSSL_load_builtin_modules(void)
 #ifndef OPENSSL_NO_ENGINE
        ENGINE_add_conf_module();
 #endif
+       EVP_add_alg_module();
        }
 

diff --git a/deps/openssl/openssl/crypto/cpt_err.c b/deps/openssl/openssl/crypto/cpt_err.c
index 139b928..289005f 100644 (file)
--- a/deps/openssl/openssl/crypto/cpt_err.c
+++ b/deps/openssl/openssl/crypto/cpt_err.c
@@ -1,6 +1,6 @@
 /* crypto/cpt_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -76,6 +76,7 @@ static ERR_STRING_DATA CRYPTO_str_functs[]=
 {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA),        "CRYPTO_set_ex_data"},
 {ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX),     "DEF_ADD_INDEX"},
 {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS),     "DEF_GET_CLASS"},
+{ERR_FUNC(CRYPTO_F_FIPS_MODE_SET),     "FIPS_mode_set"},
 {ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA),   "INT_DUP_EX_DATA"},
 {ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA),  "INT_FREE_EX_DATA"},
 {ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA),   "INT_NEW_EX_DATA"},
@@ -84,6 +85,7 @@ static ERR_STRING_DATA CRYPTO_str_functs[]=
 
 static ERR_STRING_DATA CRYPTO_str_reasons[]=
        {
+{ERR_REASON(CRYPTO_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
 {ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),"no dynlock create callback"},
 {0,NULL}
        };

diff --git a/deps/openssl/openssl/crypto/cryptlib.c b/deps/openssl/openssl/crypto/cryptlib.c
index 24fe123..304c6b7 100644 (file)
--- a/deps/openssl/openssl/crypto/cryptlib.c
+++ b/deps/openssl/openssl/crypto/cryptlib.c
@@ -409,6 +409,10 @@ int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
 void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
                                              const char *file,int line))
        {
+       /* Calling this here ensures initialisation before any threads
+        * are started.
+        */
+       OPENSSL_init();
        locking_callback=func;
        }
 
@@ -500,7 +504,7 @@ void CRYPTO_THREADID_current(CRYPTO_THREADID *id)
        CRYPTO_THREADID_set_numeric(id, (unsigned long)find_thread(NULL));
 #else
        /* For everything else, default to using the address of 'errno' */
-       CRYPTO_THREADID_set_pointer(id, &errno);
+       CRYPTO_THREADID_set_pointer(id, (void*)&errno);
 #endif
        }
 
@@ -661,28 +665,53 @@ const char *CRYPTO_get_lock_name(int type)
        defined(__INTEL__) || \
        defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
 
-unsigned long  OPENSSL_ia32cap_P=0;
-unsigned long *OPENSSL_ia32cap_loc(void) { return &OPENSSL_ia32cap_P; }
+unsigned int  OPENSSL_ia32cap_P[2];
+unsigned long *OPENSSL_ia32cap_loc(void)
+{   if (sizeof(long)==4)
+       /*
+        * If 32-bit application pulls address of OPENSSL_ia32cap_P[0]
+        * clear second element to maintain the illusion that vector
+        * is 32-bit.
+        */
+       OPENSSL_ia32cap_P[1]=0;
+    return (unsigned long *)OPENSSL_ia32cap_P;
+}
 
 #if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
 #define OPENSSL_CPUID_SETUP
+#if defined(_WIN32)
+typedef unsigned __int64 IA32CAP;
+#else
+typedef unsigned long long IA32CAP;
+#endif
 void OPENSSL_cpuid_setup(void)
 { static int trigger=0;
-  unsigned long OPENSSL_ia32_cpuid(void);
+  IA32CAP OPENSSL_ia32_cpuid(void);
+  IA32CAP vec;
   char *env;
 
     if (trigger)       return;
 
     trigger=1;
-    if ((env=getenv("OPENSSL_ia32cap")))
-       OPENSSL_ia32cap_P = strtoul(env,NULL,0)|(1<<10);
+    if ((env=getenv("OPENSSL_ia32cap"))) {
+       int off = (env[0]=='~')?1:0;
+#if defined(_WIN32)
+       if (!sscanf(env+off,"%I64i",&vec)) vec = strtoul(env+off,NULL,0);
+#else
+       if (!sscanf(env+off,"%lli",(long long *)&vec)) vec = strtoul(env+off,NULL,0);
+#endif
+       if (off) vec = OPENSSL_ia32_cpuid()&~vec;
+    }
     else
-       OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid()|(1<<10);
+       vec = OPENSSL_ia32_cpuid();
+
     /*
      * |(1<<10) sets a reserved bit to signal that variable
      * was initialized already... This is to avoid interference
      * with cpuid snippets in ELF .init segment.
      */
+    OPENSSL_ia32cap_P[0] = (unsigned int)vec|(1<<10);
+    OPENSSL_ia32cap_P[1] = (unsigned int)(vec>>32);
 }
 #endif
 
@@ -896,3 +925,16 @@ void OpenSSLDie(const char *file,int line,const char *assertion)
        }
 
 void *OPENSSL_stderr(void)     { return stderr; }
+
+int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
+       {
+       size_t i;
+       const unsigned char *a = in_a;
+       const unsigned char *b = in_b;
+       unsigned char x = 0;
+
+       for (i = 0; i < len; i++)
+               x |= a[i] ^ b[i];
+
+       return x;
+       }

diff --git a/deps/openssl/openssl/crypto/cryptlib.h b/deps/openssl/openssl/crypto/cryptlib.h
index fc249c5..d26f963 100644 (file)
--- a/deps/openssl/openssl/crypto/cryptlib.h
+++ b/deps/openssl/openssl/crypto/cryptlib.h
@@ -99,8 +99,8 @@ extern "C" {
 #define HEX_SIZE(type)         (sizeof(type)*2)
 
 void OPENSSL_cpuid_setup(void);
-extern unsigned long OPENSSL_ia32cap_P;
-void OPENSSL_showfatal(const char *,...);
+extern unsigned int OPENSSL_ia32cap_P[];
+void OPENSSL_showfatal(const char *fmta,...);
 void *OPENSSL_stderr(void);
 extern int OPENSSL_NONPIC_relocated;
 

diff --git a/deps/openssl/openssl/crypto/crypto-lib.com b/deps/openssl/openssl/crypto/crypto-lib.com
index a29c0af..dc8a8c1 100644 (file)
--- a/deps/openssl/openssl/crypto/crypto-lib.com
+++ b/deps/openssl/openssl/crypto/crypto-lib.com
@@ -117,7 +117,7 @@ $ ENCRYPT_TYPES = "Basic,"+ -
                  "BUFFER,BIO,STACK,LHASH,RAND,ERR,"+ -
                  "EVP,EVP_2,EVP_3,ASN1,ASN1_2,PEM,X509,X509V3,"+ -
                  "CONF,TXT_DB,PKCS7,PKCS12,COMP,OCSP,UI,KRB5,"+ -
-                 "STORE,CMS,PQUEUE,TS,JPAKE"
+                 "CMS,PQUEUE,TS,JPAKE,SRP,STORE,CMAC"
 $!
 $! Check To Make Sure We Have Valid Command Line Parameters.
 $!
@@ -207,7 +207,8 @@ $!
 $ APPS_DES = "DES/DES,CBC3_ENC"
 $ APPS_PKCS7 = "ENC/ENC;DEC/DEC;SIGN/SIGN;VERIFY/VERIFY,EXAMPLE"
 $
-$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,cpt_err,ebcdic,uid,o_time,o_str,o_dir"
+$ LIB_ = "cryptlib,mem,mem_clr,mem_dbg,cversion,ex_data,cpt_err,"+ -
+       "ebcdic,uid,o_time,o_str,o_dir,o_fips.c,o_init,fips_ers"
 $ LIB_MD2 = "md2_dgst,md2_one"
 $ LIB_MD4 = "md4_dgst,md4_one"
 $ LIB_MD5 = "md5_dgst,md5_one"
@@ -224,15 +225,16 @@ $ LIB_DES = "set_key,ecb_enc,cbc_enc,"+ -
        "fcrypt,xcbc_enc,rpc_enc,cbc_cksm,"+ -
        "ede_cbcm_enc,des_old,des_old2,read2pwd"
 $ LIB_RC2 = "rc2_ecb,rc2_skey,rc2_cbc,rc2cfb64,rc2ofb64"
-$ LIB_RC4 = "rc4_skey,rc4_enc"
+$ LIB_RC4 = "rc4_skey,rc4_enc,rc4_utl"
 $ LIB_RC5 = "rc5_skey,rc5_ecb,rc5_enc,rc5cfb64,rc5ofb64"
 $ LIB_IDEA = "i_cbc,i_cfb64,i_ofb64,i_ecb,i_skey"
 $ LIB_BF = "bf_skey,bf_ecb,bf_enc,bf_cfb64,bf_ofb64"
 $ LIB_CAST = "c_skey,c_ecb,c_enc,c_cfb64,c_ofb64"
 $ LIB_CAMELLIA = "camellia,cmll_misc,cmll_ecb,cmll_cbc,cmll_ofb,"+ -
-       "cmll_cfb,cmll_ctr"
+       "cmll_cfb,cmll_ctr,cmll_utl"
 $ LIB_SEED = "seed,seed_ecb,seed_cbc,seed_cfb,seed_ofb"
-$ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128"
+$ LIB_MODES = "cbc128,ctr128,cts128,cfb128,ofb128,gcm128,"+ -
+       "ccm128,xts128"
 $ LIB_BN_ASM = "[.asm]vms.mar,vms-helper"
 $ IF F$TRNLNM("OPENSSL_NO_ASM") .OR. ARCH .NES. "VAX" THEN -
      LIB_BN_ASM = "bn_asm"
@@ -240,14 +242,16 @@ $ LIB_BN = "bn_add,bn_div,bn_exp,bn_lib,bn_ctx,bn_mul,bn_mod,"+ -
        "bn_print,bn_rand,bn_shift,bn_word,bn_blind,"+ -
        "bn_kron,bn_sqrt,bn_gcd,bn_prime,bn_err,bn_sqr,"+LIB_BN_ASM+","+ -
        "bn_recp,bn_mont,bn_mpi,bn_exp2,bn_gf2m,bn_nist,"+ -
-       "bn_depr,bn_const"
+       "bn_depr,bn_const,bn_x931p"
 $ LIB_EC = "ec_lib,ecp_smpl,ecp_mont,ecp_nist,ec_cvt,ec_mult,"+ -
        "ec_err,ec_curve,ec_check,ec_print,ec_asn1,ec_key,"+ -
-       "ec2_smpl,ec2_mult,ec_ameth,ec_pmeth,eck_prn"
+       "ec2_smpl,ec2_mult,ec_ameth,ec_pmeth,eck_prn,"+ -
+       "ecp_nistp224,ecp_nistp256,ecp_nistp521,ecp_nistputil,"+ -
+       "ecp_oct,ec2_oct,ec_oct"
 $ LIB_RSA = "rsa_eay,rsa_gen,rsa_lib,rsa_sign,rsa_saos,rsa_err,"+ -
        "rsa_pk1,rsa_ssl,rsa_none,rsa_oaep,rsa_chk,rsa_null,"+ -
        "rsa_pss,rsa_x931,rsa_asn1,rsa_depr,rsa_ameth,rsa_prn,"+ -
-       "rsa_pmeth"
+       "rsa_pmeth,rsa_crpt"
 $ LIB_DSA = "dsa_gen,dsa_key,dsa_lib,dsa_asn1,dsa_vrf,dsa_sign,"+ -
        "dsa_err,dsa_ossl,dsa_depr,dsa_ameth,dsa_pmeth,dsa_prn"
 $ LIB_ECDSA = "ecs_lib,ecs_asn1,ecs_ossl,ecs_sign,ecs_vrf,ecs_err"
@@ -260,10 +264,11 @@ $ LIB_ENGINE = "eng_err,eng_lib,eng_list,eng_init,eng_ctrl,"+ -
        "eng_table,eng_pkey,eng_fat,eng_all,"+ -
        "tb_rsa,tb_dsa,tb_ecdsa,tb_dh,tb_ecdh,tb_rand,tb_store,"+ -
        "tb_cipher,tb_digest,tb_pkmeth,tb_asnmth,"+ -
-       "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev"
+       "eng_openssl,eng_dyn,eng_cnf,eng_cryptodev,"+ -
+       "eng_rsax,eng_rdrand"
 $ LIB_AES = "aes_core,aes_misc,aes_ecb,aes_cbc,aes_cfb,aes_ofb,aes_ctr,"+ -
        "aes_ige,aes_wrap"
-$ LIB_BUFFER = "buffer,buf_err"
+$ LIB_BUFFER = "buffer,buf_str,buf_err"
 $ LIB_BIO = "bio_lib,bio_cb,bio_err,"+ -
        "bss_mem,bss_null,bss_fd,"+ -
        "bss_file,bss_sock,bss_conn,"+ -
@@ -277,7 +282,7 @@ $ LIB_RAND = "md_rand,randfile,rand_lib,rand_err,rand_egd,"+ -
        "rand_vms"
 $ LIB_ERR = "err,err_all,err_prn"
 $ LIB_OBJECTS = "o_names,obj_dat,obj_lib,obj_err,obj_xref"
-$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,"+ -
+$ LIB_EVP = "encode,digest,evp_enc,evp_key,evp_acnf,evp_cnf,"+ -
        "e_des,e_bf,e_idea,e_des3,e_camellia,"+ -
        "e_rc4,e_aes,names,e_seed,"+ -
        "e_xcbc_d,e_rc2,e_cast,e_rc5"
@@ -287,7 +292,8 @@ $ LIB_EVP_2 = "m_null,m_md2,m_md4,m_md5,m_sha,m_sha1,m_wp," + -
        "bio_md,bio_b64,bio_enc,evp_err,e_null,"+ -
        "c_all,c_allc,c_alld,evp_lib,bio_ok,"+-
        "evp_pkey,evp_pbe,p5_crpt,p5_crpt2"
-$ LIB_EVP_3 = "e_old,pmeth_lib,pmeth_fn,pmeth_gn,m_sigver"
+$ LIB_EVP_3 = "e_old,pmeth_lib,pmeth_fn,pmeth_gn,m_sigver,evp_fips,"+ -
+       "e_aes_cbc_hmac_sha1,e_rc4_hmac_md5"
 $ LIB_ASN1 = "a_object,a_bitstr,a_utctm,a_gentm,a_time,a_int,a_octet,"+ -
        "a_print,a_type,a_set,a_dup,a_d2i_fp,a_i2d_fp,"+ -
        "a_enum,a_utf8,a_sign,a_digest,a_verify,a_mbstr,a_strex,"+ -
@@ -329,14 +335,17 @@ $ LIB_OCSP = "ocsp_asn,ocsp_ext,ocsp_ht,ocsp_lib,ocsp_cl,"+ -
 $ LIB_UI_COMPAT = ",ui_compat"
 $ LIB_UI = "ui_err,ui_lib,ui_openssl,ui_util"+LIB_UI_COMPAT
 $ LIB_KRB5 = "krb5_asn"
-$ LIB_STORE = "str_err,str_lib,str_meth,str_mem"
 $ LIB_CMS = "cms_lib,cms_asn1,cms_att,cms_io,cms_smime,cms_err,"+ -
-       "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess"
+       "cms_sd,cms_dd,cms_cd,cms_env,cms_enc,cms_ess,"+ -
+       "cms_pwri"
 $ LIB_PQUEUE = "pqueue"
 $ LIB_TS = "ts_err,ts_req_utils,ts_req_print,ts_rsp_utils,ts_rsp_print,"+ -
        "ts_rsp_sign,ts_rsp_verify,ts_verify_ctx,ts_lib,ts_conf,"+ -
        "ts_asn1"
 $ LIB_JPAKE = "jpake,jpake_err"
+$ LIB_SRP = "srp_lib,srp_vfy"
+$ LIB_STORE = "str_err,str_lib,str_meth,str_mem"
+$ LIB_CMAC = "cmac,cm_ameth.c,cm_pmeth"
 $!
 $! Setup exceptional compilations
 $!
@@ -1021,7 +1030,7 @@ $!
 $! Set basic C compiler /INCLUDE directories.
 $!
 $ CC_INCLUDES = "SYS$DISK:[.''ARCHD'],SYS$DISK:[],SYS$DISK:[-],"+ -
-   "SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.EVP],SYS$DISK:[.ASN1]"
+   "SYS$DISK:[.ENGINE.VENDOR_DEFNS],SYS$DISK:[.MODES],SYS$DISK:[.ASN1],SYS$DISK:[.EVP]"
 $!
 $! Check To See If P3 Is Blank.
 $!

diff --git a/deps/openssl/openssl/crypto/crypto.h b/deps/openssl/openssl/crypto/crypto.h
index b0360ce..f92fc51 100644 (file)
--- a/deps/openssl/openssl/crypto/crypto.h
+++ b/deps/openssl/openssl/crypto/crypto.h
@@ -488,10 +488,10 @@ void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
                                    long (**go)(void));
 
 void *CRYPTO_malloc_locked(int num, const char *file, int line);
-void CRYPTO_free_locked(void *);
+void CRYPTO_free_locked(void *ptr);
 void *CRYPTO_malloc(int num, const char *file, int line);
 char *CRYPTO_strdup(const char *str, const char *file, int line);
-void CRYPTO_free(void *);
+void CRYPTO_free(void *ptr);
 void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
 void *CRYPTO_realloc_clean(void *addr,int old_num,int num,const char *file,
                           int line);
@@ -547,6 +547,40 @@ unsigned long *OPENSSL_ia32cap_loc(void);
 #define OPENSSL_ia32cap (*(OPENSSL_ia32cap_loc()))
 int OPENSSL_isservice(void);
 
+int FIPS_mode(void);
+int FIPS_mode_set(int r);
+
+void OPENSSL_init(void);
+
+#define fips_md_init(alg) fips_md_init_ctx(alg, alg)
+
+#ifdef OPENSSL_FIPS
+#define fips_md_init_ctx(alg, cx) \
+       int alg##_Init(cx##_CTX *c) \
+       { \
+       if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
+               "Low level API call to digest " #alg " forbidden in FIPS mode!"); \
+       return private_##alg##_Init(c); \
+       } \
+       int private_##alg##_Init(cx##_CTX *c)
+
+#define fips_cipher_abort(alg) \
+       if (FIPS_mode()) OpenSSLDie(__FILE__, __LINE__, \
+               "Low level API call to cipher " #alg " forbidden in FIPS mode!")
+
+#else
+#define fips_md_init_ctx(alg, cx) \
+       int alg##_Init(cx##_CTX *c)
+#define fips_cipher_abort(alg) while(0)
+#endif
+
+/* CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal. It
+ * takes an amount of time dependent on |len|, but independent of the contents
+ * of |a| and |b|. Unlike memcmp, it cannot be used to put elements into a
+ * defined order as the return value when a != b is undefined, other than to be
+ * non-zero. */
+int CRYPTO_memcmp(const void *a, const void *b, size_t len);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -562,11 +596,13 @@ void ERR_load_CRYPTO_strings(void);
 #define CRYPTO_F_CRYPTO_SET_EX_DATA                     102
 #define CRYPTO_F_DEF_ADD_INDEX                          104
 #define CRYPTO_F_DEF_GET_CLASS                          105
+#define CRYPTO_F_FIPS_MODE_SET                          109
 #define CRYPTO_F_INT_DUP_EX_DATA                        106
 #define CRYPTO_F_INT_FREE_EX_DATA                       107
 #define CRYPTO_F_INT_NEW_EX_DATA                        108
 
 /* Reason codes. */
+#define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                101
 #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK             100
 
 #ifdef  __cplusplus

diff --git a/deps/openssl/openssl/crypto/des/Makefile b/deps/openssl/openssl/crypto/des/Makefile
index ae98226..a6e1001 100644 (file)
--- a/deps/openssl/openssl/crypto/des/Makefile
+++ b/deps/openssl/openssl/crypto/des/Makefile
@@ -257,8 +257,9 @@ rpc_enc.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 rpc_enc.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rpc_enc.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
 rpc_enc.o: des_locl.h des_ver.h rpc_des.h rpc_enc.c
-set_key.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-set_key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+set_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+set_key.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+set_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 set_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 set_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 set_key.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h

diff --git a/deps/openssl/openssl/crypto/des/des.h b/deps/openssl/openssl/crypto/des/des.h
index 92b6663..1eaedcb 100644 (file)
--- a/deps/openssl/openssl/crypto/des/des.h
+++ b/deps/openssl/openssl/crypto/des/des.h
@@ -224,6 +224,9 @@ int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule);
 int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule);
 int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule);
 void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
+#ifdef OPENSSL_FIPS
+void private_DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule);
+#endif
 void DES_string_to_key(const char *str,DES_cblock *key);
 void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2);
 void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length,

diff --git a/deps/openssl/openssl/crypto/des/set_key.c b/deps/openssl/openssl/crypto/des/set_key.c
index 3004cc3..da4d62e 100644 (file)
--- a/deps/openssl/openssl/crypto/des/set_key.c
+++ b/deps/openssl/openssl/crypto/des/set_key.c
@@ -63,6 +63,7 @@
  * 1.1 added norm_expand_bits
  * 1.0 First working version
  */
+#include <openssl/crypto.h>
 #include "des_locl.h"
 
 OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key,0)  /* defaults to false */
@@ -335,6 +336,13 @@ int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
        }
 
 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
+#ifdef OPENSSL_FIPS
+       {
+       fips_cipher_abort(DES);
+       private_DES_set_key_unchecked(key, schedule);
+       }
+void private_DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
+#endif
        {
        static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
        register DES_LONG c,d,t,s,t2;

diff --git a/deps/openssl/openssl/crypto/des/str2key.c b/deps/openssl/openssl/crypto/des/str2key.c
index 9c2054b..1077f99 100644 (file)
--- a/deps/openssl/openssl/crypto/des/str2key.c
+++ b/deps/openssl/openssl/crypto/des/str2key.c
@@ -56,8 +56,8 @@
  * [including the GNU Public Licence.]
  */
 
-#include "des_locl.h"
 #include <openssl/crypto.h>
+#include "des_locl.h"
 
 void DES_string_to_key(const char *str, DES_cblock *key)
        {

diff --git a/deps/openssl/openssl/crypto/dh/dh.h b/deps/openssl/openssl/crypto/dh/dh.h
index 849309a..ea59e61 100644 (file)
--- a/deps/openssl/openssl/crypto/dh/dh.h
+++ b/deps/openssl/openssl/crypto/dh/dh.h
@@ -86,6 +86,21 @@
                                        * be used for all exponents.
                                        */
 
+/* If this flag is set the DH method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its reposibility
+ * to ensure the result is compliant.
+ */
+
+#define DH_FLAG_FIPS_METHOD                    0x0400
+
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#define DH_FLAG_NON_FIPS_ALLOW                 0x0400
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -230,6 +245,9 @@ void ERR_load_DH_strings(void);
 #define DH_F_COMPUTE_KEY                                102
 #define DH_F_DHPARAMS_PRINT_FP                          101
 #define DH_F_DH_BUILTIN_GENPARAMS                       106
+#define DH_F_DH_COMPUTE_KEY                             114
+#define DH_F_DH_GENERATE_KEY                            115
+#define DH_F_DH_GENERATE_PARAMETERS_EX                  116
 #define DH_F_DH_NEW_METHOD                              105
 #define DH_F_DH_PARAM_DECODE                            107
 #define DH_F_DH_PRIV_DECODE                             110
@@ -249,7 +267,9 @@ void ERR_load_DH_strings(void);
 #define DH_R_DECODE_ERROR                               104
 #define DH_R_INVALID_PUBKEY                             102
 #define DH_R_KEYS_NOT_SET                               108
+#define DH_R_KEY_SIZE_TOO_SMALL                                 110
 #define DH_R_MODULUS_TOO_LARGE                          103
+#define DH_R_NON_FIPS_METHOD                            111
 #define DH_R_NO_PARAMETERS_SET                          107
 #define DH_R_NO_PRIVATE_VALUE                           100
 #define DH_R_PARAMETER_ENCODING_ERROR                   105

diff --git a/deps/openssl/openssl/crypto/dh/dh_ameth.c b/deps/openssl/openssl/crypto/dh/dh_ameth.c
index 377caf9..02ec2d4 100644 (file)
--- a/deps/openssl/openssl/crypto/dh/dh_ameth.c
+++ b/deps/openssl/openssl/crypto/dh/dh_ameth.c
@@ -493,6 +493,7 @@ const EVP_PKEY_ASN1_METHOD dh_asn1_meth =
        dh_copy_parameters,
        dh_cmp_parameters,
        dh_param_print,
+       0,
 
        int_dh_free,
        0

diff --git a/deps/openssl/openssl/crypto/dh/dh_err.c b/deps/openssl/openssl/crypto/dh/dh_err.c
index d5cf0c2..56d3df7 100644 (file)
--- a/deps/openssl/openssl/crypto/dh/dh_err.c
+++ b/deps/openssl/openssl/crypto/dh/dh_err.c
@@ -1,6 +1,6 @@
 /* crypto/dh/dh_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -73,6 +73,9 @@ static ERR_STRING_DATA DH_str_functs[]=
 {ERR_FUNC(DH_F_COMPUTE_KEY),   "COMPUTE_KEY"},
 {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP),     "DHparams_print_fp"},
 {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS),  "DH_BUILTIN_GENPARAMS"},
+{ERR_FUNC(DH_F_DH_COMPUTE_KEY),        "DH_compute_key"},
+{ERR_FUNC(DH_F_DH_GENERATE_KEY),       "DH_generate_key"},
+{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS_EX),     "DH_generate_parameters_ex"},
 {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
 {ERR_FUNC(DH_F_DH_PARAM_DECODE),       "DH_PARAM_DECODE"},
 {ERR_FUNC(DH_F_DH_PRIV_DECODE),        "DH_PRIV_DECODE"},
@@ -95,7 +98,9 @@ static ERR_STRING_DATA DH_str_reasons[]=
 {ERR_REASON(DH_R_DECODE_ERROR)           ,"decode error"},
 {ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
 {ERR_REASON(DH_R_KEYS_NOT_SET)           ,"keys not set"},
+{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL)     ,"key size too small"},
 {ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},
+{ERR_REASON(DH_R_NON_FIPS_METHOD)        ,"non fips method"},
 {ERR_REASON(DH_R_NO_PARAMETERS_SET)      ,"no parameters set"},
 {ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
 {ERR_REASON(DH_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},

diff --git a/deps/openssl/openssl/crypto/dh/dh_gen.c b/deps/openssl/openssl/crypto/dh/dh_gen.c
index cfd5b11..7b1fe9c 100644 (file)
--- a/deps/openssl/openssl/crypto/dh/dh_gen.c
+++ b/deps/openssl/openssl/crypto/dh/dh_gen.c
@@ -66,12 +66,29 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
 
 int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
        {
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(ret->meth->flags & DH_FLAG_FIPS_METHOD)
+                       && !(ret->flags & DH_FLAG_NON_FIPS_ALLOW))
+               {
+               DHerr(DH_F_DH_GENERATE_PARAMETERS_EX, DH_R_NON_FIPS_METHOD);
+               return 0;
+               }
+#endif
        if(ret->meth->generate_params)
                return ret->meth->generate_params(ret, prime_len, generator, cb);
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               return FIPS_dh_generate_parameters_ex(ret, prime_len,
+                                                       generator, cb);
+#endif
        return dh_builtin_genparams(ret, prime_len, generator, cb);
        }
 

diff --git a/deps/openssl/openssl/crypto/dh/dh_key.c b/deps/openssl/openssl/crypto/dh/dh_key.c
index e7db440..89a74db 100644 (file)
--- a/deps/openssl/openssl/crypto/dh/dh_key.c
+++ b/deps/openssl/openssl/crypto/dh/dh_key.c
@@ -73,11 +73,27 @@ static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
        {
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
+                       && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
+               {
+               DHerr(DH_F_DH_GENERATE_KEY, DH_R_NON_FIPS_METHOD);
+               return 0;
+               }
+#endif
        return dh->meth->generate_key(dh);
        }
 
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
        {
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(dh->meth->flags & DH_FLAG_FIPS_METHOD)
+                       && !(dh->flags & DH_FLAG_NON_FIPS_ALLOW))
+               {
+               DHerr(DH_F_DH_COMPUTE_KEY, DH_R_NON_FIPS_METHOD);
+               return 0;
+               }
+#endif
        return dh->meth->compute_key(key, pub_key, dh);
        }
 
@@ -138,8 +154,21 @@ static int generate_key(DH *dh)
 
        if (generate_new_key)
                {
-               l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
-               if (!BN_rand(priv_key, l, 0, 0)) goto err;
+               if (dh->q)
+                       {
+                       do
+                               {
+                               if (!BN_rand_range(priv_key, dh->q))
+                                       goto err;
+                               }
+                       while (BN_is_zero(priv_key) || BN_is_one(priv_key));
+                       }
+               else
+                       {
+                       /* secret exponent length */
+                       l = dh->length ? dh->length : BN_num_bits(dh->p)-1;
+                       if (!BN_rand(priv_key, l, 0, 0)) goto err;
+                       }
                }
 
        {

diff --git a/deps/openssl/openssl/crypto/dh/dh_lib.c b/deps/openssl/openssl/crypto/dh/dh_lib.c
index 7aef080..00218f2 100644 (file)
--- a/deps/openssl/openssl/crypto/dh/dh_lib.c
+++ b/deps/openssl/openssl/crypto/dh/dh_lib.c
@@ -64,6 +64,10 @@
 #include <openssl/engine.h>
 #endif
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
 static const DH_METHOD *default_DH_method = NULL;
@@ -76,7 +80,16 @@ void DH_set_default_method(const DH_METHOD *meth)
 const DH_METHOD *DH_get_default_method(void)
        {
        if(!default_DH_method)
+               {
+#ifdef OPENSSL_FIPS
+               if (FIPS_mode())
+                       return FIPS_dh_openssl();
+               else
+                       return DH_OpenSSL();
+#else
                default_DH_method = DH_OpenSSL();
+#endif
+               }
        return default_DH_method;
        }
 
@@ -156,7 +169,7 @@ DH *DH_new_method(ENGINE *engine)
        ret->counter = NULL;
        ret->method_mont_p=NULL;
        ret->references = 1;
-       ret->flags=ret->meth->flags;
+       ret->flags=ret->meth->flags & ~DH_FLAG_NON_FIPS_ALLOW;
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                {

diff --git a/deps/openssl/openssl/crypto/dsa/Makefile b/deps/openssl/openssl/crypto/dsa/Makefile
index 8073c4e..5fef4ca 100644 (file)
--- a/deps/openssl/openssl/crypto/dsa/Makefile
+++ b/deps/openssl/openssl/crypto/dsa/Makefile
@@ -99,8 +99,9 @@ dsa_asn1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
 dsa_asn1.o: ../../include/openssl/opensslconf.h
 dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-dsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-dsa_asn1.o: ../../include/openssl/symhacks.h ../cryptlib.h dsa_asn1.c
+dsa_asn1.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+dsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+dsa_asn1.o: ../cryptlib.h dsa_asn1.c
 dsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h
 dsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -189,7 +190,7 @@ dsa_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 dsa_prn.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 dsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 dsa_prn.o: ../cryptlib.h dsa_prn.c
-dsa_sign.o: ../../e_os.h ../../include/openssl/bio.h
+dsa_sign.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h
 dsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
 dsa_sign.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

diff --git a/deps/openssl/openssl/crypto/dsa/dsa.h b/deps/openssl/openssl/crypto/dsa/dsa.h
index ac50a5c..a6f6d0b 100644 (file)
--- a/deps/openssl/openssl/crypto/dsa/dsa.h
+++ b/deps/openssl/openssl/crypto/dsa/dsa.h
@@ -97,6 +97,21 @@
                                               * be used for all exponents.
                                               */
 
+/* If this flag is set the DSA method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its reposibility
+ * to ensure the result is compliant.
+ */
+
+#define DSA_FLAG_FIPS_METHOD                   0x0400
+
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#define DSA_FLAG_NON_FIPS_ALLOW                        0x0400
+
 #ifdef  __cplusplus
 extern "C" {
 #endif
@@ -272,6 +287,8 @@ void ERR_load_DSA_strings(void);
 #define DSA_F_DSAPARAMS_PRINT_FP                        101
 #define DSA_F_DSA_DO_SIGN                               112
 #define DSA_F_DSA_DO_VERIFY                             113
+#define DSA_F_DSA_GENERATE_KEY                          124
+#define DSA_F_DSA_GENERATE_PARAMETERS_EX                123
 #define DSA_F_DSA_NEW_METHOD                            103
 #define DSA_F_DSA_PARAM_DECODE                          119
 #define DSA_F_DSA_PRINT_FP                              105
@@ -282,6 +299,7 @@ void ERR_load_DSA_strings(void);
 #define DSA_F_DSA_SIGN                                  106
 #define DSA_F_DSA_SIGN_SETUP                            107
 #define DSA_F_DSA_SIG_NEW                               109
+#define DSA_F_DSA_SIG_PRINT                             125
 #define DSA_F_DSA_VERIFY                                108
 #define DSA_F_I2D_DSA_SIG                               111
 #define DSA_F_OLD_DSA_PRIV_DECODE                       122
@@ -298,6 +316,8 @@ void ERR_load_DSA_strings(void);
 #define DSA_R_INVALID_DIGEST_TYPE                       106
 #define DSA_R_MISSING_PARAMETERS                        101
 #define DSA_R_MODULUS_TOO_LARGE                                 103
+#define DSA_R_NEED_NEW_SETUP_VALUES                     110
+#define DSA_R_NON_FIPS_DSA_METHOD                       111
 #define DSA_R_NO_PARAMETERS_SET                                 107
 #define DSA_R_PARAMETER_ENCODING_ERROR                  105
 

diff --git a/deps/openssl/openssl/crypto/dsa/dsa_ameth.c b/deps/openssl/openssl/crypto/dsa/dsa_ameth.c
index 6413aae..376156e 100644 (file)
--- a/deps/openssl/openssl/crypto/dsa/dsa_ameth.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_ameth.c
@@ -542,6 +542,52 @@ static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
        return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
        }
 
+static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
+                                       const ASN1_STRING *sig,
+                                       int indent, ASN1_PCTX *pctx)
+       {
+       DSA_SIG *dsa_sig;
+       const unsigned char *p;
+       if (!sig)
+               {
+               if (BIO_puts(bp, "\n") <= 0)
+                       return 0;
+               else
+                       return 1;
+               }
+       p = sig->data;
+       dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
+       if (dsa_sig)
+               {
+               int rv = 0;
+               size_t buf_len = 0;
+               unsigned char *m=NULL;
+               update_buflen(dsa_sig->r, &buf_len);
+               update_buflen(dsa_sig->s, &buf_len);
+               m = OPENSSL_malloc(buf_len+10);
+               if (m == NULL)
+                       {
+                       DSAerr(DSA_F_DSA_SIG_PRINT,ERR_R_MALLOC_FAILURE);
+                       goto err;
+                       }
+
+               if (BIO_write(bp, "\n", 1) != 1)
+                       goto err;
+
+               if (!ASN1_bn_print(bp,"r:   ",dsa_sig->r,m,indent))
+                       goto err;
+               if (!ASN1_bn_print(bp,"s:   ",dsa_sig->s,m,indent))
+                       goto err;
+               rv = 1;
+               err:
+               if (m)
+                       OPENSSL_free(m);
+               DSA_SIG_free(dsa_sig);
+               return rv;
+               }
+       return X509_signature_dump(bp, sig, indent);
+       }
+
 static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
        {
        switch (op)
@@ -647,6 +693,7 @@ const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] =
                dsa_copy_parameters,
                dsa_cmp_parameters,
                dsa_param_print,
+               dsa_sig_print,
 
                int_dsa_free,
                dsa_pkey_ctrl,

diff --git a/deps/openssl/openssl/crypto/dsa/dsa_asn1.c b/deps/openssl/openssl/crypto/dsa/dsa_asn1.c
index c37460b..6058534 100644 (file)
--- a/deps/openssl/openssl/crypto/dsa/dsa_asn1.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_asn1.c
@@ -61,6 +61,7 @@
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
+#include <openssl/rand.h>
 
 /* Override the default new methods */
 static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
@@ -87,7 +88,7 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
        ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
 } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
 
-IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG)
 
 /* Override the default free and new methods */
 static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
@@ -148,3 +149,40 @@ DSA *DSAparams_dup(DSA *dsa)
        {
        return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
        }
+
+int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
+            unsigned int *siglen, DSA *dsa)
+       {
+       DSA_SIG *s;
+       RAND_seed(dgst, dlen);
+       s=DSA_do_sign(dgst,dlen,dsa);
+       if (s == NULL)
+               {
+               *siglen=0;
+               return(0);
+               }
+       *siglen=i2d_DSA_SIG(s,&sig);
+       DSA_SIG_free(s);
+       return(1);
+       }
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+/* returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+            const unsigned char *sigbuf, int siglen, DSA *dsa)
+       {
+       DSA_SIG *s;
+       int ret=-1;
+
+       s = DSA_SIG_new();
+       if (s == NULL) return(ret);
+       if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
+       ret=DSA_do_verify(dgst,dgst_len,s,dsa);
+err:
+       DSA_SIG_free(s);
+       return(ret);
+       }

diff --git a/deps/openssl/openssl/crypto/dsa/dsa_err.c b/deps/openssl/openssl/crypto/dsa/dsa_err.c
index bba984e..00545b7 100644 (file)
--- a/deps/openssl/openssl/crypto/dsa/dsa_err.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_err.c
@@ -1,6 +1,6 @@
 /* crypto/dsa/dsa_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -76,6 +76,8 @@ static ERR_STRING_DATA DSA_str_functs[]=
 {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP),   "DSAparams_print_fp"},
 {ERR_FUNC(DSA_F_DSA_DO_SIGN),  "DSA_do_sign"},
 {ERR_FUNC(DSA_F_DSA_DO_VERIFY),        "DSA_do_verify"},
+{ERR_FUNC(DSA_F_DSA_GENERATE_KEY),     "DSA_generate_key"},
+{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS_EX),   "DSA_generate_parameters_ex"},
 {ERR_FUNC(DSA_F_DSA_NEW_METHOD),       "DSA_new_method"},
 {ERR_FUNC(DSA_F_DSA_PARAM_DECODE),     "DSA_PARAM_DECODE"},
 {ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
@@ -86,6 +88,7 @@ static ERR_STRING_DATA DSA_str_functs[]=
 {ERR_FUNC(DSA_F_DSA_SIGN),     "DSA_sign"},
 {ERR_FUNC(DSA_F_DSA_SIGN_SETUP),       "DSA_sign_setup"},
 {ERR_FUNC(DSA_F_DSA_SIG_NEW),  "DSA_SIG_new"},
+{ERR_FUNC(DSA_F_DSA_SIG_PRINT),        "DSA_SIG_PRINT"},
 {ERR_FUNC(DSA_F_DSA_VERIFY),   "DSA_verify"},
 {ERR_FUNC(DSA_F_I2D_DSA_SIG),  "i2d_DSA_SIG"},
 {ERR_FUNC(DSA_F_OLD_DSA_PRIV_DECODE),  "OLD_DSA_PRIV_DECODE"},
@@ -105,6 +108,8 @@ static ERR_STRING_DATA DSA_str_reasons[]=
 {ERR_REASON(DSA_R_INVALID_DIGEST_TYPE)   ,"invalid digest type"},
 {ERR_REASON(DSA_R_MISSING_PARAMETERS)    ,"missing parameters"},
 {ERR_REASON(DSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
+{ERR_REASON(DSA_R_NEED_NEW_SETUP_VALUES) ,"need new setup values"},
+{ERR_REASON(DSA_R_NON_FIPS_DSA_METHOD)   ,"non fips dsa method"},
 {ERR_REASON(DSA_R_NO_PARAMETERS_SET)     ,"no parameters set"},
 {ERR_REASON(DSA_R_PARAMETER_ENCODING_ERROR),"parameter encoding error"},
 {0,NULL}

diff --git a/deps/openssl/openssl/crypto/dsa/dsa_gen.c b/deps/openssl/openssl/crypto/dsa/dsa_gen.c
index cb0b453..c398761 100644 (file)
--- a/deps/openssl/openssl/crypto/dsa/dsa_gen.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_gen.c
@@ -81,13 +81,33 @@
 #include <openssl/sha.h>
 #include "dsa_locl.h"
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 int DSA_generate_parameters_ex(DSA *ret, int bits,
                const unsigned char *seed_in, int seed_len,
                int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
        {
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)
+                       && !(ret->flags & DSA_FLAG_NON_FIPS_ALLOW))
+               {
+               DSAerr(DSA_F_DSA_GENERATE_PARAMETERS_EX, DSA_R_NON_FIPS_DSA_METHOD);
+               return 0;
+               }
+#endif
        if(ret->meth->dsa_paramgen)
                return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
                                counter_ret, h_ret, cb);
+#ifdef OPENSSL_FIPS
+       else if (FIPS_mode())
+               {
+               return FIPS_dsa_generate_parameters_ex(ret, bits, 
+                                                       seed_in, seed_len,
+                                                       counter_ret, h_ret, cb);
+               }
+#endif
        else
                {
                const EVP_MD *evpmd;
@@ -105,12 +125,13 @@ int DSA_generate_parameters_ex(DSA *ret, int bits,
                        }
 
                return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
-                               seed_in, seed_len, counter_ret, h_ret, cb);
+                       seed_in, seed_len, NULL, counter_ret, h_ret, cb);
                }
        }
 
 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
        const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+       unsigned char *seed_out,
        int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
        {
        int ok=0;
@@ -201,8 +222,10 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
                                }
 
                        /* step 2 */
-                       EVP_Digest(seed, qsize, md,   NULL, evpmd, NULL);
-                       EVP_Digest(buf,  qsize, buf2, NULL, evpmd, NULL);
+                       if (!EVP_Digest(seed, qsize, md,   NULL, evpmd, NULL))
+                               goto err;
+                       if (!EVP_Digest(buf,  qsize, buf2, NULL, evpmd, NULL))
+                               goto err;
                        for (i = 0; i < qsize; i++)
                                md[i]^=buf2[i];
 
@@ -251,7 +274,9 @@ int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
                                                break;
                                        }
 
-                               EVP_Digest(buf, qsize, md ,NULL, evpmd, NULL);
+                               if (!EVP_Digest(buf, qsize, md ,NULL, evpmd,
+                                                                       NULL))
+                                       goto err;
 
                                /* step 8 */
                                if (!BN_bin2bn(md, qsize, r0))
@@ -332,6 +357,8 @@ err:
                        }
                if (counter_ret != NULL) *counter_ret=counter;
                if (h_ret != NULL) *h_ret=h;
+               if (seed_out)
+                       memcpy(seed_out, seed, qsize);
                }
        if(ctx)
                {

diff --git a/deps/openssl/openssl/crypto/dsa/dsa_key.c b/deps/openssl/openssl/crypto/dsa/dsa_key.c
index c4aa86b..9cf669b 100644 (file)
--- a/deps/openssl/openssl/crypto/dsa/dsa_key.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_key.c
@@ -64,12 +64,28 @@
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 static int dsa_builtin_keygen(DSA *dsa);
 
 int DSA_generate_key(DSA *dsa)
        {
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
+                       && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+               {
+               DSAerr(DSA_F_DSA_GENERATE_KEY, DSA_R_NON_FIPS_DSA_METHOD);
+               return 0;
+               }
+#endif
        if(dsa->meth->dsa_keygen)
                return dsa->meth->dsa_keygen(dsa);
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               return FIPS_dsa_generate_key(dsa);
+#endif
        return dsa_builtin_keygen(dsa);
        }
 

diff --git a/deps/openssl/openssl/crypto/dsa/dsa_lib.c b/deps/openssl/openssl/crypto/dsa/dsa_lib.c
index e9b7590..96d8d0c 100644 (file)
--- a/deps/openssl/openssl/crypto/dsa/dsa_lib.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_lib.c
@@ -70,6 +70,10 @@
 #include <openssl/dh.h>
 #endif
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
 
 static const DSA_METHOD *default_DSA_method = NULL;
@@ -82,7 +86,16 @@ void DSA_set_default_method(const DSA_METHOD *meth)
 const DSA_METHOD *DSA_get_default_method(void)
        {
        if(!default_DSA_method)
+               {
+#ifdef OPENSSL_FIPS
+               if (FIPS_mode())
+                       return FIPS_dsa_openssl();
+               else
+                       return DSA_OpenSSL();
+#else
                default_DSA_method = DSA_OpenSSL();
+#endif
+               }
        return default_DSA_method;
        }
 
@@ -163,7 +176,7 @@ DSA *DSA_new_method(ENGINE *engine)
        ret->method_mont_p=NULL;
 
        ret->references=1;
-       ret->flags=ret->meth->flags;
+       ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                {
@@ -276,7 +289,8 @@ void *DSA_get_ex_data(DSA *d, int idx)
 DH *DSA_dup_DH(const DSA *r)
        {
        /* DSA has p, q, g, optional pub_key, optional priv_key.
-        * DH has p, optional length, g, optional pub_key, optional priv_key.
+        * DH has p, optional length, g, optional pub_key, optional priv_key,
+        * optional q.
         */ 
 
        DH *ret = NULL;
@@ -290,7 +304,11 @@ DH *DSA_dup_DH(const DSA *r)
                if ((ret->p = BN_dup(r->p)) == NULL)
                        goto err;
        if (r->q != NULL)
+               {
                ret->length = BN_num_bits(r->q);
+               if ((ret->q = BN_dup(r->q)) == NULL)
+                       goto err;
+               }
        if (r->g != NULL)
                if ((ret->g = BN_dup(r->g)) == NULL)
                        goto err;

diff --git a/deps/openssl/openssl/crypto/dsa/dsa_locl.h b/deps/openssl/openssl/crypto/dsa/dsa_locl.h
index 2b8cfee..21e2e45 100644 (file)
--- a/deps/openssl/openssl/crypto/dsa/dsa_locl.h
+++ b/deps/openssl/openssl/crypto/dsa/dsa_locl.h
@@ -56,4 +56,5 @@
 
 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
        const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
+       unsigned char *seed_out,
        int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);

diff --git a/deps/openssl/openssl/crypto/dsa/dsa_ossl.c b/deps/openssl/openssl/crypto/dsa/dsa_ossl.c
index a3ddd7d..b3d78e5 100644 (file)
--- a/deps/openssl/openssl/crypto/dsa/dsa_ossl.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_ossl.c
@@ -136,6 +136,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        BN_CTX *ctx=NULL;
        int reason=ERR_R_BN_LIB;
        DSA_SIG *ret=NULL;
+       int noredo = 0;
 
        BN_init(&m);
        BN_init(&xr);
@@ -150,7 +151,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        if (s == NULL) goto err;
        ctx=BN_CTX_new();
        if (ctx == NULL) goto err;
-
+redo:
        if ((dsa->kinv == NULL) || (dsa->r == NULL))
                {
                if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
@@ -161,6 +162,7 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
                dsa->kinv=NULL;
                r=dsa->r;
                dsa->r=NULL;
+               noredo = 1;
                }
 
        
@@ -181,6 +183,18 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
 
        ret=DSA_SIG_new();
        if (ret == NULL) goto err;
+       /* Redo if r or s is zero as required by FIPS 186-3: this is
+        * very unlikely.
+        */
+       if (BN_is_zero(r) || BN_is_zero(s))
+               {
+               if (noredo)
+                       {
+                       reason = DSA_R_NEED_NEW_SETUP_VALUES;
+                       goto err;
+                       }
+               goto redo;
+               }
        ret->r = r;
        ret->s = s;
        

diff --git a/deps/openssl/openssl/crypto/dsa/dsa_pmeth.c b/deps/openssl/openssl/crypto/dsa/dsa_pmeth.c
index e2df54f..715d8d6 100644 (file)
--- a/deps/openssl/openssl/crypto/dsa/dsa_pmeth.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_pmeth.c
@@ -189,7 +189,9 @@ static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                    EVP_MD_type((const EVP_MD *)p2) != NID_dsa    &&
                    EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA    &&
                    EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
-                   EVP_MD_type((const EVP_MD *)p2) != NID_sha256)
+                   EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
+                   EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
+                   EVP_MD_type((const EVP_MD *)p2) != NID_sha512)
                        {
                        DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
                        return 0;
@@ -253,7 +255,7 @@ static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
        if (!dsa)
                return 0;
        ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
-                                  NULL, 0, NULL, NULL, pcb);
+                                  NULL, 0, NULL, NULL, NULL, pcb);
        if (ret)
                EVP_PKEY_assign_DSA(pkey, dsa);
        else

diff --git a/deps/openssl/openssl/crypto/dsa/dsa_sign.c b/deps/openssl/openssl/crypto/dsa/dsa_sign.c
index 17555e5..c3cc364 100644 (file)
--- a/deps/openssl/openssl/crypto/dsa/dsa_sign.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_sign.c
@@ -61,30 +61,54 @@
 #include "cryptlib.h"
 #include <openssl/dsa.h>
 #include <openssl/rand.h>
+#include <openssl/bn.h>
 
 DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
        {
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
+                       && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+               {
+               DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_NON_FIPS_DSA_METHOD);
+               return NULL;
+               }
+#endif
        return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
        }
 
-int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
-            unsigned int *siglen, DSA *dsa)
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
        {
-       DSA_SIG *s;
-       RAND_seed(dgst, dlen);
-       s=DSA_do_sign(dgst,dlen,dsa);
-       if (s == NULL)
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
+                       && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
                {
-               *siglen=0;
-               return(0);
+               DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_NON_FIPS_DSA_METHOD);
+               return 0;
                }
-       *siglen=i2d_DSA_SIG(s,&sig);
-       DSA_SIG_free(s);
-       return(1);
+#endif
+       return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
        }
 
-int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+DSA_SIG *DSA_SIG_new(void)
        {
-       return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+       DSA_SIG *sig;
+       sig = OPENSSL_malloc(sizeof(DSA_SIG));
+       if (!sig)
+               return NULL;
+       sig->r = NULL;
+       sig->s = NULL;
+       return sig;
+       }
+
+void DSA_SIG_free(DSA_SIG *sig)
+       {
+       if (sig)
+               {
+               if (sig->r)
+                       BN_free(sig->r);
+               if (sig->s)
+                       BN_free(sig->s);
+               OPENSSL_free(sig);
+               }
        }
 

diff --git a/deps/openssl/openssl/crypto/dsa/dsa_vrf.c b/deps/openssl/openssl/crypto/dsa/dsa_vrf.c
index 226a75f..674cb5f 100644 (file)
--- a/deps/openssl/openssl/crypto/dsa/dsa_vrf.c
+++ b/deps/openssl/openssl/crypto/dsa/dsa_vrf.c
@@ -64,26 +64,13 @@
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
                  DSA *dsa)
        {
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(dsa->meth->flags & DSA_FLAG_FIPS_METHOD)
+                       && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
+               {
+               DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_NON_FIPS_DSA_METHOD);
+               return -1;
+               }
+#endif
        return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
        }
-
-/* data has already been hashed (probably with SHA or SHA-1). */
-/* returns
- *      1: correct signature
- *      0: incorrect signature
- *     -1: error
- */
-int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
-            const unsigned char *sigbuf, int siglen, DSA *dsa)
-       {
-       DSA_SIG *s;
-       int ret=-1;
-
-       s = DSA_SIG_new();
-       if (s == NULL) return(ret);
-       if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
-       ret=DSA_do_verify(dgst,dgst_len,s,dsa);
-err:
-       DSA_SIG_free(s);
-       return(ret);
-       }

diff --git a/deps/openssl/openssl/crypto/dso/dso_dlfcn.c b/deps/openssl/openssl/crypto/dso/dso_dlfcn.c
index c2bc617..5f22548 100644 (file)
--- a/deps/openssl/openssl/crypto/dso/dso_dlfcn.c
+++ b/deps/openssl/openssl/crypto/dso/dso_dlfcn.c
@@ -86,7 +86,8 @@ DSO_METHOD *DSO_METHOD_dlfcn(void)
 # if defined(_AIX) || defined(__CYGWIN__) || \
      defined(__SCO_VERSION__) || defined(_SCO_ELF) || \
      (defined(__osf__) && !defined(RTLD_NEXT))     || \
-     (defined(__OpenBSD__) && !defined(RTLD_SELF))
+     (defined(__OpenBSD__) && !defined(RTLD_SELF)) || \
+       defined(__ANDROID__)
 #  undef HAVE_DLINFO
 # endif
 #endif

diff --git a/deps/openssl/openssl/crypto/ec/Makefile b/deps/openssl/openssl/crypto/ec/Makefile
index db380ed..f85fc84 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/Makefile
+++ b/deps/openssl/openssl/crypto/ec/Makefile
@@ -19,11 +19,15 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC=        ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c\
        ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c\
-       ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c
+       ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c \
+       ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c \
+       ecp_oct.c ec2_oct.c ec_oct.c
 
 LIBOBJ=        ec_lib.o ecp_smpl.o ecp_mont.o ecp_nist.o ec_cvt.o ec_mult.o\
        ec_err.o ec_curve.o ec_check.o ec_print.o ec_asn1.o ec_key.o\
-       ec2_smpl.o ec2_mult.o ec_ameth.o ec_pmeth.o eck_prn.o
+       ec2_smpl.o ec2_mult.o ec_ameth.o ec_pmeth.o eck_prn.o \
+       ecp_nistp224.o ecp_nistp256.o ecp_nistp521.o ecp_nistputil.o \
+       ecp_oct.o ec2_oct.o ec_oct.o
 
 SRC= $(LIBSRC)
 
@@ -87,6 +91,14 @@ ec2_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
 ec2_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ec2_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 ec2_mult.o: ../../include/openssl/symhacks.h ec2_mult.c ec_lcl.h
+ec2_oct.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec2_oct.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec2_oct.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec2_oct.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec2_oct.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec2_oct.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec2_oct.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec2_oct.o: ../../include/openssl/symhacks.h ec2_oct.c ec_lcl.h
 ec2_smpl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ec2_smpl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
 ec2_smpl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -174,6 +186,14 @@ ec_mult.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
 ec_mult.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ec_mult.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 ec_mult.o: ../../include/openssl/symhacks.h ec_lcl.h ec_mult.c
+ec_oct.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ec_oct.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ec_oct.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ec_oct.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ec_oct.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ec_oct.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ec_oct.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ec_oct.o: ../../include/openssl/symhacks.h ec_lcl.h ec_oct.c
 ec_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
 ec_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 ec_pmeth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -221,6 +241,18 @@ ecp_nist.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
 ecp_nist.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 ecp_nist.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 ecp_nist.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_nist.c
+ecp_nistp224.o: ../../include/openssl/opensslconf.h ecp_nistp224.c
+ecp_nistp256.o: ../../include/openssl/opensslconf.h ecp_nistp256.c
+ecp_nistp521.o: ../../include/openssl/opensslconf.h ecp_nistp521.c
+ecp_nistputil.o: ../../include/openssl/opensslconf.h ecp_nistputil.c
+ecp_oct.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ecp_oct.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+ecp_oct.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+ecp_oct.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+ecp_oct.o: ../../include/openssl/obj_mac.h ../../include/openssl/opensslconf.h
+ecp_oct.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ecp_oct.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ecp_oct.o: ../../include/openssl/symhacks.h ec_lcl.h ecp_oct.c
 ecp_smpl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ecp_smpl.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
 ecp_smpl.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

diff --git a/deps/openssl/openssl/crypto/ec/ec.h b/deps/openssl/openssl/crypto/ec/ec.h
index ee70781..dfe8710 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/ec.h
+++ b/deps/openssl/openssl/crypto/ec/ec.h
@@ -151,7 +151,24 @@ const EC_METHOD *EC_GFp_mont_method(void);
  */
 const EC_METHOD *EC_GFp_nist_method(void);
 
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+/** Returns 64-bit optimized methods for nistp224
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistp224_method(void);
+
+/** Returns 64-bit optimized methods for nistp256
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistp256_method(void);
+
+/** Returns 64-bit optimized methods for nistp521
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistp521_method(void);
+#endif
 
+#ifndef OPENSSL_NO_EC2M
 /********************************************************************/ 
 /*           EC_METHOD for curves over GF(2^m)                      */
 /********************************************************************/
@@ -161,6 +178,8 @@ const EC_METHOD *EC_GFp_nist_method(void);
  */
 const EC_METHOD *EC_GF2m_simple_method(void);
 
+#endif
+
 
 /********************************************************************/
 /*                   EC_GROUP functions                             */
@@ -255,10 +274,10 @@ int EC_GROUP_get_curve_name(const EC_GROUP *group);
 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
 int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
 
-void EC_GROUP_set_point_conversion_form(EC_GROUP *, point_conversion_form_t);
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group, point_conversion_form_t form);
 point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
 
-unsigned char *EC_GROUP_get0_seed(const EC_GROUP *);
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
 size_t EC_GROUP_get_seed_len(const EC_GROUP *);
 size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
 
@@ -282,6 +301,7 @@ int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, co
  */
 int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
 
+#ifndef OPENSSL_NO_EC2M
 /** Sets the parameter of a ec over GF2m defined by y^2 + x*y = x^3 + a*x^2 + b
  *  \param  group  EC_GROUP object
  *  \param  p      BIGNUM with the polynomial defining the underlying field
@@ -301,7 +321,7 @@ int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, c
  *  \return 1 on success and 0 if an error occured
  */
 int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
-
+#endif
 /** Returns the number of bits needed to represent a field element 
  *  \param  group  EC_GROUP object
  *  \return number of bits needed to represent a field element
@@ -342,7 +362,7 @@ int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
  *  \return newly created EC_GROUP object with the specified parameters
  */
 EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-
+#ifndef OPENSSL_NO_EC2M
 /** Creates a new EC_GROUP object with the specified parameters defined
  *  over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b)
  *  \param  p    BIGNUM with the polynomial defining the underlying field
@@ -352,7 +372,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM
  *  \return newly created EC_GROUP object with the specified parameters
  */
 EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
-
+#endif
 /** Creates a EC_GROUP object with a curve specified by a NID
  *  \param  nid  NID of the OID of the curve name
  *  \return newly created EC_GROUP object with specified curve or NULL
@@ -481,7 +501,7 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
  */
 int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
        const BIGNUM *x, int y_bit, BN_CTX *ctx);
-
+#ifndef OPENSSL_NO_EC2M
 /** Sets the affine coordinates of a EC_POINT over GF2m
  *  \param  group  underlying EC_GROUP object
  *  \param  p      EC_POINT object
@@ -514,7 +534,7 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
  */
 int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
        const BIGNUM *x, int y_bit, BN_CTX *ctx);
-
+#endif
 /** Encodes a EC_POINT object to a octet string
  *  \param  group  underlying EC_GROUP object
  *  \param  p      EC_POINT object
@@ -606,8 +626,8 @@ int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *c
  */
 int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
 
-int EC_POINT_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
-int EC_POINTs_make_affine(const EC_GROUP *, size_t num, EC_POINT *[], BN_CTX *);
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx);
 
 /** Computes r = generator * n sum_{i=0}^num p[i] * m[i]
  *  \param  group  underlying EC_GROUP object
@@ -653,9 +673,11 @@ int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
 /* EC_GROUP_get_basis_type() returns the NID of the basis type
  * used to represent the field elements */
 int EC_GROUP_get_basis_type(const EC_GROUP *);
+#ifndef OPENSSL_NO_EC2M
 int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
 int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1, 
        unsigned int *k2, unsigned int *k3);
+#endif
 
 #define OPENSSL_EC_NAMED_CURVE 0x001
 
@@ -689,11 +711,21 @@ typedef struct ec_key_st EC_KEY;
 #define EC_PKEY_NO_PARAMETERS  0x001
 #define EC_PKEY_NO_PUBKEY      0x002
 
+/* some values for the flags field */
+#define EC_FLAG_NON_FIPS_ALLOW 0x1
+#define EC_FLAG_FIPS_CHECKED   0x2
+
 /** Creates a new EC_KEY object.
  *  \return EC_KEY object or NULL if an error occurred.
  */
 EC_KEY *EC_KEY_new(void);
 
+int EC_KEY_get_flags(const EC_KEY *key);
+
+void EC_KEY_set_flags(EC_KEY *key, int flags);
+
+void EC_KEY_clear_flags(EC_KEY *key, int flags);
+
 /** Creates a new EC_KEY object using a named curve as underlying
  *  EC_GROUP object.
  *  \param  nid  NID of the named curve.
@@ -768,16 +800,24 @@ const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
 int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
 
 unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
-void EC_KEY_set_enc_flags(EC_KEY *, unsigned int);
-point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *);
-void EC_KEY_set_conv_form(EC_KEY *, point_conversion_form_t);
+void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
 /* functions to set/get method specific data  */
-void *EC_KEY_get_key_method_data(EC_KEY *, 
+void *EC_KEY_get_key_method_data(EC_KEY *key, 
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
-void EC_KEY_insert_key_method_data(EC_KEY *, void *data,
+/** Sets the key method data of an EC_KEY object, if none has yet been set.
+ *  \param  key              EC_KEY object
+ *  \param  data             opaque data to install.
+ *  \param  dup_func         a function that duplicates |data|.
+ *  \param  free_func        a function that frees |data|.
+ *  \param  clear_free_func  a function that wipes and frees |data|.
+ *  \return the previously set data pointer, or NULL if |data| was inserted.
+ */
+void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *));
 /* wrapper functions for the underlying EC_GROUP object */
-void EC_KEY_set_asn1_flag(EC_KEY *, int);
+void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
 
 /** Creates a table of pre-computed multiples of the generator to 
  *  accelerate further EC_KEY operations.
@@ -799,6 +839,15 @@ int EC_KEY_generate_key(EC_KEY *key);
  */
 int EC_KEY_check_key(const EC_KEY *key);
 
+/** Sets a public key from affine coordindates performing
+ *  neccessary NIST PKV tests.
+ *  \param  key  the EC_KEY object
+ *  \param  x    public key x coordinate
+ *  \param  y    public key y coordinate
+ *  \return 1 on success and 0 otherwise.
+ */
+int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y);
+
 
 /********************************************************************/
 /*        de- and encoding functions for SEC1 ECPrivateKey          */
@@ -926,6 +975,7 @@ void ERR_load_EC_strings(void);
 /* Error codes for the EC functions. */
 
 /* Function codes. */
+#define EC_F_BN_TO_FELEM                                224
 #define EC_F_COMPUTE_WNAF                               143
 #define EC_F_D2I_ECPARAMETERS                           144
 #define EC_F_D2I_ECPKPARAMETERS                                 145
@@ -968,6 +1018,15 @@ void ERR_load_EC_strings(void);
 #define EC_F_EC_GFP_MONT_FIELD_SQR                      132
 #define EC_F_EC_GFP_MONT_GROUP_SET_CURVE                189
 #define EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP            135
+#define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE            225
+#define EC_F_EC_GFP_NISTP224_POINTS_MUL                         228
+#define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226
+#define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE            230
+#define EC_F_EC_GFP_NISTP256_POINTS_MUL                         231
+#define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232
+#define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE            233
+#define EC_F_EC_GFP_NISTP521_POINTS_MUL                         234
+#define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235
 #define EC_F_EC_GFP_NIST_FIELD_MUL                      200
 #define EC_F_EC_GFP_NIST_FIELD_SQR                      201
 #define EC_F_EC_GFP_NIST_GROUP_SET_CURVE                202
@@ -1010,6 +1069,7 @@ void ERR_load_EC_strings(void);
 #define EC_F_EC_KEY_NEW                                         182
 #define EC_F_EC_KEY_PRINT                               180
 #define EC_F_EC_KEY_PRINT_FP                            181
+#define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES   229
 #define EC_F_EC_POINTS_MAKE_AFFINE                      136
 #define EC_F_EC_POINT_ADD                               112
 #define EC_F_EC_POINT_CMP                               113
@@ -1040,6 +1100,9 @@ void ERR_load_EC_strings(void);
 #define EC_F_I2D_ECPKPARAMETERS                                 191
 #define EC_F_I2D_ECPRIVATEKEY                           192
 #define EC_F_I2O_ECPUBLICKEY                            151
+#define EC_F_NISTP224_PRE_COMP_NEW                      227
+#define EC_F_NISTP256_PRE_COMP_NEW                      236
+#define EC_F_NISTP521_PRE_COMP_NEW                      237
 #define EC_F_O2I_ECPUBLICKEY                            152
 #define EC_F_OLD_EC_PRIV_DECODE                                 222
 #define EC_F_PKEY_EC_CTRL                               197
@@ -1052,12 +1115,15 @@ void ERR_load_EC_strings(void);
 /* Reason codes. */
 #define EC_R_ASN1_ERROR                                         115
 #define EC_R_ASN1_UNKNOWN_FIELD                                 116
+#define EC_R_BIGNUM_OUT_OF_RANGE                        144
 #define EC_R_BUFFER_TOO_SMALL                           100
+#define EC_R_COORDINATES_OUT_OF_RANGE                   146
 #define EC_R_D2I_ECPKPARAMETERS_FAILURE                         117
 #define EC_R_DECODE_ERROR                               142
 #define EC_R_DISCRIMINANT_IS_ZERO                       118
 #define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE               119
 #define EC_R_FIELD_TOO_LARGE                            143
+#define EC_R_GF2M_NOT_SUPPORTED                                 147
 #define EC_R_GROUP2PKPARAMETERS_FAILURE                         120
 #define EC_R_I2D_ECPKPARAMETERS_FAILURE                         121
 #define EC_R_INCOMPATIBLE_OBJECTS                       101
@@ -1092,6 +1158,7 @@ void ERR_load_EC_strings(void);
 #define EC_R_UNKNOWN_GROUP                              129
 #define EC_R_UNKNOWN_ORDER                              114
 #define EC_R_UNSUPPORTED_FIELD                          131
+#define EC_R_WRONG_CURVE_PARAMETERS                     145
 #define EC_R_WRONG_ORDER                                130
 
 #ifdef  __cplusplus

diff --git a/deps/openssl/openssl/crypto/ec/ec2_mult.c b/deps/openssl/openssl/crypto/ec/ec2_mult.c
index e12b9b2..26f4a78 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/ec2_mult.c
+++ b/deps/openssl/openssl/crypto/ec/ec2_mult.c
@@ -71,6 +71,8 @@
 
 #include "ec_lcl.h"
 
+#ifndef OPENSSL_NO_EC2M
+
 
 /* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective 
  * coordinates.
@@ -384,3 +386,5 @@ int ec_GF2m_have_precompute_mult(const EC_GROUP *group)
        {
        return ec_wNAF_have_precompute_mult(group);
        }
+
+#endif

diff --git a/deps/openssl/openssl/crypto/ec/ec2_smpl.c b/deps/openssl/openssl/crypto/ec/ec2_smpl.c
index 03deae6..e0e59c7 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/ec2_smpl.c
+++ b/deps/openssl/openssl/crypto/ec/ec2_smpl.c
@@ -71,10 +71,20 @@
 
 #include "ec_lcl.h"
 
+#ifndef OPENSSL_NO_EC2M
+
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 
 const EC_METHOD *EC_GF2m_simple_method(void)
        {
+#ifdef OPENSSL_FIPS
+       return fips_ec_gf2m_simple_method();
+#else
        static const EC_METHOD ret = {
+               EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_characteristic_two_field,
                ec_GF2m_simple_group_init,
                ec_GF2m_simple_group_finish,
@@ -93,9 +103,7 @@ const EC_METHOD *EC_GF2m_simple_method(void)
                0 /* get_Jprojective_coordinates_GFp */,
                ec_GF2m_simple_point_set_affine_coordinates,
                ec_GF2m_simple_point_get_affine_coordinates,
-               ec_GF2m_simple_set_compressed_coordinates,
-               ec_GF2m_simple_point2oct,
-               ec_GF2m_simple_oct2point,
+               0,0,0,
                ec_GF2m_simple_add,
                ec_GF2m_simple_dbl,
                ec_GF2m_simple_invert,
@@ -118,6 +126,7 @@ const EC_METHOD *EC_GF2m_simple_method(void)
                0 /* field_set_to_one */ };
 
        return &ret;
+#endif
        }
 
 
@@ -405,340 +414,6 @@ int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_
        return ret;
        }
 
-
-/* Calculates and sets the affine coordinates of an EC_POINT from the given
- * compressed coordinates.  Uses algorithm 2.3.4 of SEC 1. 
- * Note that the simple implementation only uses affine coordinates.
- *
- * The method is from the following publication:
- * 
- *     Harper, Menezes, Vanstone:
- *     "Public-Key Cryptosystems with Very Small Key Lengths",
- *     EUROCRYPT '92, Springer-Verlag LNCS 658,
- *     published February 1993
- *
- * US Patents 6,141,420 and 6,618,483 (Vanstone, Mullin, Agnew) describe
- * the same method, but claim no priority date earlier than July 29, 1994
- * (and additionally fail to cite the EUROCRYPT '92 publication as prior art).
- */
-int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
-       const BIGNUM *x_, int y_bit, BN_CTX *ctx)
-       {
-       BN_CTX *new_ctx = NULL;
-       BIGNUM *tmp, *x, *y, *z;
-       int ret = 0, z0;
-
-       /* clear error queue */
-       ERR_clear_error();
-
-       if (ctx == NULL)
-               {
-               ctx = new_ctx = BN_CTX_new();
-               if (ctx == NULL)
-                       return 0;
-               }
-
-       y_bit = (y_bit != 0) ? 1 : 0;
-
-       BN_CTX_start(ctx);
-       tmp = BN_CTX_get(ctx);
-       x = BN_CTX_get(ctx);
-       y = BN_CTX_get(ctx);
-       z = BN_CTX_get(ctx);
-       if (z == NULL) goto err;
-
-       if (!BN_GF2m_mod_arr(x, x_, group->poly)) goto err;
-       if (BN_is_zero(x))
-               {
-               if (!BN_GF2m_mod_sqrt_arr(y, &group->b, group->poly, ctx)) goto err;
-               }
-       else
-               {
-               if (!group->meth->field_sqr(group, tmp, x, ctx)) goto err;
-               if (!group->meth->field_div(group, tmp, &group->b, tmp, ctx)) goto err;
-               if (!BN_GF2m_add(tmp, &group->a, tmp)) goto err;
-               if (!BN_GF2m_add(tmp, x, tmp)) goto err;
-               if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx))
-                       {
-                       unsigned long err = ERR_peek_last_error();
-                       
-                       if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NO_SOLUTION)
-                               {
-                               ERR_clear_error();
-                               ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
-                               }
-                       else
-                               ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);
-                       goto err;
-                       }
-               z0 = (BN_is_odd(z)) ? 1 : 0;
-               if (!group->meth->field_mul(group, y, x, z, ctx)) goto err;
-               if (z0 != y_bit)
-                       {
-                       if (!BN_GF2m_add(y, y, x)) goto err;
-                       }
-               }
-
-       if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
-
-       ret = 1;
-
- err:
-       BN_CTX_end(ctx);
-       if (new_ctx != NULL)
-               BN_CTX_free(new_ctx);
-       return ret;
-       }
-
-
-/* Converts an EC_POINT to an octet string.  
- * If buf is NULL, the encoded length will be returned.
- * If the length len of buf is smaller than required an error will be returned.
- */
-size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
-       unsigned char *buf, size_t len, BN_CTX *ctx)
-       {
-       size_t ret;
-       BN_CTX *new_ctx = NULL;
-       int used_ctx = 0;
-       BIGNUM *x, *y, *yxi;
-       size_t field_len, i, skip;
-
-       if ((form != POINT_CONVERSION_COMPRESSED)
-               && (form != POINT_CONVERSION_UNCOMPRESSED)
-               && (form != POINT_CONVERSION_HYBRID))
-               {
-               ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
-               goto err;
-               }
-
-       if (EC_POINT_is_at_infinity(group, point))
-               {
-               /* encodes to a single 0 octet */
-               if (buf != NULL)
-                       {
-                       if (len < 1)
-                               {
-                               ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
-                               return 0;
-                               }
-                       buf[0] = 0;
-                       }
-               return 1;
-               }
-
-
-       /* ret := required output buffer length */
-       field_len = (EC_GROUP_get_degree(group) + 7) / 8;
-       ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
-       /* if 'buf' is NULL, just return required length */
-       if (buf != NULL)
-               {
-               if (len < ret)
-                       {
-                       ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
-                       goto err;
-                       }
-
-               if (ctx == NULL)
-                       {
-                       ctx = new_ctx = BN_CTX_new();
-                       if (ctx == NULL)
-                               return 0;
-                       }
-
-               BN_CTX_start(ctx);
-               used_ctx = 1;
-               x = BN_CTX_get(ctx);
-               y = BN_CTX_get(ctx);
-               yxi = BN_CTX_get(ctx);
-               if (yxi == NULL) goto err;
-
-               if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
-
-               buf[0] = form;
-               if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x))
-                       {
-                       if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err;
-                       if (BN_is_odd(yxi)) buf[0]++;
-                       }
-
-               i = 1;
-               
-               skip = field_len - BN_num_bytes(x);
-               if (skip > field_len)
-                       {
-                       ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-                       goto err;
-                       }
-               while (skip > 0)
-                       {
-                       buf[i++] = 0;
-                       skip--;
-                       }
-               skip = BN_bn2bin(x, buf + i);
-               i += skip;
-               if (i != 1 + field_len)
-                       {
-                       ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-                       goto err;
-                       }
-
-               if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)
-                       {
-                       skip = field_len - BN_num_bytes(y);
-                       if (skip > field_len)
-                               {
-                               ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-                               goto err;
-                               }
-                       while (skip > 0)
-                               {
-                               buf[i++] = 0;
-                               skip--;
-                               }
-                       skip = BN_bn2bin(y, buf + i);
-                       i += skip;
-                       }
-
-               if (i != ret)
-                       {
-                       ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-                       goto err;
-                       }
-               }
-       
-       if (used_ctx)
-               BN_CTX_end(ctx);
-       if (new_ctx != NULL)
-               BN_CTX_free(new_ctx);
-       return ret;
-
- err:
-       if (used_ctx)
-               BN_CTX_end(ctx);
-       if (new_ctx != NULL)
-               BN_CTX_free(new_ctx);
-       return 0;
-       }
-
-
-/* Converts an octet string representation to an EC_POINT. 
- * Note that the simple implementation only uses affine coordinates.
- */
-int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
-       const unsigned char *buf, size_t len, BN_CTX *ctx)
-       {
-       point_conversion_form_t form;
-       int y_bit;
-       BN_CTX *new_ctx = NULL;
-       BIGNUM *x, *y, *yxi;
-       size_t field_len, enc_len;
-       int ret = 0;
-
-       if (len == 0)
-               {
-               ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
-               return 0;
-               }
-       form = buf[0];
-       y_bit = form & 1;
-       form = form & ~1U;
-       if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
-               && (form != POINT_CONVERSION_UNCOMPRESSED)
-               && (form != POINT_CONVERSION_HYBRID))
-               {
-               ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-               return 0;
-               }
-       if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit)
-               {
-               ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-               return 0;
-               }
-
-       if (form == 0)
-               {
-               if (len != 1)
-                       {
-                       ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-                       return 0;
-                       }
-
-               return EC_POINT_set_to_infinity(group, point);
-               }
-       
-       field_len = (EC_GROUP_get_degree(group) + 7) / 8;
-       enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
-       if (len != enc_len)
-               {
-               ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-               return 0;
-               }
-
-       if (ctx == NULL)
-               {
-               ctx = new_ctx = BN_CTX_new();
-               if (ctx == NULL)
-                       return 0;
-               }
-
-       BN_CTX_start(ctx);
-       x = BN_CTX_get(ctx);
-       y = BN_CTX_get(ctx);
-       yxi = BN_CTX_get(ctx);
-       if (yxi == NULL) goto err;
-
-       if (!BN_bin2bn(buf + 1, field_len, x)) goto err;
-       if (BN_ucmp(x, &group->field) >= 0)
-               {
-               ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-               goto err;
-               }
-
-       if (form == POINT_CONVERSION_COMPRESSED)
-               {
-               if (!EC_POINT_set_compressed_coordinates_GF2m(group, point, x, y_bit, ctx)) goto err;
-               }
-       else
-               {
-               if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err;
-               if (BN_ucmp(y, &group->field) >= 0)
-                       {
-                       ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-                       goto err;
-                       }
-               if (form == POINT_CONVERSION_HYBRID)
-                       {
-                       if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err;
-                       if (y_bit != BN_is_odd(yxi))
-                               {
-                               ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-                               goto err;
-                               }
-                       }
-
-               if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
-               }
-       
-       if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
-               {
-               ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
-               goto err;
-               }
-
-       ret = 1;
-       
- err:
-       BN_CTX_end(ctx);
-       if (new_ctx != NULL)
-               BN_CTX_free(new_ctx);
-       return ret;
-       }
-
-
 /* Computes a + b and stores the result in r.  r could be a or b, a could be b.
  * Uses algorithm A.10.2 of IEEE P1363.
  */
@@ -1040,3 +715,5 @@ int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
        {
        return BN_GF2m_mod_div(r, a, b, &group->field, ctx);
        }
+
+#endif

diff --git a/deps/openssl/openssl/crypto/ec/ec_ameth.c b/deps/openssl/openssl/crypto/ec/ec_ameth.c
index c00f7d7..83909c1 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/ec_ameth.c
+++ b/deps/openssl/openssl/crypto/ec/ec_ameth.c
@@ -651,6 +651,7 @@ const EVP_PKEY_ASN1_METHOD eckey_asn1_meth =
        ec_copy_parameters,
        ec_cmp_parameters,
        eckey_param_print,
+       0,
 
        int_ec_free,
        ec_pkey_ctrl,

diff --git a/deps/openssl/openssl/crypto/ec/ec_asn1.c b/deps/openssl/openssl/crypto/ec/ec_asn1.c
index ae55539..175eec5 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/ec_asn1.c
+++ b/deps/openssl/openssl/crypto/ec/ec_asn1.c
@@ -83,7 +83,7 @@ int EC_GROUP_get_basis_type(const EC_GROUP *group)
                /* everything else is currently not supported */
                return 0;
        }
-
+#ifndef OPENSSL_NO_EC2M
 int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
        {
        if (group == NULL)
@@ -101,7 +101,6 @@ int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
 
        return 1;
        }
-
 int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
        unsigned int *k2, unsigned int *k3)
        {
@@ -124,7 +123,7 @@ int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
 
        return 1;
        }
-
+#endif
 
 
 /* some structures needed for the asn1 encoding */
@@ -340,6 +339,12 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
                        }
                }
        else    /* nid == NID_X9_62_characteristic_two_field */
+#ifdef OPENSSL_NO_EC2M
+               {
+               ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED);
+               goto err;
+               }
+#else
                {
                int             field_type;
                X9_62_CHARACTERISTIC_TWO *char_two;
@@ -419,6 +424,7 @@ static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
                                }
                        }
                }
+#endif
 
        ok = 1;
 
@@ -456,6 +462,7 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
                        goto err;
                        }
                }
+#ifndef OPENSSL_NO_EC2M
        else    /* nid == NID_X9_62_characteristic_two_field */
                {
                if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL))
@@ -464,7 +471,7 @@ static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
                        goto err;
                        }
                }
-
+#endif
        len_1 = (size_t)BN_num_bytes(tmp_1);
        len_2 = (size_t)BN_num_bytes(tmp_2);
 
@@ -775,8 +782,13 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
 
        /* get the field parameters */
        tmp = OBJ_obj2nid(params->fieldID->fieldType);
-
        if (tmp == NID_X9_62_characteristic_two_field)
+#ifdef OPENSSL_NO_EC2M
+               {
+               ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_GF2M_NOT_SUPPORTED);
+               goto err;
+               }
+#else
                {
                X9_62_CHARACTERISTIC_TWO *char_two;
 
@@ -862,6 +874,7 @@ static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
                /* create the EC_GROUP structure */
                ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
                }
+#endif
        else if (tmp == NID_X9_62_prime_field)
                {
                /* we have a curve over a prime field */
@@ -1065,6 +1078,7 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
        if ((group = ec_asn1_pkparameters2group(params)) == NULL)
                {
                ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
+               ECPKPARAMETERS_free(params);
                return NULL; 
                }
 

diff --git a/deps/openssl/openssl/crypto/ec/ec_curve.c b/deps/openssl/openssl/crypto/ec/ec_curve.c
index 23274e4..c72fb26 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/ec_curve.c
+++ b/deps/openssl/openssl/crypto/ec/ec_curve.c
@@ -3,7 +3,7 @@
  * Written by Nils Larsch for the OpenSSL project.
  */
 /* ====================================================================
- * Copyright (c) 1998-2004 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2010 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -72,6 +72,7 @@
 #include "ec_lcl.h"
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
+#include <openssl/opensslconf.h>
 
 typedef struct {
        int     field_type,     /* either NID_X9_62_prime_field or
@@ -703,6 +704,8 @@ static const struct { EC_CURVE_DATA h; unsigned char data[0+28*6]; }
          0x13,0xDD,0x29,0x45,0x5C,0x5C,0x2A,0x3D }
        };
 
+#ifndef OPENSSL_NO_EC2M
+
 /* characteristic two curves */
 static const struct { EC_CURVE_DATA h; unsigned char data[20+15*6]; }
        _EC_SECG_CHAR2_113R1 = {
@@ -1300,7 +1303,7 @@ static const struct { EC_CURVE_DATA h; unsigned char data[20+21*6]; }
        { 0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76,    /* seed */
          0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD,
 
-         0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
+         0x08,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,    /* p */
          0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
          0x07,
          0x01,0x08,0xB3,0x9E,0x77,0xC4,0xB1,0x08,0xBE,0xD9,    /* a */
@@ -1817,103 +1820,128 @@ static const struct { EC_CURVE_DATA h; unsigned char data[0+24*6]; }
          0xBA,0xFC,0xA7,0x5E }
        };
 
+#endif
+
 typedef struct _ec_list_element_st {
        int     nid;
        const EC_CURVE_DATA *data;
+       const EC_METHOD *(*meth)(void);
        const char *comment;
        } ec_list_element;
 
 static const ec_list_element curve_list[] = {
-       /* prime field curves */        
+       /* prime field curves */
        /* secg curves */
-       { NID_secp112r1, &_EC_SECG_PRIME_112R1.h, "SECG/WTLS curve over a 112 bit prime field"},
-       { NID_secp112r2, &_EC_SECG_PRIME_112R2.h, "SECG curve over a 112 bit prime field"},
-       { NID_secp128r1, &_EC_SECG_PRIME_128R1.h, "SECG curve over a 128 bit prime field"},
-       { NID_secp128r2, &_EC_SECG_PRIME_128R2.h, "SECG curve over a 128 bit prime field"},
-       { NID_secp160k1, &_EC_SECG_PRIME_160K1.h, "SECG curve over a 160 bit prime field"},
-       { NID_secp160r1, &_EC_SECG_PRIME_160R1.h, "SECG curve over a 160 bit prime field"},
-       { NID_secp160r2, &_EC_SECG_PRIME_160R2.h, "SECG/WTLS curve over a 160 bit prime field"},
+       { NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0, "SECG/WTLS curve over a 112 bit prime field" },
+       { NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0, "SECG curve over a 112 bit prime field" },
+       { NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0, "SECG curve over a 128 bit prime field" },
+       { NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0, "SECG curve over a 128 bit prime field" },
+       { NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0, "SECG curve over a 160 bit prime field" },
+       { NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0, "SECG curve over a 160 bit prime field" },
+       { NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0, "SECG/WTLS curve over a 160 bit prime field" },
        /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
-       { NID_secp192k1, &_EC_SECG_PRIME_192K1.h, "SECG curve over a 192 bit prime field"},
-       { NID_secp224k1, &_EC_SECG_PRIME_224K1.h, "SECG curve over a 224 bit prime field"},
-       { NID_secp224r1, &_EC_NIST_PRIME_224.h,   "NIST/SECG curve over a 224 bit prime field"},
-       { NID_secp256k1, &_EC_SECG_PRIME_256K1.h, "SECG curve over a 256 bit prime field"},
+       { NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0, "SECG curve over a 192 bit prime field" },
+       { NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0, "SECG curve over a 224 bit prime field" },
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+       { NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method, "NIST/SECG curve over a 224 bit prime field" },
+#else
+       { NID_secp224r1, &_EC_NIST_PRIME_224.h, 0, "NIST/SECG curve over a 224 bit prime field" },
+#endif
+       { NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0, "SECG curve over a 256 bit prime field" },
        /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
-       { NID_secp384r1, &_EC_NIST_PRIME_384.h, "NIST/SECG curve over a 384 bit prime field"},
-       { NID_secp521r1, &_EC_NIST_PRIME_521.h, "NIST/SECG curve over a 521 bit prime field"},
+       { NID_secp384r1, &_EC_NIST_PRIME_384.h, 0, "NIST/SECG curve over a 384 bit prime field" },
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+       { NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method, "NIST/SECG curve over a 521 bit prime field" },
+#else
+       { NID_secp521r1, &_EC_NIST_PRIME_521.h, 0, "NIST/SECG curve over a 521 bit prime field" },
+#endif
        /* X9.62 curves */
-       { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, "NIST/X9.62/SECG curve over a 192 bit prime field"},
-       { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, "X9.62 curve over a 192 bit prime field"},
-       { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, "X9.62 curve over a 192 bit prime field"},
-       { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, "X9.62 curve over a 239 bit prime field"},
-       { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, "X9.62 curve over a 239 bit prime field"},
-       { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, "X9.62 curve over a 239 bit prime field"},
-       { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, "X9.62/SECG curve over a 256 bit prime field"},
+       { NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0, "NIST/X9.62/SECG curve over a 192 bit prime field" },
+       { NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0, "X9.62 curve over a 192 bit prime field" },
+       { NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0, "X9.62 curve over a 192 bit prime field" },
+       { NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0, "X9.62 curve over a 239 bit prime field" },
+       { NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0, "X9.62 curve over a 239 bit prime field" },
+       { NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0, "X9.62 curve over a 239 bit prime field" },
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+       { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, EC_GFp_nistp256_method, "X9.62/SECG curve over a 256 bit prime field" },
+#else
+       { NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h, 0, "X9.62/SECG curve over a 256 bit prime field" },
+#endif
+#ifndef OPENSSL_NO_EC2M
        /* characteristic two field curves */
        /* NIST/SECG curves */
-       { NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, "SECG curve over a 113 bit binary field"},
-       { NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, "SECG curve over a 113 bit binary field"},
-       { NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, "SECG/WTLS curve over a 131 bit binary field"},
-       { NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, "SECG curve over a 131 bit binary field"},
-       { NID_sect163k1, &_EC_NIST_CHAR2_163K.h,  "NIST/SECG/WTLS curve over a 163 bit binary field" },
-       { NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, "SECG curve over a 163 bit binary field"},
-       { NID_sect163r2, &_EC_NIST_CHAR2_163B.h,  "NIST/SECG curve over a 163 bit binary field" },
-       { NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, "SECG curve over a 193 bit binary field"},
-       { NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, "SECG curve over a 193 bit binary field"},
-       { NID_sect233k1, &_EC_NIST_CHAR2_233K.h,  "NIST/SECG/WTLS curve over a 233 bit binary field" },
-       { NID_sect233r1, &_EC_NIST_CHAR2_233B.h,  "NIST/SECG/WTLS curve over a 233 bit binary field" },
-       { NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, "SECG curve over a 239 bit binary field"},
-       { NID_sect283k1, &_EC_NIST_CHAR2_283K.h,  "NIST/SECG curve over a 283 bit binary field" },
-       { NID_sect283r1, &_EC_NIST_CHAR2_283B.h,  "NIST/SECG curve over a 283 bit binary field" },
-       { NID_sect409k1, &_EC_NIST_CHAR2_409K.h,  "NIST/SECG curve over a 409 bit binary field" },
-       { NID_sect409r1, &_EC_NIST_CHAR2_409B.h,  "NIST/SECG curve over a 409 bit binary field" },
-       { NID_sect571k1, &_EC_NIST_CHAR2_571K.h,  "NIST/SECG curve over a 571 bit binary field" },
-       { NID_sect571r1, &_EC_NIST_CHAR2_571B.h,  "NIST/SECG curve over a 571 bit binary field" },
+       { NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, 0, "SECG curve over a 113 bit binary field" },
+       { NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, 0, "SECG curve over a 113 bit binary field" },
+       { NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, 0, "SECG/WTLS curve over a 131 bit binary field" },
+       { NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, 0, "SECG curve over a 131 bit binary field" },
+       { NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0, "NIST/SECG/WTLS curve over a 163 bit binary field" },
+       { NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, 0, "SECG curve over a 163 bit binary field" },
+       { NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0, "NIST/SECG curve over a 163 bit binary field" },
+       { NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, 0, "SECG curve over a 193 bit binary field" },
+       { NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, 0, "SECG curve over a 193 bit binary field" },
+       { NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field" },
+       { NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field" },
+       { NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, 0, "SECG curve over a 239 bit binary field" },
+       { NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0, "NIST/SECG curve over a 283 bit binary field" },
+       { NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0, "NIST/SECG curve over a 283 bit binary field" },
+       { NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0, "NIST/SECG curve over a 409 bit binary field" },
+       { NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0, "NIST/SECG curve over a 409 bit binary field" },
+       { NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0, "NIST/SECG curve over a 571 bit binary field" },
+       { NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0, "NIST/SECG curve over a 571 bit binary field" },
        /* X9.62 curves */
-       { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, "X9.62 curve over a 163 bit binary field"},
-       { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, "X9.62 curve over a 163 bit binary field"},
-       { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, "X9.62 curve over a 163 bit binary field"},
-       { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, "X9.62 curve over a 176 bit binary field"},
-       { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, "X9.62 curve over a 191 bit binary field"},
-       { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, "X9.62 curve over a 191 bit binary field"},
-       { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, "X9.62 curve over a 191 bit binary field"},
-       { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, "X9.62 curve over a 208 bit binary field"},
-       { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, "X9.62 curve over a 239 bit binary field"},
-       { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, "X9.62 curve over a 239 bit binary field"},
-       { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, "X9.62 curve over a 239 bit binary field"},
-       { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, "X9.62 curve over a 272 bit binary field"},
-       { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, "X9.62 curve over a 304 bit binary field"},
-       { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, "X9.62 curve over a 359 bit binary field"},
-       { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, "X9.62 curve over a 368 bit binary field"},
-       { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, "X9.62 curve over a 431 bit binary field"},
+       { NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, 0, "X9.62 curve over a 163 bit binary field" },
+       { NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, 0, "X9.62 curve over a 163 bit binary field" },
+       { NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, 0, "X9.62 curve over a 163 bit binary field" },
+       { NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, 0, "X9.62 curve over a 176 bit binary field" },
+       { NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, 0, "X9.62 curve over a 191 bit binary field" },
+       { NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, 0, "X9.62 curve over a 191 bit binary field" },
+       { NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, 0, "X9.62 curve over a 191 bit binary field" },
+       { NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, 0, "X9.62 curve over a 208 bit binary field" },
+       { NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, 0, "X9.62 curve over a 239 bit binary field" },
+       { NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, 0, "X9.62 curve over a 239 bit binary field" },
+       { NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, 0, "X9.62 curve over a 239 bit binary field" },
+       { NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, 0, "X9.62 curve over a 272 bit binary field" },
+       { NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, 0, "X9.62 curve over a 304 bit binary field" },
+       { NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, 0, "X9.62 curve over a 359 bit binary field" },
+       { NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, 0, "X9.62 curve over a 368 bit binary field" },
+       { NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, 0, "X9.62 curve over a 431 bit binary field" },
        /* the WAP/WTLS curves
         * [unlike SECG, spec has its own OIDs for curves from X9.62] */
-       { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, "WTLS curve over a 113 bit binary field"},
-       { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h,   "NIST/SECG/WTLS curve over a 163 bit binary field"},
-       { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h,  "SECG curve over a 113 bit binary field"},
-       { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, "X9.62 curve over a 163 bit binary field"},
-       { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h,  "SECG/WTLS curve over a 112 bit prime field"},
-       { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h,  "SECG/WTLS curve over a 160 bit prime field"},
-       { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, "WTLS curve over a 112 bit prime field"},
-       { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, "WTLS curve over a 160 bit prime field" },
-       { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, "NIST/SECG/WTLS curve over a 233 bit binary field"},
-       { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, "NIST/SECG/WTLS curve over a 233 bit binary field"},
-       { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, "WTLS curvs over a 224 bit prime field"},
+       { NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, 0, "WTLS curve over a 113 bit binary field" },
+       { NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, 0, "NIST/SECG/WTLS curve over a 163 bit binary field" },
+       { NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, 0, "SECG curve over a 113 bit binary field" },
+       { NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0, "X9.62 curve over a 163 bit binary field" },
+#endif
+       { NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0, "SECG/WTLS curve over a 112 bit prime field" },
+       { NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0, "SECG/WTLS curve over a 160 bit prime field" },
+       { NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0, "WTLS curve over a 112 bit prime field" },
+       { NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0, "WTLS curve over a 160 bit prime field" },
+#ifndef OPENSSL_NO_EC2M
+       { NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field" },
+       { NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0, "NIST/SECG/WTLS curve over a 233 bit binary field" },
+#endif
+       { NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0, "WTLS curvs over a 224 bit prime field" },
+#ifndef OPENSSL_NO_EC2M
        /* IPSec curves */
-       { NID_ipsec3, &_EC_IPSEC_155_ID3.h, "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n""\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
-       { NID_ipsec4, &_EC_IPSEC_185_ID4.h, "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n""\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
+       { NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0, "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n"
+         "\tNot suitable for ECDSA.\n\tQuestionable extension field!" },
+       { NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0, "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n"
+         "\tNot suitable for ECDSA.\n\tQuestionable extension field!" },
+#endif
 };
 
 #define curve_list_length (sizeof(curve_list)/sizeof(ec_list_element))
 
-static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
+static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
        {
        EC_GROUP *group=NULL;
        EC_POINT *P=NULL;
        BN_CTX   *ctx=NULL;
-       BIGNUM   *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL;
+       BIGNUM   *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL;
        int      ok=0;
        int      seed_len,param_len;
+       const EC_METHOD *meth;
+       const EC_CURVE_DATA *data;
        const unsigned char *params;
 
        if ((ctx = BN_CTX_new()) == NULL)
@@ -1922,10 +1950,11 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
                goto err;
                }
 
+       data = curve.data;
        seed_len  = data->seed_len;
        param_len = data->param_len;
-       params    = (const unsigned char *)(data+1);    /* skip header */
-       params   += seed_len;                           /* skip seed   */
+       params    = (const unsigned char *)(data+1);    /* skip header */
+       params   += seed_len;                           /* skip seed   */
 
        if (!(p = BN_bin2bn(params+0*param_len, param_len, NULL))
                || !(a = BN_bin2bn(params+1*param_len, param_len, NULL))
@@ -1935,7 +1964,17 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
                goto err;
                }
 
-       if (data->field_type == NID_X9_62_prime_field)
+       if (curve.meth != 0)
+               {
+               meth = curve.meth();
+               if (((group = EC_GROUP_new(meth)) == NULL) ||
+                       (!(group->meth->group_set_curve(group, p, a, b, ctx))))
+                       {
+                       ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+                       goto err;
+                       }
+               }
+       else if (data->field_type == NID_X9_62_prime_field)
                {
                if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL)
                        {
@@ -1943,6 +1982,7 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
                        goto err;
                        }
                }
+#ifndef OPENSSL_NO_EC2M
        else    /* field_type == NID_X9_62_characteristic_two_field */
                {
                if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL)
@@ -1951,20 +1991,21 @@ static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
                        goto err;
                        }
                }
+#endif
 
        if ((P = EC_POINT_new(group)) == NULL)
                {
                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
                goto err;
                }
-       
+
        if (!(x = BN_bin2bn(params+3*param_len, param_len, NULL))
                || !(y = BN_bin2bn(params+4*param_len, param_len, NULL)))
                {
                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
                goto err;
                }
-       if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx))
+       if (!EC_POINT_set_affine_coordinates_GFp(group, P, x, y, ctx))
                {
                ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
                goto err;
@@ -2025,7 +2066,7 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
        for (i=0; i<curve_list_length; i++)
                if (curve_list[i].nid == nid)
                        {
-                       ret = ec_group_new_from_data(curve_list[i].data);
+                       ret = ec_group_new_from_data(curve_list[i]);
                        break;
                        }
 

diff --git a/deps/openssl/openssl/crypto/ec/ec_cvt.c b/deps/openssl/openssl/crypto/ec/ec_cvt.c
index d45640b..bfcbab3 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/ec_cvt.c
+++ b/deps/openssl/openssl/crypto/ec/ec_cvt.c
@@ -78,7 +78,32 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM
        const EC_METHOD *meth;
        EC_GROUP *ret;
 
+#if defined(OPENSSL_BN_ASM_MONT)
+       /*
+        * This might appear controversial, but the fact is that generic
+        * prime method was observed to deliver better performance even
+        * for NIST primes on a range of platforms, e.g.: 60%-15%
+        * improvement on IA-64, ~25% on ARM, 30%-90% on P4, 20%-25%
+        * in 32-bit build and 35%--12% in 64-bit build on Core2...
+        * Coefficients are relative to optimized bn_nist.c for most
+        * intensive ECDSA verify and ECDH operations for 192- and 521-
+        * bit keys respectively. Choice of these boundary values is
+        * arguable, because the dependency of improvement coefficient
+        * from key length is not a "monotone" curve. For example while
+        * 571-bit result is 23% on ARM, 384-bit one is -1%. But it's
+        * generally faster, sometimes "respectfully" faster, sometimes
+        * "tolerably" slower... What effectively happens is that loop
+        * with bn_mul_add_words is put against bn_mul_mont, and the
+        * latter "wins" on short vectors. Correct solution should be
+        * implementing dedicated NxN multiplication subroutines for
+        * small N. But till it materializes, let's stick to generic
+        * prime method...
+        *                                              <appro>
+        */
+       meth = EC_GFp_mont_method();
+#else
        meth = EC_GFp_nist_method();
+#endif
        
        ret = EC_GROUP_new(meth);
        if (ret == NULL)
@@ -122,7 +147,7 @@ EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM
        return ret;
        }
 
-
+#ifndef OPENSSL_NO_EC2M
 EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
        {
        const EC_METHOD *meth;
@@ -142,3 +167,4 @@ EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM
 
        return ret;
        }
+#endif

diff --git a/deps/openssl/openssl/crypto/ec/ec_err.c b/deps/openssl/openssl/crypto/ec/ec_err.c
index 84b4833..0d19398 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/ec_err.c
+++ b/deps/openssl/openssl/crypto/ec/ec_err.c
@@ -1,6 +1,6 @@
 /* crypto/ec/ec_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -70,6 +70,7 @@
 
 static ERR_STRING_DATA EC_str_functs[]=
        {
+{ERR_FUNC(EC_F_BN_TO_FELEM),   "BN_TO_FELEM"},
 {ERR_FUNC(EC_F_COMPUTE_WNAF),  "COMPUTE_WNAF"},
 {ERR_FUNC(EC_F_D2I_ECPARAMETERS),      "d2i_ECParameters"},
 {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS),    "d2i_ECPKParameters"},
@@ -112,6 +113,15 @@ static ERR_STRING_DATA EC_str_functs[]=
 {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
 {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE),   "ec_GFp_mont_group_set_curve"},
 {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP),       "EC_GFP_MONT_GROUP_SET_CURVE_GFP"},
+{ERR_FUNC(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE),       "ec_GFp_nistp224_group_set_curve"},
+{ERR_FUNC(EC_F_EC_GFP_NISTP224_POINTS_MUL),    "ec_GFp_nistp224_points_mul"},
+{ERR_FUNC(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES),  "ec_GFp_nistp224_point_get_affine_coordinates"},
+{ERR_FUNC(EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE),       "ec_GFp_nistp256_group_set_curve"},
+{ERR_FUNC(EC_F_EC_GFP_NISTP256_POINTS_MUL),    "ec_GFp_nistp256_points_mul"},
+{ERR_FUNC(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES),  "ec_GFp_nistp256_point_get_affine_coordinates"},
+{ERR_FUNC(EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE),       "ec_GFp_nistp521_group_set_curve"},
+{ERR_FUNC(EC_F_EC_GFP_NISTP521_POINTS_MUL),    "ec_GFp_nistp521_points_mul"},
+{ERR_FUNC(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES),  "ec_GFp_nistp521_point_get_affine_coordinates"},
 {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"},
 {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"},
 {ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE),   "ec_GFp_nist_group_set_curve"},
@@ -154,6 +164,7 @@ static ERR_STRING_DATA EC_str_functs[]=
 {ERR_FUNC(EC_F_EC_KEY_NEW),    "EC_KEY_new"},
 {ERR_FUNC(EC_F_EC_KEY_PRINT),  "EC_KEY_print"},
 {ERR_FUNC(EC_F_EC_KEY_PRINT_FP),       "EC_KEY_print_fp"},
+{ERR_FUNC(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES),      "EC_KEY_set_public_key_affine_coordinates"},
 {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"},
 {ERR_FUNC(EC_F_EC_POINT_ADD),  "EC_POINT_add"},
 {ERR_FUNC(EC_F_EC_POINT_CMP),  "EC_POINT_cmp"},
@@ -184,6 +195,9 @@ static ERR_STRING_DATA EC_str_functs[]=
 {ERR_FUNC(EC_F_I2D_ECPKPARAMETERS),    "i2d_ECPKParameters"},
 {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY),      "i2d_ECPrivateKey"},
 {ERR_FUNC(EC_F_I2O_ECPUBLICKEY),       "i2o_ECPublicKey"},
+{ERR_FUNC(EC_F_NISTP224_PRE_COMP_NEW), "NISTP224_PRE_COMP_NEW"},
+{ERR_FUNC(EC_F_NISTP256_PRE_COMP_NEW), "NISTP256_PRE_COMP_NEW"},
+{ERR_FUNC(EC_F_NISTP521_PRE_COMP_NEW), "NISTP521_PRE_COMP_NEW"},
 {ERR_FUNC(EC_F_O2I_ECPUBLICKEY),       "o2i_ECPublicKey"},
 {ERR_FUNC(EC_F_OLD_EC_PRIV_DECODE),    "OLD_EC_PRIV_DECODE"},
 {ERR_FUNC(EC_F_PKEY_EC_CTRL),  "PKEY_EC_CTRL"},
@@ -199,12 +213,15 @@ static ERR_STRING_DATA EC_str_reasons[]=
        {
 {ERR_REASON(EC_R_ASN1_ERROR)             ,"asn1 error"},
 {ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD)     ,"asn1 unknown field"},
+{ERR_REASON(EC_R_BIGNUM_OUT_OF_RANGE)    ,"bignum out of range"},
 {ERR_REASON(EC_R_BUFFER_TOO_SMALL)       ,"buffer too small"},
+{ERR_REASON(EC_R_COORDINATES_OUT_OF_RANGE),"coordinates out of range"},
 {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"},
 {ERR_REASON(EC_R_DECODE_ERROR)           ,"decode error"},
 {ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO)   ,"discriminant is zero"},
 {ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"},
 {ERR_REASON(EC_R_FIELD_TOO_LARGE)        ,"field too large"},
+{ERR_REASON(EC_R_GF2M_NOT_SUPPORTED)     ,"gf2m not supported"},
 {ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),"group2pkparameters failure"},
 {ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),"i2d ecpkparameters failure"},
 {ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS)   ,"incompatible objects"},
@@ -239,6 +256,7 @@ static ERR_STRING_DATA EC_str_reasons[]=
 {ERR_REASON(EC_R_UNKNOWN_GROUP)          ,"unknown group"},
 {ERR_REASON(EC_R_UNKNOWN_ORDER)          ,"unknown order"},
 {ERR_REASON(EC_R_UNSUPPORTED_FIELD)      ,"unsupported field"},
+{ERR_REASON(EC_R_WRONG_CURVE_PARAMETERS) ,"wrong curve parameters"},
 {ERR_REASON(EC_R_WRONG_ORDER)            ,"wrong order"},
 {0,NULL}
        };

diff --git a/deps/openssl/openssl/crypto/ec/ec_key.c b/deps/openssl/openssl/crypto/ec/ec_key.c
index 522802c..7fa2475 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/ec_key.c
+++ b/deps/openssl/openssl/crypto/ec/ec_key.c
@@ -64,7 +64,9 @@
 #include <string.h>
 #include "ec_lcl.h"
 #include <openssl/err.h>
-#include <string.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 EC_KEY *EC_KEY_new(void)
        {
@@ -78,6 +80,7 @@ EC_KEY *EC_KEY_new(void)
                }
 
        ret->version = 1;       
+       ret->flags = 0;
        ret->group   = NULL;
        ret->pub_key = NULL;
        ret->priv_key= NULL;
@@ -197,6 +200,7 @@ EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
        dest->enc_flag  = src->enc_flag;
        dest->conv_form = src->conv_form;
        dest->version   = src->version;
+       dest->flags = src->flags;
 
        return dest;
        }
@@ -237,6 +241,11 @@ int EC_KEY_generate_key(EC_KEY *eckey)
        BIGNUM  *priv_key = NULL, *order = NULL;
        EC_POINT *pub_key = NULL;
 
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               return FIPS_ec_key_generate_key(eckey);
+#endif
+
        if (!eckey || !eckey->group)
                {
                ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
@@ -371,6 +380,82 @@ err:
        return(ok);
        }
 
+int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x, BIGNUM *y)
+       {
+       BN_CTX *ctx = NULL;
+       BIGNUM *tx, *ty;
+       EC_POINT *point = NULL;
+       int ok = 0, tmp_nid, is_char_two = 0;
+
+       if (!key || !key->group || !x || !y)
+               {
+               ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
+                                               ERR_R_PASSED_NULL_PARAMETER);
+               return 0;
+               }
+       ctx = BN_CTX_new();
+       if (!ctx)
+               goto err;
+
+       point = EC_POINT_new(key->group);
+
+       if (!point)
+               goto err;
+
+       tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(key->group));
+
+        if (tmp_nid == NID_X9_62_characteristic_two_field)
+               is_char_two = 1;
+
+       tx = BN_CTX_get(ctx);
+       ty = BN_CTX_get(ctx);
+#ifndef OPENSSL_NO_EC2M
+       if (is_char_two)
+               {
+               if (!EC_POINT_set_affine_coordinates_GF2m(key->group, point,
+                                                               x, y, ctx))
+                       goto err;
+               if (!EC_POINT_get_affine_coordinates_GF2m(key->group, point,
+                                                               tx, ty, ctx))
+                       goto err;
+               }
+       else
+#endif
+               {
+               if (!EC_POINT_set_affine_coordinates_GFp(key->group, point,
+                                                               x, y, ctx))
+                       goto err;
+               if (!EC_POINT_get_affine_coordinates_GFp(key->group, point,
+                                                               tx, ty, ctx))
+                       goto err;
+               }
+       /* Check if retrieved coordinates match originals: if not values
+        * are out of range.
+        */
+       if (BN_cmp(x, tx) || BN_cmp(y, ty))
+               {
+               ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
+                       EC_R_COORDINATES_OUT_OF_RANGE);
+               goto err;
+               }
+
+       if (!EC_KEY_set_public_key(key, point))
+               goto err;
+
+       if (EC_KEY_check_key(key) == 0)
+               goto err;
+
+       ok = 1;
+
+       err:
+       if (ctx)
+               BN_CTX_free(ctx);
+       if (point)
+               EC_POINT_free(point);
+       return ok;
+
+       }
+
 const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key)
        {
        return key->group;
@@ -435,18 +520,27 @@ void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
 void *EC_KEY_get_key_method_data(EC_KEY *key,
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
        {
-       return EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
+       void *ret;
+
+       CRYPTO_r_lock(CRYPTO_LOCK_EC);
+       ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
+       CRYPTO_r_unlock(CRYPTO_LOCK_EC);
+
+       return ret;
        }
 
-void EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
+void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
        void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
        {
        EC_EXTRA_DATA *ex_data;
+
        CRYPTO_w_lock(CRYPTO_LOCK_EC);
        ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
        if (ex_data == NULL)
                EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func);
        CRYPTO_w_unlock(CRYPTO_LOCK_EC);
+
+       return ex_data;
        }
 
 void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
@@ -461,3 +555,18 @@ int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)
                return 0;
        return EC_GROUP_precompute_mult(key->group, ctx);
        }
+
+int EC_KEY_get_flags(const EC_KEY *key)
+       {
+       return key->flags;
+       }
+
+void EC_KEY_set_flags(EC_KEY *key, int flags)
+       {
+       key->flags |= flags;
+       }
+
+void EC_KEY_clear_flags(EC_KEY *key, int flags)
+       {
+       key->flags &= ~flags;
+       }

diff --git a/deps/openssl/openssl/crypto/ec/ec_lcl.h b/deps/openssl/openssl/crypto/ec/ec_lcl.h
index 3e2c34b..da7967d 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/ec_lcl.h
+++ b/deps/openssl/openssl/crypto/ec/ec_lcl.h
@@ -3,7 +3,7 @@
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
 /* ====================================================================
- * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2010 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -82,10 +82,15 @@
 # endif
 #endif
 
+/* Use default functions for poin2oct, oct2point and compressed coordinates */
+#define EC_FLAGS_DEFAULT_OCT   0x1
+
 /* Structure details are not part of the exported interface,
  * so all this may change in future versions. */
 
 struct ec_method_st {
+       /* Various method flags */
+       int flags;
        /* used by EC_METHOD_get_field_type: */
        int field_type; /* a NID */
 
@@ -244,6 +249,7 @@ struct ec_key_st {
        point_conversion_form_t conv_form;
 
        int     references;
+       int     flags;
 
        EC_EXTRA_DATA *method_data;
 } /* EC_KEY */;
@@ -391,3 +397,50 @@ int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
        size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
 int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
 int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
+
+/* method functions in ec2_mult.c */
+int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+       size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
+int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GF2m_have_precompute_mult(const EC_GROUP *group);
+
+#ifndef OPENSSL_EC_NISTP_64_GCC_128
+/* method functions in ecp_nistp224.c */
+int ec_GFp_nistp224_group_init(EC_GROUP *group);
+int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *);
+int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+int ec_GFp_nistp224_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
+int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx);
+int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group);
+
+/* method functions in ecp_nistp256.c */
+int ec_GFp_nistp256_group_init(EC_GROUP *group);
+int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *);
+int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+int ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
+int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx);
+int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group);
+
+/* method functions in ecp_nistp521.c */
+int ec_GFp_nistp521_group_init(EC_GROUP *group);
+int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *n, BN_CTX *);
+int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+int ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *);
+int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx);
+int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group);
+
+/* utility functions in ecp_nistputil.c */
+void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
+       size_t felem_size, void *tmp_felems,
+       void (*felem_one)(void *out),
+       int (*felem_is_zero)(const void *in),
+       void (*felem_assign)(void *out, const void *in),
+       void (*felem_square)(void *out, const void *in),
+       void (*felem_mul)(void *out, const void *in1, const void *in2),
+       void (*felem_inv)(void *out, const void *in),
+       void (*felem_contract)(void *out, const void *in));
+void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign, unsigned char *digit, unsigned char in);
+#endif

diff --git a/deps/openssl/openssl/crypto/ec/ec_lib.c b/deps/openssl/openssl/crypto/ec/ec_lib.c
index dd7da0f..25247b5 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/ec_lib.c
+++ b/deps/openssl/openssl/crypto/ec/ec_lib.c
@@ -425,7 +425,7 @@ int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *
        return group->meth->group_get_curve(group, p, a, b, ctx);
        }
 
-
+#ifndef OPENSSL_NO_EC2M
 int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
        {
        if (group->meth->group_set_curve == 0)
@@ -446,7 +446,7 @@ int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM
                }
        return group->meth->group_get_curve(group, p, a, b, ctx);
        }
-
+#endif
 
 int EC_GROUP_get_degree(const EC_GROUP *group)
        {
@@ -856,7 +856,7 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
        return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
        }
 
-
+#ifndef OPENSSL_NO_EC2M
 int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
        const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
        {
@@ -872,7 +872,7 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
                }
        return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
        }
-
+#endif
 
 int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
        BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
@@ -890,7 +890,7 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *p
        return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
        }
 
-
+#ifndef OPENSSL_NO_EC2M
 int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point,
        BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
        {
@@ -906,75 +906,7 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *
                }
        return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
        }
-
-
-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-       const BIGNUM *x, int y_bit, BN_CTX *ctx)
-       {
-       if (group->meth->point_set_compressed_coordinates == 0)
-               {
-               ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-               return 0;
-               }
-       if (group->meth != point->meth)
-               {
-               ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
-               return 0;
-               }
-       return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
-       }
-
-
-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
-       const BIGNUM *x, int y_bit, BN_CTX *ctx)
-       {
-       if (group->meth->point_set_compressed_coordinates == 0)
-               {
-               ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-               return 0;
-               }
-       if (group->meth != point->meth)
-               {
-               ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
-               return 0;
-               }
-       return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
-       }
-
-
-size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
-        unsigned char *buf, size_t len, BN_CTX *ctx)
-       {
-       if (group->meth->point2oct == 0)
-               {
-               ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-               return 0;
-               }
-       if (group->meth != point->meth)
-               {
-               ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
-               return 0;
-               }
-       return group->meth->point2oct(group, point, form, buf, len, ctx);
-       }
-
-
-int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
-        const unsigned char *buf, size_t len, BN_CTX *ctx)
-       {
-       if (group->meth->oct2point == 0)
-               {
-               ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-               return 0;
-               }
-       if (group->meth != point->meth)
-               {
-               ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
-               return 0;
-               }
-       return group->meth->oct2point(group, point, buf, len, ctx);
-       }
-
+#endif
 
 int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
        {

diff --git a/deps/openssl/openssl/crypto/ec/ec_pmeth.c b/deps/openssl/openssl/crypto/ec/ec_pmeth.c
index f433076..66ee397 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/ec_pmeth.c
+++ b/deps/openssl/openssl/crypto/ec/ec_pmeth.c
@@ -188,7 +188,7 @@ static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
 
        pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
 
-       /* NB: unlike PKS#3 DH, if *outlen is less than maximum size this is
+       /* NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is
         * not an error, the result is truncated.
         */
 
@@ -221,6 +221,7 @@ static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 
                case EVP_PKEY_CTRL_MD:
                if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+                   EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&
                    EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
                    EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
                    EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&

diff --git a/deps/openssl/openssl/crypto/ec/eck_prn.c b/deps/openssl/openssl/crypto/ec/eck_prn.c
index 7d3e175..06de8f3 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/eck_prn.c
+++ b/deps/openssl/openssl/crypto/ec/eck_prn.c
@@ -207,7 +207,7 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
                        reason = ERR_R_MALLOC_FAILURE;
                        goto err;
                        }
-
+#ifndef OPENSSL_NO_EC2M
                if (is_char_two)
                        {
                        if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
@@ -217,6 +217,7 @@ int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
                                }
                        }
                else /* prime field */
+#endif
                        {
                        if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
                                {

diff --git a/deps/openssl/openssl/crypto/ec/ecp_mont.c b/deps/openssl/openssl/crypto/ec/ecp_mont.c
index 9fc4a46..f04f132 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/ecp_mont.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_mont.c
@@ -63,12 +63,20 @@
 
 #include <openssl/err.h>
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 #include "ec_lcl.h"
 
 
 const EC_METHOD *EC_GFp_mont_method(void)
        {
+#ifdef OPENSSL_FIPS
+       return fips_ec_gfp_mont_method();
+#else
        static const EC_METHOD ret = {
+               EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_prime_field,
                ec_GFp_mont_group_init,
                ec_GFp_mont_group_finish,
@@ -87,9 +95,7 @@ const EC_METHOD *EC_GFp_mont_method(void)
                ec_GFp_simple_get_Jprojective_coordinates_GFp,
                ec_GFp_simple_point_set_affine_coordinates,
                ec_GFp_simple_point_get_affine_coordinates,
-               ec_GFp_simple_set_compressed_coordinates,
-               ec_GFp_simple_point2oct,
-               ec_GFp_simple_oct2point,
+               0,0,0,
                ec_GFp_simple_add,
                ec_GFp_simple_dbl,
                ec_GFp_simple_invert,
@@ -109,6 +115,7 @@ const EC_METHOD *EC_GFp_mont_method(void)
                ec_GFp_mont_field_set_to_one };
 
        return &ret;
+#endif
        }
 
 

diff --git a/deps/openssl/openssl/crypto/ec/ecp_nist.c b/deps/openssl/openssl/crypto/ec/ecp_nist.c
index 2a5682e..aad2d5f 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/ecp_nist.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_nist.c
@@ -67,9 +67,17 @@
 #include <openssl/obj_mac.h>
 #include "ec_lcl.h"
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 const EC_METHOD *EC_GFp_nist_method(void)
        {
+#ifdef OPENSSL_FIPS
+       return fips_ec_gfp_nist_method();
+#else
        static const EC_METHOD ret = {
+               EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_prime_field,
                ec_GFp_simple_group_init,
                ec_GFp_simple_group_finish,
@@ -88,9 +96,7 @@ const EC_METHOD *EC_GFp_nist_method(void)
                ec_GFp_simple_get_Jprojective_coordinates_GFp,
                ec_GFp_simple_point_set_affine_coordinates,
                ec_GFp_simple_point_get_affine_coordinates,
-               ec_GFp_simple_set_compressed_coordinates,
-               ec_GFp_simple_point2oct,
-               ec_GFp_simple_oct2point,
+               0,0,0,
                ec_GFp_simple_add,
                ec_GFp_simple_dbl,
                ec_GFp_simple_invert,
@@ -110,6 +116,7 @@ const EC_METHOD *EC_GFp_nist_method(void)
                0 /* field_set_to_one */ };
 
        return &ret;
+#endif
        }
 
 int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)

diff --git a/deps/openssl/openssl/crypto/ec/ecp_smpl.c b/deps/openssl/openssl/crypto/ec/ecp_smpl.c
index 66a92e2..7cbb321 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/ecp_smpl.c
+++ b/deps/openssl/openssl/crypto/ec/ecp_smpl.c
@@ -65,11 +65,19 @@
 #include <openssl/err.h>
 #include <openssl/symhacks.h>
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 #include "ec_lcl.h"
 
 const EC_METHOD *EC_GFp_simple_method(void)
        {
+#ifdef OPENSSL_FIPS
+       return fips_ec_gfp_simple_method();
+#else
        static const EC_METHOD ret = {
+               EC_FLAGS_DEFAULT_OCT,
                NID_X9_62_prime_field,
                ec_GFp_simple_group_init,
                ec_GFp_simple_group_finish,
@@ -88,9 +96,7 @@ const EC_METHOD *EC_GFp_simple_method(void)
                ec_GFp_simple_get_Jprojective_coordinates_GFp,
                ec_GFp_simple_point_set_affine_coordinates,
                ec_GFp_simple_point_get_affine_coordinates,
-               ec_GFp_simple_set_compressed_coordinates,
-               ec_GFp_simple_point2oct,
-               ec_GFp_simple_oct2point,
+               0,0,0,
                ec_GFp_simple_add,
                ec_GFp_simple_dbl,
                ec_GFp_simple_invert,
@@ -110,6 +116,7 @@ const EC_METHOD *EC_GFp_simple_method(void)
                0 /* field_set_to_one */ };
 
        return &ret;
+#endif
        }
 
 
@@ -633,372 +640,6 @@ int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_P
        return ret;
        }
 
-
-int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
-       const BIGNUM *x_, int y_bit, BN_CTX *ctx)
-       {
-       BN_CTX *new_ctx = NULL;
-       BIGNUM *tmp1, *tmp2, *x, *y;
-       int ret = 0;
-
-       /* clear error queue*/
-       ERR_clear_error();
-
-       if (ctx == NULL)
-               {
-               ctx = new_ctx = BN_CTX_new();
-               if (ctx == NULL)
-                       return 0;
-               }
-
-       y_bit = (y_bit != 0);
-
-       BN_CTX_start(ctx);
-       tmp1 = BN_CTX_get(ctx);
-       tmp2 = BN_CTX_get(ctx);
-       x = BN_CTX_get(ctx);
-       y = BN_CTX_get(ctx);
-       if (y == NULL) goto err;
-
-       /* Recover y.  We have a Weierstrass equation
-        *     y^2 = x^3 + a*x + b,
-        * so  y  is one of the square roots of  x^3 + a*x + b.
-        */
-
-       /* tmp1 := x^3 */
-       if (!BN_nnmod(x, x_, &group->field,ctx)) goto err;
-       if (group->meth->field_decode == 0)
-               {
-               /* field_{sqr,mul} work on standard representation */
-               if (!group->meth->field_sqr(group, tmp2, x_, ctx)) goto err;
-               if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) goto err;
-               }
-       else
-               {
-               if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) goto err;
-               if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) goto err;
-               }
-       
-       /* tmp1 := tmp1 + a*x */
-       if (group->a_is_minus3)
-               {
-               if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) goto err;
-               if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) goto err;
-               if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
-               }
-       else
-               {
-               if (group->meth->field_decode)
-                       {
-                       if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) goto err;
-                       if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) goto err;
-                       }
-               else
-                       {
-                       /* field_mul works on standard representation */
-                       if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) goto err;
-                       }
-               
-               if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
-               }
-       
-       /* tmp1 := tmp1 + b */
-       if (group->meth->field_decode)
-               {
-               if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) goto err;
-               if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
-               }
-       else
-               {
-               if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) goto err;
-               }
-       
-       if (!BN_mod_sqrt(y, tmp1, &group->field, ctx))
-               {
-               unsigned long err = ERR_peek_last_error();
-               
-               if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE)
-                       {
-                       ERR_clear_error();
-                       ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
-                       }
-               else
-                       ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);
-               goto err;
-               }
-
-       if (y_bit != BN_is_odd(y))
-               {
-               if (BN_is_zero(y))
-                       {
-                       int kron;
-
-                       kron = BN_kronecker(x, &group->field, ctx);
-                       if (kron == -2) goto err;
-
-                       if (kron == 1)
-                               ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSION_BIT);
-                       else
-                               /* BN_mod_sqrt() should have cought this error (not a square) */
-                               ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
-                       goto err;
-                       }
-               if (!BN_usub(y, &group->field, y)) goto err;
-               }
-       if (y_bit != BN_is_odd(y))
-               {
-               ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_INTERNAL_ERROR);
-               goto err;
-               }
-
-       if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-
-       ret = 1;
-
- err:
-       BN_CTX_end(ctx);
-       if (new_ctx != NULL)
-               BN_CTX_free(new_ctx);
-       return ret;
-       }
-
-
-size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
-       unsigned char *buf, size_t len, BN_CTX *ctx)
-       {
-       size_t ret;
-       BN_CTX *new_ctx = NULL;
-       int used_ctx = 0;
-       BIGNUM *x, *y;
-       size_t field_len, i, skip;
-
-       if ((form != POINT_CONVERSION_COMPRESSED)
-               && (form != POINT_CONVERSION_UNCOMPRESSED)
-               && (form != POINT_CONVERSION_HYBRID))
-               {
-               ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
-               goto err;
-               }
-
-       if (EC_POINT_is_at_infinity(group, point))
-               {
-               /* encodes to a single 0 octet */
-               if (buf != NULL)
-                       {
-                       if (len < 1)
-                               {
-                               ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
-                               return 0;
-                               }
-                       buf[0] = 0;
-                       }
-               return 1;
-               }
-
-
-       /* ret := required output buffer length */
-       field_len = BN_num_bytes(&group->field);
-       ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
-       /* if 'buf' is NULL, just return required length */
-       if (buf != NULL)
-               {
-               if (len < ret)
-                       {
-                       ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
-                       goto err;
-                       }
-
-               if (ctx == NULL)
-                       {
-                       ctx = new_ctx = BN_CTX_new();
-                       if (ctx == NULL)
-                               return 0;
-                       }
-
-               BN_CTX_start(ctx);
-               used_ctx = 1;
-               x = BN_CTX_get(ctx);
-               y = BN_CTX_get(ctx);
-               if (y == NULL) goto err;
-
-               if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-
-               if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))
-                       buf[0] = form + 1;
-               else
-                       buf[0] = form;
-       
-               i = 1;
-               
-               skip = field_len - BN_num_bytes(x);
-               if (skip > field_len)
-                       {
-                       ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-                       goto err;
-                       }
-               while (skip > 0)
-                       {
-                       buf[i++] = 0;
-                       skip--;
-                       }
-               skip = BN_bn2bin(x, buf + i);
-               i += skip;
-               if (i != 1 + field_len)
-                       {
-                       ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-                       goto err;
-                       }
-
-               if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)
-                       {
-                       skip = field_len - BN_num_bytes(y);
-                       if (skip > field_len)
-                               {
-                               ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-                               goto err;
-                               }
-                       while (skip > 0)
-                               {
-                               buf[i++] = 0;
-                               skip--;
-                               }
-                       skip = BN_bn2bin(y, buf + i);
-                       i += skip;
-                       }
-
-               if (i != ret)
-                       {
-                       ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-                       goto err;
-                       }
-               }
-       
-       if (used_ctx)
-               BN_CTX_end(ctx);
-       if (new_ctx != NULL)
-               BN_CTX_free(new_ctx);
-       return ret;
-
- err:
-       if (used_ctx)
-               BN_CTX_end(ctx);
-       if (new_ctx != NULL)
-               BN_CTX_free(new_ctx);
-       return 0;
-       }
-
-
-int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
-       const unsigned char *buf, size_t len, BN_CTX *ctx)
-       {
-       point_conversion_form_t form;
-       int y_bit;
-       BN_CTX *new_ctx = NULL;
-       BIGNUM *x, *y;
-       size_t field_len, enc_len;
-       int ret = 0;
-
-       if (len == 0)
-               {
-               ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
-               return 0;
-               }
-       form = buf[0];
-       y_bit = form & 1;
-       form = form & ~1U;
-       if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
-               && (form != POINT_CONVERSION_UNCOMPRESSED)
-               && (form != POINT_CONVERSION_HYBRID))
-               {
-               ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-               return 0;
-               }
-       if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit)
-               {
-               ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-               return 0;
-               }
-
-       if (form == 0)
-               {
-               if (len != 1)
-                       {
-                       ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-                       return 0;
-                       }
-
-               return EC_POINT_set_to_infinity(group, point);
-               }
-       
-       field_len = BN_num_bytes(&group->field);
-       enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
-       if (len != enc_len)
-               {
-               ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-               return 0;
-               }
-
-       if (ctx == NULL)
-               {
-               ctx = new_ctx = BN_CTX_new();
-               if (ctx == NULL)
-                       return 0;
-               }
-
-       BN_CTX_start(ctx);
-       x = BN_CTX_get(ctx);
-       y = BN_CTX_get(ctx);
-       if (y == NULL) goto err;
-
-       if (!BN_bin2bn(buf + 1, field_len, x)) goto err;
-       if (BN_ucmp(x, &group->field) >= 0)
-               {
-               ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-               goto err;
-               }
-
-       if (form == POINT_CONVERSION_COMPRESSED)
-               {
-               if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) goto err;
-               }
-       else
-               {
-               if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err;
-               if (BN_ucmp(y, &group->field) >= 0)
-                       {
-                       ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-                       goto err;
-                       }
-               if (form == POINT_CONVERSION_HYBRID)
-                       {
-                       if (y_bit != BN_is_odd(y))
-                               {
-                               ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-                               goto err;
-                               }
-                       }
-
-               if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-               }
-       
-       if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
-               {
-               ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
-               goto err;
-               }
-
-       ret = 1;
-       
- err:
-       BN_CTX_end(ctx);
-       if (new_ctx != NULL)
-               BN_CTX_free(new_ctx);
-       return ret;
-       }
-
-
 int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
        {
        int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);

diff --git a/deps/openssl/openssl/crypto/ec/ectest.c b/deps/openssl/openssl/crypto/ec/ectest.c
index 7509cb9..102eaa9 100644 (file)
--- a/deps/openssl/openssl/crypto/ec/ectest.c
+++ b/deps/openssl/openssl/crypto/ec/ectest.c
@@ -94,6 +94,7 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur
 #include <openssl/objects.h>
 #include <openssl/rand.h>
 #include <openssl/bn.h>
+#include <openssl/opensslconf.h>
 
 #if defined(_MSC_VER) && defined(_MIPS_) && (_MSC_VER/100==12)
 /* suppress "too big too optimize" warning */
@@ -107,10 +108,6 @@ int main(int argc, char * argv[]) { puts("Elliptic curves are disabled."); retur
        EXIT(1); \
 } while (0)
 
-void prime_field_tests(void);
-void char2_field_tests(void);
-void internal_curve_test(void);
-
 #define TIMING_BASE_PT 0
 #define TIMING_RAND_PT 1
 #define TIMING_SIMUL 2
@@ -195,8 +192,51 @@ static void timings(EC_GROUP *group, int type, BN_CTX *ctx)
        }
 #endif
 
-void prime_field_tests()
-       {       
+/* test multiplication with group order, long and negative scalars */
+static void group_order_tests(EC_GROUP *group)
+       {
+       BIGNUM *n1, *n2, *order;
+       EC_POINT *P = EC_POINT_new(group);
+       EC_POINT *Q = EC_POINT_new(group);
+       BN_CTX *ctx = BN_CTX_new();
+
+       n1 = BN_new(); n2 = BN_new(); order = BN_new();
+       fprintf(stdout, "verify group order ...");
+       fflush(stdout);
+       if (!EC_GROUP_get_order(group, order, ctx)) ABORT;
+       if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT;
+       if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+       fprintf(stdout, ".");
+       fflush(stdout);
+       if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
+       if (!EC_POINT_mul(group, Q, order, NULL, NULL, ctx)) ABORT;
+       if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
+       fprintf(stdout, " ok\n");
+       fprintf(stdout, "long/negative scalar tests ... ");
+       if (!BN_one(n1)) ABORT;
+       /* n1 = 1 - order */
+       if (!BN_sub(n1, n1, order)) ABORT;
+       if(!EC_POINT_mul(group, Q, NULL, P, n1, ctx)) ABORT;
+       if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+       /* n2 = 1 + order */
+       if (!BN_add(n2, order, BN_value_one())) ABORT;
+       if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
+       if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+       /* n2 = (1 - order) * (1 + order) */
+       if (!BN_mul(n2, n1, n2, ctx)) ABORT;
+       if(!EC_POINT_mul(group, Q, NULL, P, n2, ctx)) ABORT;
+       if (0 != EC_POINT_cmp(group, Q, P, ctx)) ABORT;
+       fprintf(stdout, "ok\n");
+       EC_POINT_free(P);
+       EC_POINT_free(Q);
+       BN_free(n1);
+       BN_free(n2);
+       BN_free(order);
+       BN_CTX_free(ctx);
+       }
+
+static void prime_field_tests(void)
+       {
        BN_CTX *ctx = NULL;
        BIGNUM *p, *a, *b;
        EC_GROUP *group;
@@ -321,21 +361,21 @@ void prime_field_tests()
        if (len == 0) ABORT;
        if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
        if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
-       fprintf(stdout, "Generator as octect string, compressed form:\n     ");
+       fprintf(stdout, "Generator as octet string, compressed form:\n     ");
        for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
        
        len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED, buf, sizeof buf, ctx);
        if (len == 0) ABORT;
        if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
        if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
-       fprintf(stdout, "\nGenerator as octect string, uncompressed form:\n     ");
+       fprintf(stdout, "\nGenerator as octet string, uncompressed form:\n     ");
        for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
        
        len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID, buf, sizeof buf, ctx);
        if (len == 0) ABORT;
        if (!EC_POINT_oct2point(group, P, buf, len, ctx)) ABORT;
        if (0 != EC_POINT_cmp(group, P, Q, ctx)) ABORT;
-       fprintf(stdout, "\nGenerator as octect string, hybrid form:\n     ");
+       fprintf(stdout, "\nGenerator as octet string, hybrid form:\n     ");
        for (i = 0; i < len; i++) fprintf(stdout, "%02X", buf[i]);
        
        if (!EC_POINT_get_Jprojective_coordinates_GFp(group, R, x, y, z, ctx)) ABORT;
@@ -381,17 +421,7 @@ void prime_field_tests()
        if (EC_GROUP_get_degree(group) != 160) ABORT;
        fprintf(stdout, " ok\n");
        
-       fprintf(stdout, "verify group order ...");
-       fflush(stdout);
-       if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
-       if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
-       if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
-       fprintf(stdout, ".");
-       fflush(stdout);
-       if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-       if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
-       if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
-       fprintf(stdout, " ok\n");
+       group_order_tests(group);
 
        if (!(P_160 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
        if (!EC_GROUP_copy(P_160, group)) ABORT;
@@ -425,17 +455,7 @@ void prime_field_tests()
        if (EC_GROUP_get_degree(group) != 192) ABORT;
        fprintf(stdout, " ok\n");
        
-       fprintf(stdout, "verify group order ...");
-       fflush(stdout);
-       if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
-       if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
-       if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
-       fprintf(stdout, ".");
-       fflush(stdout);
-       if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-       if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
-       if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
-       fprintf(stdout, " ok\n");
+       group_order_tests(group);
 
        if (!(P_192 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
        if (!EC_GROUP_copy(P_192, group)) ABORT;
@@ -469,17 +489,7 @@ void prime_field_tests()
        if (EC_GROUP_get_degree(group) != 224) ABORT;
        fprintf(stdout, " ok\n");
        
-       fprintf(stdout, "verify group order ...");
-       fflush(stdout);
-       if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
-       if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
-       if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
-       fprintf(stdout, ".");
-       fflush(stdout);
-       if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-       if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
-       if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
-       fprintf(stdout, " ok\n");
+       group_order_tests(group);
 
        if (!(P_224 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
        if (!EC_GROUP_copy(P_224, group)) ABORT;
@@ -514,17 +524,7 @@ void prime_field_tests()
        if (EC_GROUP_get_degree(group) != 256) ABORT;
        fprintf(stdout, " ok\n");
        
-       fprintf(stdout, "verify group order ...");
-       fflush(stdout);
-       if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
-       if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
-       if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
-       fprintf(stdout, ".");
-       fflush(stdout);
-       if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-       if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
-       if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
-       fprintf(stdout, " ok\n");
+       group_order_tests(group);
 
        if (!(P_256 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
        if (!EC_GROUP_copy(P_256, group)) ABORT;
@@ -563,18 +563,8 @@ void prime_field_tests()
        fprintf(stdout, "verify degree ...");
        if (EC_GROUP_get_degree(group) != 384) ABORT;
        fprintf(stdout, " ok\n");
-       
-       fprintf(stdout, "verify group order ...");
-       fflush(stdout);
-       if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
-       if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
-       if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
-       fprintf(stdout, ".");
-       fflush(stdout);
-       if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-       if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
-       if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
-       fprintf(stdout, " ok\n");
+
+       group_order_tests(group);
 
        if (!(P_384 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
        if (!EC_GROUP_copy(P_384, group)) ABORT;
@@ -619,18 +609,8 @@ void prime_field_tests()
        fprintf(stdout, "verify degree ...");
        if (EC_GROUP_get_degree(group) != 521) ABORT;
        fprintf(stdout, " ok\n");
-       
-       fprintf(stdout, "verify group order ...");
-       fflush(stdout);
-       if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
-       if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
-       if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
-       fprintf(stdout, ".");
-       fflush(stdout);
-       if (!EC_GROUP_precompute_mult(group, ctx)) ABORT;
-       if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT;
-       if (!EC_POINT_is_at_infinity(group, Q)) ABORT;
-       fprintf(stdout, " ok\n");
+
+       group_order_tests(group);
 
        if (!(P_521 = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT;
        if (!EC_GROUP_copy(P_521, group)) ABORT;
@@ -659,6 +639,7 @@ void prime_field_tests()
                points[2] = Q;
                points[3] = Q;
 
+               if (!EC_GROUP_get_order(group, z, ctx)) ABORT;
                if (!BN_add(y, z, BN_value_one())) ABORT;
                if (BN_is_odd(y)) ABORT;
                if (!BN_rshift1(y, y)) ABORT;
@@ -792,22 +773,14 @@ void prime_field_tests()
        fprintf(stdout, "verify degree ..."); \
        if (EC_GROUP_get_degree(group) != _degree) ABORT; \
        fprintf(stdout, " ok\n"); \
-       fprintf(stdout, "verify group order ..."); \
-       fflush(stdout); \
-       if (!EC_GROUP_get_order(group, z, ctx)) ABORT; \
-       if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \
-       if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \
-       fprintf(stdout, "."); \
-       fflush(stdout); \
-       if (!EC_GROUP_precompute_mult(group, ctx)) ABORT; \
-       if (!EC_POINT_mul(group, Q, z, NULL, NULL, ctx)) ABORT; \
-       if (!EC_POINT_is_at_infinity(group, Q)) ABORT; \
-       fprintf(stdout, " ok\n"); \
+       group_order_tests(group); \
        if (!(_variable = EC_GROUP_new(EC_GROUP_method_of(group)))) ABORT; \
-       if (!EC_GROUP_copy(_variable, group)) ABORT;
+       if (!EC_GROUP_copy(_variable, group)) ABORT; \
 
-void char2_field_tests()
-       {       
+#ifndef OPENSSL_NO_EC2M
+
+static void char2_field_tests(void)
+       {
        BN_CTX *ctx = NULL;
        BIGNUM *p, *a, *b;
        EC_GROUP *group;
@@ -1239,8 +1212,9 @@ void char2_field_tests()
        if (C2_B571) EC_GROUP_free(C2_B571);
 
        }
+#endif
 
-void internal_curve_test(void)
+static void internal_curve_test(void)
        {
        EC_builtin_curve *curves = NULL;
        size_t crv_len = 0, n = 0;
@@ -1287,13 +1261,189 @@ void internal_curve_test(void)
                EC_GROUP_free(group);
                }
        if (ok)
-               fprintf(stdout, " ok\n");
+               fprintf(stdout, " ok\n\n");
        else
-               fprintf(stdout, " failed\n");
+               {
+               fprintf(stdout, " failed\n\n");
+               ABORT;
+               }
        OPENSSL_free(curves);
        return;
        }
 
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+/* nistp_test_params contains magic numbers for testing our optimized
+ * implementations of several NIST curves with characteristic > 3. */
+struct nistp_test_params
+       {
+       const EC_METHOD* (*meth) ();
+       int degree;
+       /* Qx, Qy and D are taken from
+        * http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/ECDSA_Prime.pdf
+        * Otherwise, values are standard curve parameters from FIPS 180-3 */
+       const char *p, *a, *b, *Qx, *Qy, *Gx, *Gy, *order, *d;
+       };
+
+static const struct nistp_test_params nistp_tests_params[] =
+       {
+               {
+               /* P-224 */
+               EC_GFp_nistp224_method,
+               224,
+               "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", /* p */
+               "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", /* a */
+               "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", /* b */
+               "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E", /* Qx */
+               "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555", /* Qy */
+               "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", /* Gx */
+               "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", /* Gy */
+               "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", /* order */
+               "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8", /* d */
+               },
+               {
+               /* P-256 */
+               EC_GFp_nistp256_method,
+               256,
+               "ffffffff00000001000000000000000000000000ffffffffffffffffffffffff", /* p */
+               "ffffffff00000001000000000000000000000000fffffffffffffffffffffffc", /* a */
+               "5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b", /* b */
+               "b7e08afdfe94bad3f1dc8c734798ba1c62b3a0ad1e9ea2a38201cd0889bc7a19", /* Qx */
+               "3603f747959dbf7a4bb226e41928729063adc7ae43529e61b563bbc606cc5e09", /* Qy */
+               "6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296", /* Gx */
+               "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5", /* Gy */
+               "ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551", /* order */
+               "c477f9f65c22cce20657faa5b2d1d8122336f851a508a1ed04e479c34985bf96", /* d */
+               },
+               {
+               /* P-521 */
+               EC_GFp_nistp521_method,
+               521,
+               "1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", /* p */
+               "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc", /* a */
+               "051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00", /* b */
+               "0098e91eef9a68452822309c52fab453f5f117c1da8ed796b255e9ab8f6410cca16e59df403a6bdc6ca467a37056b1e54b3005d8ac030decfeb68df18b171885d5c4", /* Qx */
+               "0164350c321aecfc1cca1ba4364c9b15656150b4b78d6a48d7d28e7f31985ef17be8554376b72900712c4b83ad668327231526e313f5f092999a4632fd50d946bc2e", /* Qy */
+               "c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66", /* Gx */
+               "11839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650", /* Gy */
+               "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409", /* order */
+               "0100085f47b8e1b8b11b7eb33028c0b2888e304bfc98501955b45bba1478dc184eeedf09b86a5f7c21994406072787205e69a63709fe35aa93ba333514b24f961722", /* d */
+               },
+       };
+
+void nistp_single_test(const struct nistp_test_params *test)
+       {
+       BN_CTX *ctx;
+       BIGNUM *p, *a, *b, *x, *y, *n, *m, *order;
+       EC_GROUP *NISTP;
+       EC_POINT *G, *P, *Q, *Q_CHECK;
+
+       fprintf(stdout, "\nNIST curve P-%d (optimised implementation):\n", test->degree);
+       ctx = BN_CTX_new();
+       p = BN_new();
+       a = BN_new();
+       b = BN_new();
+       x = BN_new(); y = BN_new();
+       m = BN_new(); n = BN_new(); order = BN_new();
+
+       NISTP = EC_GROUP_new(test->meth());
+       if(!NISTP) ABORT;
+       if (!BN_hex2bn(&p, test->p)) ABORT;
+       if (1 != BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) ABORT;
+       if (!BN_hex2bn(&a, test->a)) ABORT;
+       if (!BN_hex2bn(&b, test->b)) ABORT;
+       if (!EC_GROUP_set_curve_GFp(NISTP, p, a, b, ctx)) ABORT;
+       G = EC_POINT_new(NISTP);
+       P = EC_POINT_new(NISTP);
+       Q = EC_POINT_new(NISTP);
+       Q_CHECK = EC_POINT_new(NISTP);
+       if(!BN_hex2bn(&x, test->Qx)) ABORT;
+       if(!BN_hex2bn(&y, test->Qy)) ABORT;
+       if(!EC_POINT_set_affine_coordinates_GFp(NISTP, Q_CHECK, x, y, ctx)) ABORT;
+       if (!BN_hex2bn(&x, test->Gx)) ABORT;
+       if (!BN_hex2bn(&y, test->Gy)) ABORT;
+       if (!EC_POINT_set_affine_coordinates_GFp(NISTP, G, x, y, ctx)) ABORT;
+       if (!BN_hex2bn(&order, test->order)) ABORT;
+       if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT;
+
+       fprintf(stdout, "verify degree ... ");
+       if (EC_GROUP_get_degree(NISTP) != test->degree) ABORT;
+       fprintf(stdout, "ok\n");
+
+       fprintf(stdout, "NIST test vectors ... ");
+       if (!BN_hex2bn(&n, test->d)) ABORT;
+       /* fixed point multiplication */
+       EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
+       if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+       /* random point multiplication */
+       EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
+       if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+       /* set generator to P = 2*G, where G is the standard generator */
+       if (!EC_POINT_dbl(NISTP, P, G, ctx)) ABORT;
+       if (!EC_GROUP_set_generator(NISTP, P, order, BN_value_one())) ABORT;
+       /* set the scalar to m=n/2, where n is the NIST test scalar */
+       if (!BN_rshift(m, n, 1)) ABORT;
+
+       /* test the non-standard generator */
+       /* fixed point multiplication */
+       EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
+       if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+       /* random point multiplication */
+       EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
+       if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+       /* now repeat all tests with precomputation */
+       if (!EC_GROUP_precompute_mult(NISTP, ctx)) ABORT;
+
+       /* fixed point multiplication */
+       EC_POINT_mul(NISTP, Q, m, NULL, NULL, ctx);
+       if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+       /* random point multiplication */
+       EC_POINT_mul(NISTP, Q, NULL, P, m, ctx);
+       if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+       /* reset generator */
+       if (!EC_GROUP_set_generator(NISTP, G, order, BN_value_one())) ABORT;
+       /* fixed point multiplication */
+       EC_POINT_mul(NISTP, Q, n, NULL, NULL, ctx);
+       if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+       /* random point multiplication */
+       EC_POINT_mul(NISTP, Q, NULL, G, n, ctx);
+       if (0 != EC_POINT_cmp(NISTP, Q, Q_CHECK, ctx)) ABORT;
+
+       fprintf(stdout, "ok\n");
+       group_order_tests(NISTP);
+#if 0
+       timings(NISTP, TIMING_BASE_PT, ctx);
+       timings(NISTP, TIMING_RAND_PT, ctx);
+#endif
+       EC_GROUP_free(NISTP);
+       EC_POINT_free(G);
+       EC_POINT_free(P);
+       EC_POINT_free(Q);
+       EC_POINT_free(Q_CHECK);
+       BN_free(n);
+       BN_free(m);
+       BN_free(p);
+       BN_free(a);
+       BN_free(b);
+       BN_free(x);
+       BN_free(y);
+       BN_free(order);
+       BN_CTX_free(ctx);
+       }
+
+void nistp_tests()
+       {
+       unsigned i;
+
+       for (i = 0; i < sizeof(nistp_tests_params) / sizeof(struct nistp_test_params); i++)
+               {
+               nistp_single_test(&nistp_tests_params[i]);
+               }
+       }
+#endif
+
 static const char rnd_seed[] = "string to make the random number generator think it has entropy";
 
 int main(int argc, char *argv[])
@@ -1317,7 +1467,12 @@ int main(int argc, char *argv[])
 
        prime_field_tests();
        puts("");
+#ifndef OPENSSL_NO_EC2M
        char2_field_tests();
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+       nistp_tests();
+#endif
        /* test the internal curves */
        internal_curve_test();
 

diff --git a/deps/openssl/openssl/crypto/ecdh/Makefile b/deps/openssl/openssl/crypto/ecdh/Makefile
index 65d8904..ba05fea 100644 (file)
--- a/deps/openssl/openssl/crypto/ecdh/Makefile
+++ b/deps/openssl/openssl/crypto/ecdh/Makefile
@@ -84,17 +84,12 @@ ech_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
 ech_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 ech_err.o: ech_err.c
 ech_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-ech_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-ech_key.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-ech_key.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-ech_key.o: ../../include/openssl/engine.h ../../include/openssl/evp.h
-ech_key.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-ech_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-ech_key.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-ech_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
-ech_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-ech_key.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-ech_key.o: ../../include/openssl/x509_vfy.h ech_key.c ech_locl.h
+ech_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ech_key.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+ech_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+ech_key.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+ech_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ech_key.o: ech_key.c ech_locl.h
 ech_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 ech_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 ech_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

diff --git a/deps/openssl/openssl/crypto/ecdh/ecdh.h b/deps/openssl/openssl/crypto/ecdh/ecdh.h
index b4b58ee..8887102 100644 (file)
--- a/deps/openssl/openssl/crypto/ecdh/ecdh.h
+++ b/deps/openssl/openssl/crypto/ecdh/ecdh.h
@@ -109,11 +109,13 @@ void ERR_load_ECDH_strings(void);
 /* Error codes for the ECDH functions. */
 
 /* Function codes. */
+#define ECDH_F_ECDH_CHECK                               102
 #define ECDH_F_ECDH_COMPUTE_KEY                                 100
 #define ECDH_F_ECDH_DATA_NEW_METHOD                     101
 
 /* Reason codes. */
 #define ECDH_R_KDF_FAILED                               102
+#define ECDH_R_NON_FIPS_METHOD                          103
 #define ECDH_R_NO_PRIVATE_VALUE                                 100
 #define ECDH_R_POINT_ARITHMETIC_FAILURE                         101
 

diff --git a/deps/openssl/openssl/crypto/ecdh/ecdhtest.c b/deps/openssl/openssl/crypto/ecdh/ecdhtest.c
index 212a87e..823d7ba 100644 (file)
--- a/deps/openssl/openssl/crypto/ecdh/ecdhtest.c
+++ b/deps/openssl/openssl/crypto/ecdh/ecdhtest.c
@@ -158,11 +158,13 @@ static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
                if (!EC_POINT_get_affine_coordinates_GFp(group,
                        EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
                }
+#ifndef OPENSSL_NO_EC2M
        else
                {
                if (!EC_POINT_get_affine_coordinates_GF2m(group,
                        EC_KEY_get0_public_key(a), x_a, y_a, ctx)) goto err;
                }
+#endif
 #ifdef NOISY
        BIO_puts(out,"  pri 1=");
        BN_print(out,a->priv_key);
@@ -183,11 +185,13 @@ static int test_ecdh_curve(int nid, const char *text, BN_CTX *ctx, BIO *out)
                if (!EC_POINT_get_affine_coordinates_GFp(group, 
                        EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
                }
+#ifndef OPENSSL_NO_EC2M
        else
                {
                if (!EC_POINT_get_affine_coordinates_GF2m(group, 
                        EC_KEY_get0_public_key(b), x_b, y_b, ctx)) goto err;
                }
+#endif
 
 #ifdef NOISY
        BIO_puts(out,"  pri 2=");
@@ -324,6 +328,7 @@ int main(int argc, char *argv[])
        if (!test_ecdh_curve(NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out)) goto err;
        if (!test_ecdh_curve(NID_secp384r1, "NIST Prime-Curve P-384", ctx, out)) goto err;
        if (!test_ecdh_curve(NID_secp521r1, "NIST Prime-Curve P-521", ctx, out)) goto err;
+#ifndef OPENSSL_NO_EC2M
        /* NIST BINARY CURVES TESTS */
        if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
        if (!test_ecdh_curve(NID_sect163r2, "NIST Binary-Curve B-163", ctx, out)) goto err;
@@ -335,6 +340,7 @@ int main(int argc, char *argv[])
        if (!test_ecdh_curve(NID_sect409r1, "NIST Binary-Curve B-409", ctx, out)) goto err;
        if (!test_ecdh_curve(NID_sect571k1, "NIST Binary-Curve K-571", ctx, out)) goto err;
        if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out)) goto err;
+#endif
 
        ret = 0;
 

diff --git a/deps/openssl/openssl/crypto/ecdh/ech_err.c b/deps/openssl/openssl/crypto/ecdh/ech_err.c
index 6f4b0c9..3bd2473 100644 (file)
--- a/deps/openssl/openssl/crypto/ecdh/ech_err.c
+++ b/deps/openssl/openssl/crypto/ecdh/ech_err.c
@@ -1,6 +1,6 @@
 /* crypto/ecdh/ech_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -70,6 +70,7 @@
 
 static ERR_STRING_DATA ECDH_str_functs[]=
        {
+{ERR_FUNC(ECDH_F_ECDH_CHECK),  "ECDH_CHECK"},
 {ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY),    "ECDH_compute_key"},
 {ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD),        "ECDH_DATA_new_method"},
 {0,NULL}
@@ -78,6 +79,7 @@ static ERR_STRING_DATA ECDH_str_functs[]=
 static ERR_STRING_DATA ECDH_str_reasons[]=
        {
 {ERR_REASON(ECDH_R_KDF_FAILED)           ,"KDF failed"},
+{ERR_REASON(ECDH_R_NON_FIPS_METHOD)      ,"non fips method"},
 {ERR_REASON(ECDH_R_NO_PRIVATE_VALUE)     ,"no private value"},
 {ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE),"point arithmetic failure"},
 {0,NULL}

diff --git a/deps/openssl/openssl/crypto/ecdh/ech_key.c b/deps/openssl/openssl/crypto/ecdh/ech_key.c
index f44da92..2988899 100644 (file)
--- a/deps/openssl/openssl/crypto/ecdh/ech_key.c
+++ b/deps/openssl/openssl/crypto/ecdh/ech_key.c
@@ -68,9 +68,6 @@
  */
 
 #include "ech_locl.h"
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
 
 int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
        EC_KEY *eckey,

diff --git a/deps/openssl/openssl/crypto/ecdh/ech_lib.c b/deps/openssl/openssl/crypto/ecdh/ech_lib.c
index 4d8ea03..0644431 100644 (file)
--- a/deps/openssl/openssl/crypto/ecdh/ech_lib.c
+++ b/deps/openssl/openssl/crypto/ecdh/ech_lib.c
@@ -73,6 +73,9 @@
 #include <openssl/engine.h>
 #endif
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
 
@@ -90,7 +93,16 @@ void ECDH_set_default_method(const ECDH_METHOD *meth)
 const ECDH_METHOD *ECDH_get_default_method(void)
        {
        if(!default_ECDH_method) 
+               {
+#ifdef OPENSSL_FIPS
+               if (FIPS_mode())
+                       return FIPS_ecdh_openssl();
+               else
+                       return ECDH_OpenSSL();
+#else
                default_ECDH_method = ECDH_OpenSSL();
+#endif
+               }
        return default_ECDH_method;
        }
 
@@ -210,11 +222,26 @@ ECDH_DATA *ecdh_check(EC_KEY *key)
                ecdh_data = (ECDH_DATA *)ecdh_data_new();
                if (ecdh_data == NULL)
                        return NULL;
-               EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
-                       ecdh_data_dup, ecdh_data_free, ecdh_data_free);
+               data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
+                          ecdh_data_dup, ecdh_data_free, ecdh_data_free);
+               if (data != NULL)
+                       {
+                       /* Another thread raced us to install the key_method
+                        * data and won. */
+                       ecdh_data_free(ecdh_data);
+                       ecdh_data = (ECDH_DATA *)data;
+                       }
        }
        else
                ecdh_data = (ECDH_DATA *)data;
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(ecdh_data->flags & ECDH_FLAG_FIPS_METHOD)
+                       && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
+               {
+               ECDHerr(ECDH_F_ECDH_CHECK, ECDH_R_NON_FIPS_METHOD);
+               return NULL;
+               }
+#endif
        
 
        return ecdh_data;

diff --git a/deps/openssl/openssl/crypto/ecdh/ech_locl.h b/deps/openssl/openssl/crypto/ecdh/ech_locl.h
index f658526..f6cad6a 100644 (file)
--- a/deps/openssl/openssl/crypto/ecdh/ech_locl.h
+++ b/deps/openssl/openssl/crypto/ecdh/ech_locl.h
@@ -75,6 +75,14 @@ struct ecdh_method
        char *app_data;
        };
 
+/* If this flag is set the ECDH method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its responsibility
+ * to ensure the result is compliant.
+ */
+
+#define ECDH_FLAG_FIPS_METHOD  0x1
+
 typedef struct ecdh_data_st {
        /* EC_KEY_METH_DATA part */
        int (*init)(EC_KEY *);

diff --git a/deps/openssl/openssl/crypto/ecdh/ech_ossl.c b/deps/openssl/openssl/crypto/ecdh/ech_ossl.c
index 2a40ff1..4a30628 100644 (file)
--- a/deps/openssl/openssl/crypto/ecdh/ech_ossl.c
+++ b/deps/openssl/openssl/crypto/ecdh/ech_ossl.c
@@ -157,6 +157,7 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
                        goto err;
                        }
                }
+#ifndef OPENSSL_NO_EC2M
        else
                {
                if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) 
@@ -165,6 +166,7 @@ static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
                        goto err;
                        }
                }
+#endif
 
        buflen = (EC_GROUP_get_degree(group) + 7)/8;
        len = BN_num_bytes(x);

diff --git a/deps/openssl/openssl/crypto/ecdsa/ecdsa.h b/deps/openssl/openssl/crypto/ecdsa/ecdsa.h
index e61c539..7fb5254 100644 (file)
--- a/deps/openssl/openssl/crypto/ecdsa/ecdsa.h
+++ b/deps/openssl/openssl/crypto/ecdsa/ecdsa.h
@@ -238,6 +238,7 @@ void ERR_load_ECDSA_strings(void);
 /* Error codes for the ECDSA functions. */
 
 /* Function codes. */
+#define ECDSA_F_ECDSA_CHECK                             104
 #define ECDSA_F_ECDSA_DATA_NEW_METHOD                   100
 #define ECDSA_F_ECDSA_DO_SIGN                           101
 #define ECDSA_F_ECDSA_DO_VERIFY                                 102
@@ -249,6 +250,7 @@ void ERR_load_ECDSA_strings(void);
 #define ECDSA_R_ERR_EC_LIB                              102
 #define ECDSA_R_MISSING_PARAMETERS                      103
 #define ECDSA_R_NEED_NEW_SETUP_VALUES                   106
+#define ECDSA_R_NON_FIPS_METHOD                                 107
 #define ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED                 104
 #define ECDSA_R_SIGNATURE_MALLOC_FAILED                         105
 

diff --git a/deps/openssl/openssl/crypto/ecdsa/ecdsatest.c b/deps/openssl/openssl/crypto/ecdsa/ecdsatest.c
index 54cfb8c..537bb30 100644 (file)
--- a/deps/openssl/openssl/crypto/ecdsa/ecdsatest.c
+++ b/deps/openssl/openssl/crypto/ecdsa/ecdsatest.c
@@ -262,6 +262,7 @@ int x9_62_tests(BIO *out)
                "3238135532097973577080787768312505059318910517550078427819"
                "78505179448783"))
                goto x962_err;
+#ifndef OPENSSL_NO_EC2M
        if (!x9_62_test_internal(out, NID_X9_62_c2tnb191v1,
                "87194383164871543355722284926904419997237591535066528048",
                "308992691965804947361541664549085895292153777025772063598"))
@@ -272,7 +273,7 @@ int x9_62_tests(BIO *out)
                "1970303740007316867383349976549972270528498040721988191026"
                "49413465737174"))
                goto x962_err;
-
+#endif
        ret = 1;
 x962_err:
        if (!restore_rand())
@@ -289,7 +290,8 @@ int test_builtin(BIO *out)
        ECDSA_SIG       *ecdsa_sig = NULL;
        unsigned char   digest[20], wrong_digest[20];
        unsigned char   *signature = NULL;
-       unsigned char   *sig_ptr;
+       const unsigned char     *sig_ptr;
+       unsigned char   *sig_ptr2;
        unsigned char   *raw_buf = NULL;
        unsigned int    sig_len, degree, r_len, s_len, bn_len, buf_len;
        int             nid, ret =  0;
@@ -464,8 +466,8 @@ int test_builtin(BIO *out)
                        (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
                        goto builtin_err;
 
-               sig_ptr = signature;
-               sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr);
+               sig_ptr2 = signature;
+               sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
                if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) == 1)
                        {
                        BIO_printf(out, " failed\n");
@@ -477,8 +479,8 @@ int test_builtin(BIO *out)
                        (BN_bin2bn(raw_buf + bn_len, bn_len, ecdsa_sig->s) == NULL))
                        goto builtin_err;
 
-               sig_ptr = signature;
-               sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr);
+               sig_ptr2 = signature;
+               sig_len = i2d_ECDSA_SIG(ecdsa_sig, &sig_ptr2);
                if (ECDSA_verify(0, digest, 20, signature, sig_len, eckey) != 1)
                        {
                        BIO_printf(out, " failed\n");

diff --git a/deps/openssl/openssl/crypto/ecdsa/ecs_err.c b/deps/openssl/openssl/crypto/ecdsa/ecs_err.c
index 98e38d5..81542e6 100644 (file)
--- a/deps/openssl/openssl/crypto/ecdsa/ecs_err.c
+++ b/deps/openssl/openssl/crypto/ecdsa/ecs_err.c
@@ -1,6 +1,6 @@
 /* crypto/ecdsa/ecs_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -70,6 +70,7 @@
 
 static ERR_STRING_DATA ECDSA_str_functs[]=
        {
+{ERR_FUNC(ECDSA_F_ECDSA_CHECK),        "ECDSA_CHECK"},
 {ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD),      "ECDSA_DATA_NEW_METHOD"},
 {ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN),      "ECDSA_do_sign"},
 {ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY),    "ECDSA_do_verify"},
@@ -84,6 +85,7 @@ static ERR_STRING_DATA ECDSA_str_reasons[]=
 {ERR_REASON(ECDSA_R_ERR_EC_LIB)          ,"err ec lib"},
 {ERR_REASON(ECDSA_R_MISSING_PARAMETERS)  ,"missing parameters"},
 {ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES),"need new setup values"},
+{ERR_REASON(ECDSA_R_NON_FIPS_METHOD)     ,"non fips method"},
 {ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED),"random number generation failed"},
 {ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED),"signature malloc failed"},
 {0,NULL}

diff --git a/deps/openssl/openssl/crypto/ecdsa/ecs_lib.c b/deps/openssl/openssl/crypto/ecdsa/ecs_lib.c
index 2ebae3a..814a6bf 100644 (file)
--- a/deps/openssl/openssl/crypto/ecdsa/ecs_lib.c
+++ b/deps/openssl/openssl/crypto/ecdsa/ecs_lib.c
@@ -60,6 +60,9 @@
 #endif
 #include <openssl/err.h>
 #include <openssl/bn.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT;
 
@@ -77,7 +80,16 @@ void ECDSA_set_default_method(const ECDSA_METHOD *meth)
 const ECDSA_METHOD *ECDSA_get_default_method(void)
 {
        if(!default_ECDSA_method) 
+               {
+#ifdef OPENSSL_FIPS
+               if (FIPS_mode())
+                       return FIPS_ecdsa_openssl();
+               else
+                       return ECDSA_OpenSSL();
+#else
                default_ECDSA_method = ECDSA_OpenSSL();
+#endif
+               }
        return default_ECDSA_method;
 }
 
@@ -188,12 +200,26 @@ ECDSA_DATA *ecdsa_check(EC_KEY *key)
                ecdsa_data = (ECDSA_DATA *)ecdsa_data_new();
                if (ecdsa_data == NULL)
                        return NULL;
-               EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
-                       ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free);
+               data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
+                          ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free);
+               if (data != NULL)
+                       {
+                       /* Another thread raced us to install the key_method
+                        * data and won. */
+                       ecdsa_data_free(ecdsa_data);
+                       ecdsa_data = (ECDSA_DATA *)data;
+                       }
        }
        else
                ecdsa_data = (ECDSA_DATA *)data;
-       
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(ecdsa_data->flags & ECDSA_FLAG_FIPS_METHOD)
+                       && !(EC_KEY_get_flags(key) & EC_FLAG_NON_FIPS_ALLOW))
+               {
+               ECDSAerr(ECDSA_F_ECDSA_CHECK, ECDSA_R_NON_FIPS_METHOD);
+               return NULL;
+               }
+#endif
 
        return ecdsa_data;
 }

diff --git a/deps/openssl/openssl/crypto/ecdsa/ecs_locl.h b/deps/openssl/openssl/crypto/ecdsa/ecs_locl.h
index 3a69a84..cb3be13 100644 (file)
--- a/deps/openssl/openssl/crypto/ecdsa/ecs_locl.h
+++ b/deps/openssl/openssl/crypto/ecdsa/ecs_locl.h
@@ -82,6 +82,14 @@ struct ecdsa_method
        char *app_data;
        };
 
+/* If this flag is set the ECDSA method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its responsibility
+ * to ensure the result is compliant.
+ */
+
+#define ECDSA_FLAG_FIPS_METHOD 0x1
+
 typedef struct ecdsa_data_st {
        /* EC_KEY_METH_DATA part */
        int (*init)(EC_KEY *);

diff --git a/deps/openssl/openssl/crypto/ecdsa/ecs_ossl.c b/deps/openssl/openssl/crypto/ecdsa/ecs_ossl.c
index 1bbf328..7725935 100644 (file)
--- a/deps/openssl/openssl/crypto/ecdsa/ecs_ossl.c
+++ b/deps/openssl/openssl/crypto/ecdsa/ecs_ossl.c
@@ -167,6 +167,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
                                goto err;
                        }
                }
+#ifndef OPENSSL_NO_EC2M
                else /* NID_X9_62_characteristic_two_field */
                {
                        if (!EC_POINT_get_affine_coordinates_GF2m(group,
@@ -176,6 +177,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
                                goto err;
                        }
                }
+#endif
                if (!BN_nnmod(r, X, order, ctx))
                {
                        ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
@@ -454,6 +456,7 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
                        goto err;
                }
        }
+#ifndef OPENSSL_NO_EC2M
        else /* NID_X9_62_characteristic_two_field */
        {
                if (!EC_POINT_get_affine_coordinates_GF2m(group,
@@ -463,7 +466,7 @@ static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
                        goto err;
                }
        }
-       
+#endif 
        if (!BN_nnmod(u1, X, order, ctx))
        {
                ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);

diff --git a/deps/openssl/openssl/crypto/engine/Makefile b/deps/openssl/openssl/crypto/engine/Makefile
index 9c21482..d29bdd0 100644 (file)
--- a/deps/openssl/openssl/crypto/engine/Makefile
+++ b/deps/openssl/openssl/crypto/engine/Makefile
@@ -21,12 +21,14 @@ LIBSRC= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c \
        eng_table.c eng_pkey.c eng_fat.c eng_all.c \
        tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
        tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c \
-       eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c
+       eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c \
+       eng_rsax.c eng_rdrand.c
 LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
        eng_table.o eng_pkey.o eng_fat.o eng_all.o \
        tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
        tb_cipher.o tb_digest.o tb_pkmeth.o tb_asnmth.o \
-       eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o
+       eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o \
+       eng_rsax.o eng_rdrand.o
 
 SRC= $(LIBSRC)
 
@@ -249,6 +251,34 @@ eng_pkey.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 eng_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 eng_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
 eng_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h eng_pkey.c
+eng_rdrand.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_rdrand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+eng_rdrand.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+eng_rdrand.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+eng_rdrand.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+eng_rdrand.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+eng_rdrand.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+eng_rdrand.o: ../../include/openssl/opensslconf.h
+eng_rdrand.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_rdrand.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+eng_rdrand.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_rdrand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_rdrand.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_rdrand.o: eng_rdrand.c
+eng_rsax.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+eng_rsax.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+eng_rsax.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+eng_rsax.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+eng_rsax.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
+eng_rsax.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+eng_rsax.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+eng_rsax.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+eng_rsax.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+eng_rsax.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+eng_rsax.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+eng_rsax.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+eng_rsax.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+eng_rsax.o: eng_rsax.c
 eng_table.o: ../../e_os.h ../../include/openssl/asn1.h
 eng_table.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 eng_table.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h

diff --git a/deps/openssl/openssl/crypto/engine/eng_all.c b/deps/openssl/openssl/crypto/engine/eng_all.c
index 22c1204..6093376 100644 (file)
--- a/deps/openssl/openssl/crypto/engine/eng_all.c
+++ b/deps/openssl/openssl/crypto/engine/eng_all.c
@@ -61,6 +61,8 @@
 
 void ENGINE_load_builtin_engines(void)
        {
+       /* Some ENGINEs need this */
+       OPENSSL_cpuid_setup();
 #if 0
        /* There's no longer any need for an "openssl" ENGINE unless, one day,
         * it is the *only* way for standard builtin implementations to be be
@@ -71,6 +73,12 @@ void ENGINE_load_builtin_engines(void)
 #if !defined(OPENSSL_NO_HW) && (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV))
        ENGINE_load_cryptodev();
 #endif
+#ifndef OPENSSL_NO_RSAX
+       ENGINE_load_rsax();
+#endif
+#ifndef OPENSSL_NO_RDRAND
+       ENGINE_load_rdrand();
+#endif
        ENGINE_load_dynamic();
 #ifndef OPENSSL_NO_STATIC_ENGINE
 #ifndef OPENSSL_NO_HW
@@ -112,6 +120,7 @@ void ENGINE_load_builtin_engines(void)
        ENGINE_load_capi();
 #endif
 #endif
+       ENGINE_register_all_complete();
        }
 
 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)

diff --git a/deps/openssl/openssl/crypto/engine/eng_cryptodev.c b/deps/openssl/openssl/crypto/engine/eng_cryptodev.c
index 52f4ca3..5a715ac 100644 (file)
--- a/deps/openssl/openssl/crypto/engine/eng_cryptodev.c
+++ b/deps/openssl/openssl/crypto/engine/eng_cryptodev.c
@@ -79,8 +79,6 @@ struct dev_crypto_state {
        unsigned char digest_res[HASH_MAX_LEN];
        char *mac_data;
        int mac_len;
-
-       int copy;
 #endif
 };
 
@@ -200,6 +198,7 @@ get_dev_crypto(void)
 
        if ((fd = open_dev_crypto()) == -1)
                return (-1);
+#ifndef CRIOGET_NOT_NEEDED
        if (ioctl(fd, CRIOGET, &retfd) == -1)
                return (-1);
 
@@ -208,9 +207,19 @@ get_dev_crypto(void)
                close(retfd);
                return (-1);
        }
+#else
+        retfd = fd;
+#endif
        return (retfd);
 }
 
+static void put_dev_crypto(int fd)
+{
+#ifndef CRIOGET_NOT_NEEDED
+       close(fd);
+#endif
+}
+
 /* Caching version for asym operations */
 static int
 get_asym_dev_crypto(void)
@@ -252,7 +261,7 @@ get_cryptodev_ciphers(const int **cnids)
                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
                        nids[count++] = ciphers[i].nid;
        }
-       close(fd);
+       put_dev_crypto(fd);
 
        if (count > 0)
                *cnids = nids;
@@ -291,7 +300,7 @@ get_cryptodev_digests(const int **cnids)
                    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
                        nids[count++] = digests[i].nid;
        }
-       close(fd);
+       put_dev_crypto(fd);
 
        if (count > 0)
                *cnids = nids;
@@ -436,7 +445,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        sess->cipher = cipher;
 
        if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-               close(state->d_fd);
+               put_dev_crypto(state->d_fd);
                state->d_fd = -1;
                return (0);
        }
@@ -473,7 +482,7 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
        } else {
                ret = 1;
        }
-       close(state->d_fd);
+       put_dev_crypto(state->d_fd);
        state->d_fd = -1;
 
        return (ret);
@@ -686,7 +695,7 @@ static int cryptodev_digest_init(EVP_MD_CTX *ctx)
        sess->mac = digest;
 
        if (ioctl(state->d_fd, CIOCGSESSION, sess) < 0) {
-               close(state->d_fd);
+               put_dev_crypto(state->d_fd);
                state->d_fd = -1;
                printf("cryptodev_digest_init: Open session failed\n");
                return (0);
@@ -758,14 +767,12 @@ static int cryptodev_digest_final(EVP_MD_CTX *ctx, unsigned char *md)
        if (! (ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) ) {
                /* if application doesn't support one buffer */
                memset(&cryp, 0, sizeof(cryp));
-
                cryp.ses = sess->ses;
                cryp.flags = 0;
                cryp.len = state->mac_len;
                cryp.src = state->mac_data;
                cryp.dst = NULL;
                cryp.mac = (caddr_t)md;
-
                if (ioctl(state->d_fd, CIOCCRYPT, &cryp) < 0) {
                        printf("cryptodev_digest_final: digest failed\n");
                        return (0);
@@ -786,6 +793,9 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
        struct dev_crypto_state *state = ctx->md_data;
        struct session_op *sess = &state->d_sess;
 
+       if (state == NULL)
+         return 0;
+
        if (state->d_fd < 0) {
                printf("cryptodev_digest_cleanup: illegal input\n");
                return (0);
@@ -797,16 +807,13 @@ static int cryptodev_digest_cleanup(EVP_MD_CTX *ctx)
                state->mac_len = 0;
        }
 
-       if (state->copy)
-               return 1;
-
        if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) < 0) {
                printf("cryptodev_digest_cleanup: failed to close session\n");
                ret = 0;
        } else {
                ret = 1;
        }
-       close(state->d_fd);     
+       put_dev_crypto(state->d_fd);    
        state->d_fd = -1;
 
        return (ret);
@@ -816,15 +823,39 @@ static int cryptodev_digest_copy(EVP_MD_CTX *to,const EVP_MD_CTX *from)
 {
        struct dev_crypto_state *fstate = from->md_data;
        struct dev_crypto_state *dstate = to->md_data;
+       struct session_op *sess;
+       int digest;
 
-       memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
+       if (dstate == NULL || fstate == NULL)
+         return 1;
 
-       if (fstate->mac_len != 0) {
-               dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
-               memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+               memcpy(dstate, fstate, sizeof(struct dev_crypto_state));
+
+       sess = &dstate->d_sess;
+
+       digest = digest_nid_to_cryptodev(to->digest->type);
+
+       sess->mackey = dstate->dummy_mac_key;
+       sess->mackeylen = digest_key_length(to->digest->type);
+       sess->mac = digest;
+
+       dstate->d_fd = get_dev_crypto();
+
+       if (ioctl(dstate->d_fd, CIOCGSESSION, sess) < 0) {
+               put_dev_crypto(dstate->d_fd);
+               dstate->d_fd = -1;
+               printf("cryptodev_digest_init: Open session failed\n");
+               return (0);
        }
 
-       dstate->copy = 1;
+       if (fstate->mac_len != 0) {
+               if (fstate->mac_data != NULL)
+                       {
+                       dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+                       memcpy(dstate->mac_data, fstate->mac_data, fstate->mac_len);
+                       dstate->mac_len = fstate->mac_len;
+                       }
+       }
 
        return 1;
 }
@@ -1347,11 +1378,11 @@ ENGINE_load_cryptodev(void)
         * find out what asymmetric crypto algorithms we support
         */
        if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
-               close(fd);
+               put_dev_crypto(fd);
                ENGINE_free(engine);
                return;
        }
-       close(fd);
+       put_dev_crypto(fd);
 
        if (!ENGINE_set_id(engine, "cryptodev") ||
            !ENGINE_set_name(engine, "BSD cryptodev engine") ||

diff --git a/deps/openssl/openssl/crypto/engine/eng_fat.c b/deps/openssl/openssl/crypto/engine/eng_fat.c
index db66e62..789b8d5 100644 (file)
--- a/deps/openssl/openssl/crypto/engine/eng_fat.c
+++ b/deps/openssl/openssl/crypto/engine/eng_fat.c
@@ -176,6 +176,7 @@ int ENGINE_register_all_complete(void)
        ENGINE *e;
 
        for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-               ENGINE_register_complete(e);
+               if (!(e->flags & ENGINE_FLAGS_NO_REGISTER_ALL))
+                       ENGINE_register_complete(e);
        return 1;
        }

diff --git a/deps/openssl/openssl/crypto/engine/engine.h b/deps/openssl/openssl/crypto/engine/engine.h
index 943aeae..f8be497 100644 (file)
--- a/deps/openssl/openssl/crypto/engine/engine.h
+++ b/deps/openssl/openssl/crypto/engine/engine.h
@@ -141,6 +141,13 @@ extern "C" {
  * the existing ENGINE's structural reference count. */
 #define ENGINE_FLAGS_BY_ID_COPY                (int)0x0004
 
+/* This flag if for an ENGINE that does not want its methods registered as 
+ * part of ENGINE_register_all_complete() for example if the methods are
+ * not usable as default methods.
+ */
+
+#define ENGINE_FLAGS_NO_REGISTER_ALL   (int)0x0008
+
 /* ENGINEs can support their own command types, and these flags are used in
  * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each
  * command expects. Currently only numeric and string input is supported. If a
@@ -344,6 +351,8 @@ void ENGINE_load_gost(void);
 #endif
 #endif
 void ENGINE_load_cryptodev(void);
+void ENGINE_load_rsax(void);
+void ENGINE_load_rdrand(void);
 void ENGINE_load_builtin_engines(void);
 
 /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation

diff --git a/deps/openssl/openssl/crypto/err/err.c b/deps/openssl/openssl/crypto/err/err.c
index 69713a6..fcdb244 100644 (file)
--- a/deps/openssl/openssl/crypto/err/err.c
+++ b/deps/openssl/openssl/crypto/err/err.c
@@ -1066,6 +1066,13 @@ void ERR_set_error_data(char *data, int flags)
 void ERR_add_error_data(int num, ...)
        {
        va_list args;
+       va_start(args, num);
+       ERR_add_error_vdata(num, args);
+       va_end(args);
+       }
+
+void ERR_add_error_vdata(int num, va_list args)
+       {
        int i,n,s;
        char *str,*p,*a;
 
@@ -1074,7 +1081,6 @@ void ERR_add_error_data(int num, ...)
        if (str == NULL) return;
        str[0]='\0';
 
-       va_start(args, num);
        n=0;
        for (i=0; i<num; i++)
                {
@@ -1090,7 +1096,7 @@ void ERR_add_error_data(int num, ...)
                                if (p == NULL)
                                        {
                                        OPENSSL_free(str);
-                                       goto err;
+                                       return;
                                        }
                                else
                                        str=p;
@@ -1099,9 +1105,6 @@ void ERR_add_error_data(int num, ...)
                        }
                }
        ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
-
-err:
-       va_end(args);
        }
 
 int ERR_set_mark(void)

diff --git a/deps/openssl/openssl/crypto/err/err.h b/deps/openssl/openssl/crypto/err/err.h
index b9f8c16..974cc9c 100644 (file)
--- a/deps/openssl/openssl/crypto/err/err.h
+++ b/deps/openssl/openssl/crypto/err/err.h
@@ -344,8 +344,9 @@ void ERR_print_errors_fp(FILE *fp);
 #endif
 #ifndef OPENSSL_NO_BIO
 void ERR_print_errors(BIO *bp);
-void ERR_add_error_data(int num, ...);
 #endif
+void ERR_add_error_data(int num, ...);
+void ERR_add_error_vdata(int num, va_list args);
 void ERR_load_strings(int lib,ERR_STRING_DATA str[]);
 void ERR_unload_strings(int lib,ERR_STRING_DATA str[]);
 void ERR_load_ERR_strings(void);

diff --git a/deps/openssl/openssl/crypto/err/err_all.c b/deps/openssl/openssl/crypto/err/err_all.c
index fc049e8..8eb547d 100644 (file)
--- a/deps/openssl/openssl/crypto/err/err_all.c
+++ b/deps/openssl/openssl/crypto/err/err_all.c
@@ -64,7 +64,9 @@
 #endif
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
+#endif
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
@@ -95,6 +97,9 @@
 #include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 #include <openssl/ts.h>
 #ifndef OPENSSL_NO_CMS
 #include <openssl/cms.h>
@@ -102,7 +107,6 @@
 #ifndef OPENSSL_NO_JPAKE
 #include <openssl/jpake.h>
 #endif
-#include <openssl/comp.h>
 
 void ERR_load_crypto_strings(void)
        {
@@ -126,7 +130,9 @@ void ERR_load_crypto_strings(void)
        ERR_load_ASN1_strings();
        ERR_load_CONF_strings();
        ERR_load_CRYPTO_strings();
+#ifndef OPENSSL_NO_COMP
        ERR_load_COMP_strings();
+#endif
 #ifndef OPENSSL_NO_EC
        ERR_load_EC_strings();
 #endif
@@ -149,12 +155,14 @@ void ERR_load_crypto_strings(void)
 #endif
        ERR_load_OCSP_strings();
        ERR_load_UI_strings();
+#ifdef OPENSSL_FIPS
+       ERR_load_FIPS_strings();
+#endif
 #ifndef OPENSSL_NO_CMS
        ERR_load_CMS_strings();
 #endif
 #ifndef OPENSSL_NO_JPAKE
        ERR_load_JPAKE_strings();
 #endif
-       ERR_load_COMP_strings();
 #endif
        }

diff --git a/deps/openssl/openssl/crypto/evp/Makefile b/deps/openssl/openssl/crypto/evp/Makefile
index 82825e5..1e46ceb 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/Makefile
+++ b/deps/openssl/openssl/crypto/evp/Makefile
@@ -18,7 +18,7 @@ TESTDATA=evptests.txt
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
+LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \
        e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c\
        e_rc4.c e_aes.c names.c e_seed.c \
        e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
@@ -28,9 +28,10 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \
        bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
        c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
        evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
-       e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c
+       e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c evp_fips.c \
+       e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
 
-LIBOBJ=        encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
+LIBOBJ=        encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
        e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
        e_rc4.o e_aes.o names.o e_seed.o \
        e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
@@ -40,7 +41,8 @@ LIBOBJ=       encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \
        bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
        c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
        evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
-       e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o
+       e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o evp_fips.o \
+       e_aes_cbc_hmac_sha1.o e_rc4_hmac_md5.o
 
 SRC= $(LIBSRC)
 
@@ -65,7 +67,7 @@ files:
 links:
        @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
        @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
-       cp $(TESTDATA) ../../test
+       [ ! -f $(TESTDATA) ] || cp $(TESTDATA) ../../test
        @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
 
 install:
@@ -189,11 +191,27 @@ e_aes.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
 e_aes.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
 e_aes.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
 e_aes.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-e_aes.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-e_aes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-e_aes.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h e_aes.c
-e_aes.o: evp_locl.h
+e_aes.o: ../../include/openssl/modes.h ../../include/openssl/obj_mac.h
+e_aes.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+e_aes.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+e_aes.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+e_aes.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+e_aes.o: ../modes/modes_lcl.h e_aes.c evp_locl.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/aes.h ../../include/openssl/asn1.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/bio.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/crypto.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/e_os2.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/evp.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/obj_mac.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/objects.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/opensslconf.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/opensslv.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/ossl_typ.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/safestack.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/sha.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/stack.h
+e_aes_cbc_hmac_sha1.o: ../../include/openssl/symhacks.h e_aes_cbc_hmac_sha1.c
+e_aes_cbc_hmac_sha1.o: evp_locl.h
 e_bf.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/buffer.h
 e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -279,7 +297,18 @@ e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 e_rc4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
 e_rc4.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
-e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c
+e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h e_rc4.c evp_locl.h
+e_rc4_hmac_md5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+e_rc4_hmac_md5.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+e_rc4_hmac_md5.o: ../../include/openssl/evp.h ../../include/openssl/md5.h
+e_rc4_hmac_md5.o: ../../include/openssl/obj_mac.h
+e_rc4_hmac_md5.o: ../../include/openssl/objects.h
+e_rc4_hmac_md5.o: ../../include/openssl/opensslconf.h
+e_rc4_hmac_md5.o: ../../include/openssl/opensslv.h
+e_rc4_hmac_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
+e_rc4_hmac_md5.o: ../../include/openssl/safestack.h
+e_rc4_hmac_md5.o: ../../include/openssl/stack.h
+e_rc4_hmac_md5.o: ../../include/openssl/symhacks.h e_rc4_hmac_md5.c
 e_rc5.o: ../../e_os.h ../../include/openssl/bio.h
 e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 e_rc5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
@@ -327,6 +356,20 @@ evp_acnf.o: ../../include/openssl/opensslconf.h
 evp_acnf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 evp_acnf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 evp_acnf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_acnf.c
+evp_cnf.o: ../../e_os.h ../../include/openssl/asn1.h
+evp_cnf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+evp_cnf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+evp_cnf.o: ../../include/openssl/dso.h ../../include/openssl/e_os2.h
+evp_cnf.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+evp_cnf.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+evp_cnf.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+evp_cnf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+evp_cnf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+evp_cnf.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+evp_cnf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+evp_cnf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+evp_cnf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+evp_cnf.o: ../../include/openssl/x509v3.h ../cryptlib.h evp_cnf.c
 evp_enc.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_enc.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -349,6 +392,13 @@ evp_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
 evp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 evp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 evp_err.o: ../../include/openssl/symhacks.h evp_err.c
+evp_fips.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+evp_fips.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+evp_fips.o: ../../include/openssl/evp.h ../../include/openssl/obj_mac.h
+evp_fips.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+evp_fips.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+evp_fips.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+evp_fips.o: ../../include/openssl/symhacks.h evp_fips.c
 evp_key.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_key.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -383,7 +433,7 @@ evp_pbe.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs12.h
 evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 evp_pbe.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 evp_pbe.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_pbe.c
+evp_pbe.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h evp_pbe.c
 evp_pkey.o: ../../e_os.h ../../include/openssl/asn1.h
 evp_pkey.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
@@ -401,28 +451,22 @@ evp_pkey.o: ../asn1/asn1_locl.h ../cryptlib.h evp_pkey.c
 m_dss.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_dss.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_dss.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_dss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_dss.o: ../cryptlib.h m_dss.c
 m_dss1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_dss1.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-m_dss1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-m_dss1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-m_dss1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
-m_dss1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+m_dss1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+m_dss1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+m_dss1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_dss1.o: ../cryptlib.h m_dss1.c
 m_ecdsa.o: ../../e_os.h ../../include/openssl/asn1.h
 m_ecdsa.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
@@ -456,7 +500,7 @@ m_md4.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 m_md4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 m_md4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 m_md4.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md4.c
+m_md4.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_md4.c
 m_md5.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_md5.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -469,7 +513,7 @@ m_md5.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
 m_md5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 m_md5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 m_md5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_md5.c
+m_md5.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_md5.c
 m_mdc2.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_mdc2.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
@@ -484,7 +528,7 @@ m_mdc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 m_mdc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 m_mdc2.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
 m_mdc2.o: ../../include/openssl/ui_compat.h ../../include/openssl/x509.h
-m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_mdc2.c
+m_mdc2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h m_mdc2.c
 m_null.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_null.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -510,7 +554,8 @@ m_ripemd.o: ../../include/openssl/pkcs7.h ../../include/openssl/ripemd.h
 m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h m_ripemd.c
+m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
+m_ripemd.o: m_ripemd.c
 m_sha.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 m_sha.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -523,19 +568,16 @@ m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
 m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_sha.o: ../cryptlib.h m_sha.c
+m_sha.o: ../cryptlib.h evp_locl.h m_sha.c
 m_sha1.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-m_sha1.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-m_sha1.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-m_sha1.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-m_sha1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+m_sha1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+m_sha1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+m_sha1.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
 m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 m_sha1.o: ../cryptlib.h m_sha1.c
 m_sigver.o: ../../e_os.h ../../include/openssl/asn1.h
 m_sigver.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
@@ -563,7 +605,7 @@ m_wp.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 m_wp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 m_wp.o: ../../include/openssl/symhacks.h ../../include/openssl/whrlpool.h
 m_wp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-m_wp.o: ../cryptlib.h m_wp.c
+m_wp.o: ../cryptlib.h evp_locl.h m_wp.c
 names.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 names.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 names.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
@@ -601,7 +643,8 @@ p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 p5_crpt2.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
 p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h p5_crpt2.c
+p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h evp_locl.h
+p5_crpt2.o: p5_crpt2.c
 p_dec.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
 p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 p_dec.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h

diff --git a/deps/openssl/openssl/crypto/evp/bio_md.c b/deps/openssl/openssl/crypto/evp/bio_md.c
index 9841e32..144fdfd 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/bio_md.c
+++ b/deps/openssl/openssl/crypto/evp/bio_md.c
@@ -153,8 +153,12 @@ static int md_write(BIO *b, const char *in, int inl)
                {
                if (ret > 0)
                        {
-                       EVP_DigestUpdate(ctx,(const unsigned char *)in,
-                               (unsigned int)ret);
+                       if (!EVP_DigestUpdate(ctx,(const unsigned char *)in,
+                               (unsigned int)ret))
+                               {
+                               BIO_clear_retry_flags(b);
+                               return 0;
+                               }
                        }
                }
        if(b->next_bio != NULL)
@@ -220,7 +224,8 @@ static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
        case BIO_CTRL_DUP:
                dbio=ptr;
                dctx=dbio->ptr;
-               EVP_MD_CTX_copy_ex(dctx,ctx);
+               if (!EVP_MD_CTX_copy_ex(dctx,ctx))
+                       return 0;
                b->init=1;
                break;
        default:

diff --git a/deps/openssl/openssl/crypto/evp/bio_ok.c b/deps/openssl/openssl/crypto/evp/bio_ok.c
index 98bc1ab..e643353 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/bio_ok.c
+++ b/deps/openssl/openssl/crypto/evp/bio_ok.c
@@ -133,10 +133,10 @@ static int ok_new(BIO *h);
 static int ok_free(BIO *data);
 static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
 
-static void sig_out(BIO* b);
-static void sig_in(BIO* b);
-static void block_out(BIO* b);
-static void block_in(BIO* b);
+static int sig_out(BIO* b);
+static int sig_in(BIO* b);
+static int block_out(BIO* b);
+static int block_in(BIO* b);
 #define OK_BLOCK_SIZE  (1024*4)
 #define OK_BLOCK_BLOCK 4
 #define IOBS           (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
@@ -266,10 +266,24 @@ static int ok_read(BIO *b, char *out, int outl)
                ctx->buf_len+= i;
 
                /* no signature yet -- check if we got one */
-               if (ctx->sigio == 1) sig_in(b);
+               if (ctx->sigio == 1)
+                       {
+                       if (!sig_in(b))
+                               {
+                               BIO_clear_retry_flags(b);
+                               return 0;
+                               }
+                       }
 
                /* signature ok -- check if we got block */
-               if (ctx->sigio == 0) block_in(b);
+               if (ctx->sigio == 0)
+                       {
+                       if (!block_in(b))
+                               {
+                               BIO_clear_retry_flags(b);
+                               return 0;
+                               }
+                       }
 
                /* invalid block -- cancel */
                if (ctx->cont <= 0) break;
@@ -293,7 +307,8 @@ static int ok_write(BIO *b, const char *in, int inl)
 
        if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
 
-       if(ctx->sigio) sig_out(b);
+       if(ctx->sigio && !sig_out(b))
+               return 0;
 
        do{
                BIO_clear_retry_flags(b);
@@ -332,7 +347,11 @@ static int ok_write(BIO *b, const char *in, int inl)
 
                if(ctx->buf_len >= OK_BLOCK_SIZE+ OK_BLOCK_BLOCK)
                        {
-                       block_out(b);
+                       if (!block_out(b))
+                               {
+                               BIO_clear_retry_flags(b);
+                               return 0;
+                               }
                        }
        }while(inl > 0);
 
@@ -379,7 +398,8 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
        case BIO_CTRL_FLUSH:
                /* do a final write */
                if(ctx->blockout == 0)
-                       block_out(b);
+                       if (!block_out(b))
+                               return 0;
 
                while (ctx->blockout)
                        {
@@ -408,7 +428,8 @@ static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
                break;
        case BIO_C_SET_MD:
                md=ptr;
-               EVP_DigestInit_ex(&ctx->md, md, NULL);
+               if (!EVP_DigestInit_ex(&ctx->md, md, NULL))
+                       return 0;
                b->init=1;
                break;
        case BIO_C_GET_MD:
@@ -455,7 +476,7 @@ static void longswap(void *_ptr, size_t len)
        }
 }
 
-static void sig_out(BIO* b)
+static int sig_out(BIO* b)
        {
        BIO_OK_CTX *ctx;
        EVP_MD_CTX *md;
@@ -463,9 +484,10 @@ static void sig_out(BIO* b)
        ctx=b->ptr;
        md=&ctx->md;
 
-       if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return;
+       if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return 1;
 
-       EVP_DigestInit_ex(md, md->digest, NULL);
+       if (!EVP_DigestInit_ex(md, md->digest, NULL))
+               goto berr;
        /* FIXME: there's absolutely no guarantee this makes any sense at all,
         * particularly now EVP_MD_CTX has been restructured.
         */
@@ -474,14 +496,20 @@ static void sig_out(BIO* b)
        longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
        ctx->buf_len+= md->digest->md_size;
 
-       EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
-       EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
+       if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
+               goto berr;
+       if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
+               goto berr;
        ctx->buf_len+= md->digest->md_size;
        ctx->blockout= 1;
        ctx->sigio= 0;
+       return 1;
+       berr:
+       BIO_clear_retry_flags(b);
+       return 0;
        }
 
-static void sig_in(BIO* b)
+static int sig_in(BIO* b)
        {
        BIO_OK_CTX *ctx;
        EVP_MD_CTX *md;
@@ -491,15 +519,18 @@ static void sig_in(BIO* b)
        ctx=b->ptr;
        md=&ctx->md;
 
-       if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return;
+       if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return 1;
 
-       EVP_DigestInit_ex(md, md->digest, NULL);
+       if (!EVP_DigestInit_ex(md, md->digest, NULL))
+               goto berr;
        memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
        longswap(md->md_data, md->digest->md_size);
        ctx->buf_off+= md->digest->md_size;
 
-       EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
-       EVP_DigestFinal_ex(md, tmp, NULL);
+       if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
+               goto berr;
+       if (!EVP_DigestFinal_ex(md, tmp, NULL))
+               goto berr;
        ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
        ctx->buf_off+= md->digest->md_size;
        if(ret == 1)
@@ -516,9 +547,13 @@ static void sig_in(BIO* b)
                {
                ctx->cont= 0;
                }
+       return 1;
+       berr:
+       BIO_clear_retry_flags(b);
+       return 0;
        }
 
-static void block_out(BIO* b)
+static int block_out(BIO* b)
        {
        BIO_OK_CTX *ctx;
        EVP_MD_CTX *md;
@@ -532,13 +567,20 @@ static void block_out(BIO* b)
        ctx->buf[1]=(unsigned char)(tl>>16);
        ctx->buf[2]=(unsigned char)(tl>>8);
        ctx->buf[3]=(unsigned char)(tl);
-       EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
-       EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
+       if (!EVP_DigestUpdate(md,
+               (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl))
+               goto berr;
+       if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
+               goto berr;
        ctx->buf_len+= md->digest->md_size;
        ctx->blockout= 1;
+       return 1;
+       berr:
+       BIO_clear_retry_flags(b);
+       return 0;
        }
 
-static void block_in(BIO* b)
+static int block_in(BIO* b)
        {
        BIO_OK_CTX *ctx;
        EVP_MD_CTX *md;
@@ -554,10 +596,13 @@ static void block_in(BIO* b)
        tl|=ctx->buf[2]; tl<<=8;
        tl|=ctx->buf[3];
 
-       if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return;
+       if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return 1;
  
-       EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
-       EVP_DigestFinal_ex(md, tmp, NULL);
+       if (!EVP_DigestUpdate(md,
+                       (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl))
+               goto berr;
+       if (!EVP_DigestFinal_ex(md, tmp, NULL))
+               goto berr;
        if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)
                {
                /* there might be parts from next block lurking around ! */
@@ -571,5 +616,9 @@ static void block_in(BIO* b)
                {
                ctx->cont= 0;
                }
+       return 1;
+       berr:
+       BIO_clear_retry_flags(b);
+       return 0;
        }
 

diff --git a/deps/openssl/openssl/crypto/evp/c_allc.c b/deps/openssl/openssl/crypto/evp/c_allc.c
index c5f9268..2a45d43 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/c_allc.c
+++ b/deps/openssl/openssl/crypto/evp/c_allc.c
@@ -98,6 +98,9 @@ void OpenSSL_add_all_ciphers(void)
 #ifndef OPENSSL_NO_RC4
        EVP_add_cipher(EVP_rc4());
        EVP_add_cipher(EVP_rc4_40());
+#ifndef OPENSSL_NO_MD5
+       EVP_add_cipher(EVP_rc4_hmac_md5());
+#endif
 #endif
 
 #ifndef OPENSSL_NO_IDEA
@@ -166,9 +169,9 @@ void OpenSSL_add_all_ciphers(void)
        EVP_add_cipher(EVP_aes_128_cfb1());
        EVP_add_cipher(EVP_aes_128_cfb8());
        EVP_add_cipher(EVP_aes_128_ofb());
-#if 0
        EVP_add_cipher(EVP_aes_128_ctr());
-#endif
+       EVP_add_cipher(EVP_aes_128_gcm());
+       EVP_add_cipher(EVP_aes_128_xts());
        EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
        EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
        EVP_add_cipher(EVP_aes_192_ecb());
@@ -177,9 +180,8 @@ void OpenSSL_add_all_ciphers(void)
        EVP_add_cipher(EVP_aes_192_cfb1());
        EVP_add_cipher(EVP_aes_192_cfb8());
        EVP_add_cipher(EVP_aes_192_ofb());
-#if 0
        EVP_add_cipher(EVP_aes_192_ctr());
-#endif
+       EVP_add_cipher(EVP_aes_192_gcm());
        EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
        EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
        EVP_add_cipher(EVP_aes_256_ecb());
@@ -188,11 +190,15 @@ void OpenSSL_add_all_ciphers(void)
        EVP_add_cipher(EVP_aes_256_cfb1());
        EVP_add_cipher(EVP_aes_256_cfb8());
        EVP_add_cipher(EVP_aes_256_ofb());
-#if 0
        EVP_add_cipher(EVP_aes_256_ctr());
-#endif
+       EVP_add_cipher(EVP_aes_256_gcm());
+       EVP_add_cipher(EVP_aes_256_xts());
        EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
        EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+       EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
+       EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
+#endif
 #endif
 
 #ifndef OPENSSL_NO_CAMELLIA

diff --git a/deps/openssl/openssl/crypto/evp/digest.c b/deps/openssl/openssl/crypto/evp/digest.c
index 982ba2b..6fc469f 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/digest.c
+++ b/deps/openssl/openssl/crypto/evp/digest.c
@@ -117,6 +117,10 @@
 #include <openssl/engine.h>
 #endif
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
        {
        memset(ctx,'\0',sizeof *ctx);
@@ -225,12 +229,26 @@ skip_to_init:
                }
        if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
                return 1;
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               {
+               if (FIPS_digestinit(ctx, type))
+                       return 1;
+               OPENSSL_free(ctx->md_data);
+               ctx->md_data = NULL;
+               return 0;
+               }
+#endif
        return ctx->digest->init(ctx);
        }
 
 int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
        {
+#ifdef OPENSSL_FIPS
+       return FIPS_digestupdate(ctx, data, count);
+#else
        return ctx->update(ctx,data,count);
+#endif
        }
 
 /* The caller can assume that this removes any secret data from the context */
@@ -245,6 +263,9 @@ int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
 /* The caller can assume that this removes any secret data from the context */
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
        {
+#ifdef OPENSSL_FIPS
+       return FIPS_digestfinal(ctx, md, size);
+#else
        int ret;
 
        OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
@@ -258,6 +279,7 @@ int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
                }
        memset(ctx->md_data,0,ctx->digest->ctx_size);
        return ret;
+#endif
        }
 
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
@@ -351,6 +373,7 @@ void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
 /* This call frees resources associated with the context */
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
        {
+#ifndef OPENSSL_FIPS
        /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
         * because sometimes only copies of the context are ever finalised.
         */
@@ -363,6 +386,7 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
                OPENSSL_free(ctx->md_data);
                }
+#endif
        if (ctx->pctx)
                EVP_PKEY_CTX_free(ctx->pctx);
 #ifndef OPENSSL_NO_ENGINE
@@ -371,6 +395,9 @@ int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
                 * functional reference we held for this reason. */
                ENGINE_finish(ctx->engine);
 #endif
+#ifdef OPENSSL_FIPS
+       FIPS_md_ctx_cleanup(ctx);
+#endif
        memset(ctx,'\0',sizeof *ctx);
 
        return 1;

diff --git a/deps/openssl/openssl/crypto/evp/e_aes.c b/deps/openssl/openssl/crypto/evp/e_aes.c
index bd6c0a3..1bfb5d9 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/e_aes.c
+++ b/deps/openssl/openssl/crypto/evp/e_aes.c
@@ -1,5 +1,5 @@
 /* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 2001-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -56,57 +56,511 @@
 #include <assert.h>
 #include <openssl/aes.h>
 #include "evp_locl.h"
-
-static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                                       const unsigned char *iv, int enc);
+#ifndef OPENSSL_FIPS
+#include "modes_lcl.h"
+#include <openssl/rand.h>
 
 typedef struct
        {
        AES_KEY ks;
+       block128_f block;
+       union {
+               cbc128_f cbc;
+               ctr128_f ctr;
+       } stream;
        } EVP_AES_KEY;
 
-#define data(ctx)      EVP_C_DATA(EVP_AES_KEY,ctx)
-
-IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
-                      NID_aes_128, 16, 16, 16, 128,
-                      0, aes_init_key, NULL, 
-                      EVP_CIPHER_set_asn1_iv,
-                      EVP_CIPHER_get_asn1_iv,
-                      NULL)
-IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
-                      NID_aes_192, 16, 24, 16, 128,
-                      0, aes_init_key, NULL, 
-                      EVP_CIPHER_set_asn1_iv,
-                      EVP_CIPHER_get_asn1_iv,
-                      NULL)
-IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
-                      NID_aes_256, 16, 32, 16, 128,
-                      0, aes_init_key, NULL, 
-                      EVP_CIPHER_set_asn1_iv,
-                      EVP_CIPHER_get_asn1_iv,
-                      NULL)
-
-#define IMPLEMENT_AES_CFBR(ksize,cbits)        IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16)
-
-IMPLEMENT_AES_CFBR(128,1)
-IMPLEMENT_AES_CFBR(192,1)
-IMPLEMENT_AES_CFBR(256,1)
-
-IMPLEMENT_AES_CFBR(128,8)
-IMPLEMENT_AES_CFBR(192,8)
-IMPLEMENT_AES_CFBR(256,8)
+typedef struct
+       {
+       AES_KEY ks;             /* AES key schedule to use */
+       int key_set;            /* Set if key initialised */
+       int iv_set;             /* Set if an iv is set */
+       GCM128_CONTEXT gcm;
+       unsigned char *iv;      /* Temporary IV store */
+       int ivlen;              /* IV length */
+       int taglen;
+       int iv_gen;             /* It is OK to generate IVs */
+       int tls_aad_len;        /* TLS AAD length */
+       ctr128_f ctr;
+       } EVP_AES_GCM_CTX;
+
+typedef struct
+       {
+       AES_KEY ks1, ks2;       /* AES key schedules to use */
+       XTS128_CONTEXT xts;
+       void     (*stream)(const unsigned char *in,
+                       unsigned char *out, size_t length,
+                       const AES_KEY *key1, const AES_KEY *key2,
+                       const unsigned char iv[16]);
+       } EVP_AES_XTS_CTX;
+
+typedef struct
+       {
+       AES_KEY ks;             /* AES key schedule to use */
+       int key_set;            /* Set if key initialised */
+       int iv_set;             /* Set if an iv is set */
+       int tag_set;            /* Set if tag is valid */
+       int len_set;            /* Set if message length set */
+       int L, M;               /* L and M parameters from RFC3610 */
+       CCM128_CONTEXT ccm;
+       ccm128_f str;
+       } EVP_AES_CCM_CTX;
+
+#define MAXBITCHUNK    ((size_t)1<<(sizeof(size_t)*8-4))
+
+#ifdef VPAES_ASM
+int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
+                       AES_KEY *key);
+int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
+                       AES_KEY *key);
+
+void vpaes_encrypt(const unsigned char *in, unsigned char *out,
+                       const AES_KEY *key);
+void vpaes_decrypt(const unsigned char *in, unsigned char *out,
+                       const AES_KEY *key);
+
+void vpaes_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key,
+                       unsigned char *ivec, int enc);
+#endif
+#ifdef BSAES_ASM
+void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t length, const AES_KEY *key,
+                       unsigned char ivec[16], int enc);
+void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
+                       size_t len, const AES_KEY *key,
+                       const unsigned char ivec[16]);
+void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+#endif
+#ifdef AES_CTR_ASM
+void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const AES_KEY *key,
+                       const unsigned char ivec[AES_BLOCK_SIZE]);
+#endif
+#ifdef AES_XTS_ASM
+void AES_xts_encrypt(const char *inp,char *out,size_t len,
+                       const AES_KEY *key1, const AES_KEY *key2,
+                       const unsigned char iv[16]);
+void AES_xts_decrypt(const char *inp,char *out,size_t len,
+                       const AES_KEY *key1, const AES_KEY *key2,
+                       const unsigned char iv[16]);
+#endif
+
+#if    defined(AES_ASM) && !defined(I386_ONLY) &&      (  \
+       ((defined(__i386)       || defined(__i386__)    || \
+         defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
+       defined(__x86_64)       || defined(__x86_64__)  || \
+       defined(_M_AMD64)       || defined(_M_X64)      || \
+       defined(__INTEL__)                              )
+
+extern unsigned int OPENSSL_ia32cap_P[2];
+
+#ifdef VPAES_ASM
+#define VPAES_CAPABLE  (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+#endif
+#ifdef BSAES_ASM
+#define BSAES_CAPABLE  VPAES_CAPABLE
+#endif
+/*
+ * AES-NI section
+ */
+#define        AESNI_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
+
+int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
+                       AES_KEY *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
+                       AES_KEY *key);
+
+void aesni_encrypt(const unsigned char *in, unsigned char *out,
+                       const AES_KEY *key);
+void aesni_decrypt(const unsigned char *in, unsigned char *out,
+                       const AES_KEY *key);
+
+void aesni_ecb_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key,
+                       int enc);
+void aesni_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key,
+                       unsigned char *ivec, int enc);
+
+void aesni_ctr32_encrypt_blocks(const unsigned char *in,
+                       unsigned char *out,
+                       size_t blocks,
+                       const void *key,
+                       const unsigned char *ivec);
+
+void aesni_xts_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key1, const AES_KEY *key2,
+                       const unsigned char iv[16]);
+
+void aesni_xts_decrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key1, const AES_KEY *key2,
+                       const unsigned char iv[16]);
+
+void aesni_ccm64_encrypt_blocks (const unsigned char *in,
+                       unsigned char *out,
+                       size_t blocks,
+                       const void *key,
+                       const unsigned char ivec[16],
+                       unsigned char cmac[16]);
+
+void aesni_ccm64_decrypt_blocks (const unsigned char *in,
+                       unsigned char *out,
+                       size_t blocks,
+                       const void *key,
+                       const unsigned char ivec[16],
+                       unsigned char cmac[16]);
+
+static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                  const unsigned char *iv, int enc)
+       {
+       int ret, mode;
+       EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+
+       mode = ctx->cipher->flags & EVP_CIPH_MODE;
+       if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+           && !enc)
+               { 
+               ret = aesni_set_decrypt_key(key, ctx->key_len*8, ctx->cipher_data);
+               dat->block      = (block128_f)aesni_decrypt;
+               dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ?
+                                       (cbc128_f)aesni_cbc_encrypt :
+                                       NULL;
+               }
+       else    {
+               ret = aesni_set_encrypt_key(key, ctx->key_len*8, ctx->cipher_data);
+               dat->block      = (block128_f)aesni_encrypt;
+               if (mode==EVP_CIPH_CBC_MODE)
+                       dat->stream.cbc = (cbc128_f)aesni_cbc_encrypt;
+               else if (mode==EVP_CIPH_CTR_MODE)
+                       dat->stream.ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
+               else
+                       dat->stream.cbc = NULL;
+               }
+
+       if(ret < 0)
+               {
+               EVPerr(EVP_F_AESNI_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
+               return 0;
+               }
+
+       return 1;
+       }
+
+static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+       const unsigned char *in, size_t len)
+{
+       aesni_cbc_encrypt(in,out,len,ctx->cipher_data,ctx->iv,ctx->encrypt);
+
+       return 1;
+}
+
+static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+       const unsigned char *in, size_t len)
+{
+       size_t  bl = ctx->cipher->block_size;
+
+       if (len<bl)     return 1;
+
+       aesni_ecb_encrypt(in,out,len,ctx->cipher_data,ctx->encrypt);
+
+       return 1;
+}
+
+#define aesni_ofb_cipher aes_ofb_cipher
+static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+       const unsigned char *in,size_t len);
+
+#define aesni_cfb_cipher aes_cfb_cipher
+static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+       const unsigned char *in,size_t len);
+
+#define aesni_cfb8_cipher aes_cfb8_cipher
+static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+       const unsigned char *in,size_t len);
+
+#define aesni_cfb1_cipher aes_cfb1_cipher
+static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+       const unsigned char *in,size_t len);
+
+#define aesni_ctr_cipher aes_ctr_cipher
+static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+               const unsigned char *in, size_t len);
+
+static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+       {
+       EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
+       if (!iv && !key)
+               return 1;
+       if (key)
+               {
+               aesni_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
+               CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                               (block128_f)aesni_encrypt);
+               gctx->ctr = (ctr128_f)aesni_ctr32_encrypt_blocks;
+               /* If we have an iv can set it directly, otherwise use
+                * saved IV.
+                */
+               if (iv == NULL && gctx->iv_set)
+                       iv = gctx->iv;
+               if (iv)
+                       {
+                       CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+                       gctx->iv_set = 1;
+                       }
+               gctx->key_set = 1;
+               }
+       else
+               {
+               /* If key set use IV, otherwise copy */
+               if (gctx->key_set)
+                       CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+               else
+                       memcpy(gctx->iv, iv, gctx->ivlen);
+               gctx->iv_set = 1;
+               gctx->iv_gen = 0;
+               }
+       return 1;
+       }
+
+#define aesni_gcm_cipher aes_gcm_cipher
+static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+               const unsigned char *in, size_t len);
+
+static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+       {
+       EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
+       if (!iv && !key)
+               return 1;
+
+       if (key)
+               {
+               /* key_len is two AES keys */
+               if (enc)
+                       {
+                       aesni_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
+                       xctx->xts.block1 = (block128_f)aesni_encrypt;
+                       xctx->stream = aesni_xts_encrypt;
+                       }
+               else
+                       {
+                       aesni_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
+                       xctx->xts.block1 = (block128_f)aesni_decrypt;
+                       xctx->stream = aesni_xts_decrypt;
+                       }
+
+               aesni_set_encrypt_key(key + ctx->key_len/2,
+                                               ctx->key_len * 4, &xctx->ks2);
+               xctx->xts.block2 = (block128_f)aesni_encrypt;
+
+               xctx->xts.key1 = &xctx->ks1;
+               }
+
+       if (iv)
+               {
+               xctx->xts.key2 = &xctx->ks2;
+               memcpy(ctx->iv, iv, 16);
+               }
+
+       return 1;
+       }
+
+#define aesni_xts_cipher aes_xts_cipher
+static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+               const unsigned char *in, size_t len);
+
+static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+       {
+       EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
+       if (!iv && !key)
+               return 1;
+       if (key)
+               {
+               aesni_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
+               CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                                       &cctx->ks, (block128_f)aesni_encrypt);
+               cctx->str = enc?(ccm128_f)aesni_ccm64_encrypt_blocks :
+                               (ccm128_f)aesni_ccm64_decrypt_blocks;
+               cctx->key_set = 1;
+               }
+       if (iv)
+               {
+               memcpy(ctx->iv, iv, 15 - cctx->L);
+               cctx->iv_set = 1;
+               }
+       return 1;
+       }
+
+#define aesni_ccm_cipher aes_ccm_cipher
+static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+               const unsigned char *in, size_t len);
+
+#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aesni_##keylen##_##mode = { \
+       nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+       flags|EVP_CIPH_##MODE##_MODE,   \
+       aesni_init_key,                 \
+       aesni_##mode##_cipher,          \
+       NULL,                           \
+       sizeof(EVP_AES_KEY),            \
+       NULL,NULL,NULL,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+       nid##_##keylen##_##nmode,blocksize,     \
+       keylen/8,ivlen, \
+       flags|EVP_CIPH_##MODE##_MODE,   \
+       aes_init_key,                   \
+       aes_##mode##_cipher,            \
+       NULL,                           \
+       sizeof(EVP_AES_KEY),            \
+       NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
+
+#define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+static const EVP_CIPHER aesni_##keylen##_##mode = { \
+       nid##_##keylen##_##mode,blocksize, \
+       (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+       flags|EVP_CIPH_##MODE##_MODE,   \
+       aesni_##mode##_init_key,        \
+       aesni_##mode##_cipher,          \
+       aes_##mode##_cleanup,           \
+       sizeof(EVP_AES_##MODE##_CTX),   \
+       NULL,NULL,aes_##mode##_ctrl,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+       nid##_##keylen##_##mode,blocksize, \
+       (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+       flags|EVP_CIPH_##MODE##_MODE,   \
+       aes_##mode##_init_key,          \
+       aes_##mode##_cipher,            \
+       aes_##mode##_cleanup,           \
+       sizeof(EVP_AES_##MODE##_CTX),   \
+       NULL,NULL,aes_##mode##_ctrl,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
+
+#else
+
+#define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+       nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+       flags|EVP_CIPH_##MODE##_MODE,   \
+       aes_init_key,                   \
+       aes_##mode##_cipher,            \
+       NULL,                           \
+       sizeof(EVP_AES_KEY),            \
+       NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return &aes_##keylen##_##mode; }
+
+#define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+       nid##_##keylen##_##mode,blocksize, \
+       (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+       flags|EVP_CIPH_##MODE##_MODE,   \
+       aes_##mode##_init_key,          \
+       aes_##mode##_cipher,            \
+       aes_##mode##_cleanup,           \
+       sizeof(EVP_AES_##MODE##_CTX),   \
+       NULL,NULL,aes_##mode##_ctrl,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return &aes_##keylen##_##mode; }
+#endif
+
+#define BLOCK_CIPHER_generic_pack(nid,keylen,flags)            \
+       BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)     \
+       BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)      \
+       BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+       BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+       BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags)       \
+       BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags)       \
+       BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags)
 
 static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                   const unsigned char *iv, int enc)
        {
-       int ret;
+       int ret, mode;
+       EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
 
-       if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE
-           || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE
-           || enc) 
-               ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+       mode = ctx->cipher->flags & EVP_CIPH_MODE;
+       if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+           && !enc)
+#ifdef BSAES_CAPABLE
+           if (BSAES_CAPABLE && mode==EVP_CIPH_CBC_MODE)
+               {
+               ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks);
+               dat->block      = (block128_f)AES_decrypt;
+               dat->stream.cbc = (cbc128_f)bsaes_cbc_encrypt;
+               }
+           else
+#endif
+#ifdef VPAES_CAPABLE
+           if (VPAES_CAPABLE)
+               {
+               ret = vpaes_set_decrypt_key(key,ctx->key_len*8,&dat->ks);
+               dat->block      = (block128_f)vpaes_decrypt;
+               dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ?
+                                       (cbc128_f)vpaes_cbc_encrypt :
+                                       NULL;
+               }
+           else
+#endif
+               {
+               ret = AES_set_decrypt_key(key,ctx->key_len*8,&dat->ks);
+               dat->block      = (block128_f)AES_decrypt;
+               dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ?
+                                       (cbc128_f)AES_cbc_encrypt :
+                                       NULL;
+               }
        else
-               ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+#ifdef BSAES_CAPABLE
+           if (BSAES_CAPABLE && mode==EVP_CIPH_CTR_MODE)
+               {
+               ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks);
+               dat->block      = (block128_f)AES_encrypt;
+               dat->stream.ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
+               }
+           else
+#endif
+#ifdef VPAES_CAPABLE
+           if (VPAES_CAPABLE)
+               {
+               ret = vpaes_set_encrypt_key(key,ctx->key_len*8,&dat->ks);
+               dat->block      = (block128_f)vpaes_encrypt;
+               dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ?
+                                       (cbc128_f)vpaes_cbc_encrypt :
+                                       NULL;
+               }
+           else
+#endif
+               {
+               ret = AES_set_encrypt_key(key,ctx->key_len*8,&dat->ks);
+               dat->block      = (block128_f)AES_encrypt;
+               dat->stream.cbc = mode==EVP_CIPH_CBC_MODE ?
+                                       (cbc128_f)AES_cbc_encrypt :
+                                       NULL;
+#ifdef AES_CTR_ASM
+               if (mode==EVP_CIPH_CTR_MODE)
+                       dat->stream.ctr = (ctr128_f)AES_ctr32_encrypt;
+#endif
+               }
 
        if(ret < 0)
                {
@@ -117,4 +571,744 @@ static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        return 1;
        }
 
+static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+       const unsigned char *in, size_t len)
+{
+       EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+
+       if (dat->stream.cbc)
+               (*dat->stream.cbc)(in,out,len,&dat->ks,ctx->iv,ctx->encrypt);
+       else if (ctx->encrypt)
+               CRYPTO_cbc128_encrypt(in,out,len,&dat->ks,ctx->iv,dat->block);
+       else
+               CRYPTO_cbc128_encrypt(in,out,len,&dat->ks,ctx->iv,dat->block);
+
+       return 1;
+}
+
+static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+       const unsigned char *in, size_t len)
+{
+       size_t  bl = ctx->cipher->block_size;
+       size_t  i;
+       EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+
+       if (len<bl)     return 1;
+
+       for (i=0,len-=bl;i<=len;i+=bl)
+               (*dat->block)(in+i,out+i,&dat->ks);
+
+       return 1;
+}
+
+static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+       const unsigned char *in,size_t len)
+{
+       EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+
+       CRYPTO_ofb128_encrypt(in,out,len,&dat->ks,
+                       ctx->iv,&ctx->num,dat->block);
+       return 1;
+}
+
+static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+       const unsigned char *in,size_t len)
+{
+       EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+
+       CRYPTO_cfb128_encrypt(in,out,len,&dat->ks,
+                       ctx->iv,&ctx->num,ctx->encrypt,dat->block);
+       return 1;
+}
+
+static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+       const unsigned char *in,size_t len)
+{
+       EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+
+       CRYPTO_cfb128_8_encrypt(in,out,len,&dat->ks,
+                       ctx->iv,&ctx->num,ctx->encrypt,dat->block);
+       return 1;
+}
+
+static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx,unsigned char *out,
+       const unsigned char *in,size_t len)
+{
+       EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+
+       if (ctx->flags&EVP_CIPH_FLAG_LENGTH_BITS) {
+               CRYPTO_cfb128_1_encrypt(in,out,len,&dat->ks,
+                       ctx->iv,&ctx->num,ctx->encrypt,dat->block);
+               return 1;
+       }
+
+       while (len>=MAXBITCHUNK) {
+               CRYPTO_cfb128_1_encrypt(in,out,MAXBITCHUNK*8,&dat->ks,
+                       ctx->iv,&ctx->num,ctx->encrypt,dat->block);
+               len-=MAXBITCHUNK;
+       }
+       if (len)
+               CRYPTO_cfb128_1_encrypt(in,out,len*8,&dat->ks,
+                       ctx->iv,&ctx->num,ctx->encrypt,dat->block);
+       
+       return 1;
+}
+
+static int aes_ctr_cipher (EVP_CIPHER_CTX *ctx, unsigned char *out,
+               const unsigned char *in, size_t len)
+{
+       unsigned int num = ctx->num;
+       EVP_AES_KEY *dat = (EVP_AES_KEY *)ctx->cipher_data;
+
+       if (dat->stream.ctr)
+               CRYPTO_ctr128_encrypt_ctr32(in,out,len,&dat->ks,
+                       ctx->iv,ctx->buf,&num,dat->stream.ctr);
+       else
+               CRYPTO_ctr128_encrypt(in,out,len,&dat->ks,
+                       ctx->iv,ctx->buf,&num,dat->block);
+       ctx->num = (size_t)num;
+       return 1;
+}
+
+BLOCK_CIPHER_generic_pack(NID_aes,128,EVP_CIPH_FLAG_FIPS)
+BLOCK_CIPHER_generic_pack(NID_aes,192,EVP_CIPH_FLAG_FIPS)
+BLOCK_CIPHER_generic_pack(NID_aes,256,EVP_CIPH_FLAG_FIPS)
+
+static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
+       {
+       EVP_AES_GCM_CTX *gctx = c->cipher_data;
+       OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
+       if (gctx->iv != c->iv)
+               OPENSSL_free(gctx->iv);
+       return 1;
+       }
+
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter) {
+       int n=8;
+       unsigned char  c;
+
+       do {
+               --n;
+               c = counter[n];
+               ++c;
+               counter[n] = c;
+               if (c) return;
+       } while (n);
+}
+
+static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+       {
+       EVP_AES_GCM_CTX *gctx = c->cipher_data;
+       switch (type)
+               {
+       case EVP_CTRL_INIT:
+               gctx->key_set = 0;
+               gctx->iv_set = 0;
+               gctx->ivlen = c->cipher->iv_len;
+               gctx->iv = c->iv;
+               gctx->taglen = -1;
+               gctx->iv_gen = 0;
+               gctx->tls_aad_len = -1;
+               return 1;
+
+       case EVP_CTRL_GCM_SET_IVLEN:
+               if (arg <= 0)
+                       return 0;
+#ifdef OPENSSL_FIPS
+               if (FIPS_module_mode() && !(c->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)
+                                                && arg < 12)
+                       return 0;
+#endif
+               /* Allocate memory for IV if needed */
+               if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen))
+                       {
+                       if (gctx->iv != c->iv)
+                               OPENSSL_free(gctx->iv);
+                       gctx->iv = OPENSSL_malloc(arg);
+                       if (!gctx->iv)
+                               return 0;
+                       }
+               gctx->ivlen = arg;
+               return 1;
+
+       case EVP_CTRL_GCM_SET_TAG:
+               if (arg <= 0 || arg > 16 || c->encrypt)
+                       return 0;
+               memcpy(c->buf, ptr, arg);
+               gctx->taglen = arg;
+               return 1;
+
+       case EVP_CTRL_GCM_GET_TAG:
+               if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0)
+                       return 0;
+               memcpy(ptr, c->buf, arg);
+               return 1;
+
+       case EVP_CTRL_GCM_SET_IV_FIXED:
+               /* Special case: -1 length restores whole IV */
+               if (arg == -1)
+                       {
+                       memcpy(gctx->iv, ptr, gctx->ivlen);
+                       gctx->iv_gen = 1;
+                       return 1;
+                       }
+               /* Fixed field must be at least 4 bytes and invocation field
+                * at least 8.
+                */
+               if ((arg < 4) || (gctx->ivlen - arg) < 8)
+                       return 0;
+               if (arg)
+                       memcpy(gctx->iv, ptr, arg);
+               if (c->encrypt &&
+                       RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
+                       return 0;
+               gctx->iv_gen = 1;
+               return 1;
+
+       case EVP_CTRL_GCM_IV_GEN:
+               if (gctx->iv_gen == 0 || gctx->key_set == 0)
+                       return 0;
+               CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+               if (arg <= 0 || arg > gctx->ivlen)
+                       arg = gctx->ivlen;
+               memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
+               /* Invocation field will be at least 8 bytes in size and
+                * so no need to check wrap around or increment more than
+                * last 8 bytes.
+                */
+               ctr64_inc(gctx->iv + gctx->ivlen - 8);
+               gctx->iv_set = 1;
+               return 1;
+
+       case EVP_CTRL_GCM_SET_IV_INV:
+               if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt)
+                       return 0;
+               memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
+               CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+               gctx->iv_set = 1;
+               return 1;
+
+       case EVP_CTRL_AEAD_TLS1_AAD:
+               /* Save the AAD for later use */
+               if (arg != 13)
+                       return 0;
+               memcpy(c->buf, ptr, arg);
+               gctx->tls_aad_len = arg;
+                       {
+                       unsigned int len=c->buf[arg-2]<<8|c->buf[arg-1];
+                       /* Correct length for explicit IV */
+                       len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                       /* If decrypting correct for tag too */
+                       if (!c->encrypt)
+                               len -= EVP_GCM_TLS_TAG_LEN;
+                        c->buf[arg-2] = len>>8;
+                        c->buf[arg-1] = len & 0xff;
+                       }
+               /* Extra padding: tag appended to record */
+               return EVP_GCM_TLS_TAG_LEN;
+
+       default:
+               return -1;
+
+               }
+       }
+
+static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+       {
+       EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
+       if (!iv && !key)
+               return 1;
+       if (key)
+               { do {
+#ifdef BSAES_CAPABLE
+               if (BSAES_CAPABLE)
+                       {
+                       AES_set_encrypt_key(key,ctx->key_len*8,&gctx->ks);
+                       CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks,
+                                       (block128_f)AES_encrypt);
+                       gctx->ctr = (ctr128_f)bsaes_ctr32_encrypt_blocks;
+                       break;
+                       }
+               else
+#endif
+#ifdef VPAES_CAPABLE
+               if (VPAES_CAPABLE)
+                       {
+                       vpaes_set_encrypt_key(key,ctx->key_len*8,&gctx->ks);
+                       CRYPTO_gcm128_init(&gctx->gcm,&gctx->ks,
+                                       (block128_f)vpaes_encrypt);
+                       gctx->ctr = NULL;
+                       break;
+                       }
+#endif
+               AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks);
+               CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f)AES_encrypt);
+#ifdef AES_CTR_ASM
+               gctx->ctr = (ctr128_f)AES_ctr32_encrypt;
+#else
+               gctx->ctr = NULL;
+#endif
+               } while (0);
+
+               /* If we have an iv can set it directly, otherwise use
+                * saved IV.
+                */
+               if (iv == NULL && gctx->iv_set)
+                       iv = gctx->iv;
+               if (iv)
+                       {
+                       CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+                       gctx->iv_set = 1;
+                       }
+               gctx->key_set = 1;
+               }
+       else
+               {
+               /* If key set use IV, otherwise copy */
+               if (gctx->key_set)
+                       CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+               else
+                       memcpy(gctx->iv, iv, gctx->ivlen);
+               gctx->iv_set = 1;
+               gctx->iv_gen = 0;
+               }
+       return 1;
+       }
+
+/* Handle TLS GCM packet format. This consists of the last portion of the IV
+ * followed by the payload and finally the tag. On encrypt generate IV,
+ * encrypt payload and write the tag. On verify retrieve IV, decrypt payload
+ * and verify tag.
+ */
+
+static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+               const unsigned char *in, size_t len)
+       {
+       EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
+       int rv = -1;
+       /* Encrypt/decrypt must be performed in place */
+       if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN+EVP_GCM_TLS_TAG_LEN))
+               return -1;
+       /* Set IV from start of buffer or generate IV and write to start
+        * of buffer.
+        */
+       if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ?
+                               EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
+                               EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
+               goto err;
+       /* Use saved AAD */
+       if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len))
+               goto err;
+       /* Fix buffer and length to point to payload */
+       in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+       out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+       len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+       if (ctx->encrypt)
+               {
+               /* Encrypt payload */
+               if (gctx->ctr)
+                       {
+                       if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
+                                                       in, out, len,
+                                                       gctx->ctr))
+                               goto err;
+                       }
+               else    {
+                       if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
+                               goto err;
+                       }
+               out += len;
+               /* Finally write tag */
+               CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
+               rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+               }
+       else
+               {
+               /* Decrypt */
+               if (gctx->ctr)
+                       {
+                       if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
+                                                       in, out, len,
+                                                       gctx->ctr))
+                               goto err;
+                       }
+               else    {
+                       if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
+                               goto err;
+                       }
+               /* Retrieve tag */
+               CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf,
+                                       EVP_GCM_TLS_TAG_LEN);
+               /* If tag mismatch wipe buffer */
+               if (memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN))
+                       {
+                       OPENSSL_cleanse(out, len);
+                       goto err;
+                       }
+               rv = len;
+               }
+
+       err:
+       gctx->iv_set = 0;
+       gctx->tls_aad_len = -1;
+       return rv;
+       }
+
+static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+               const unsigned char *in, size_t len)
+       {
+       EVP_AES_GCM_CTX *gctx = ctx->cipher_data;
+       /* If not set up, return error */
+       if (!gctx->key_set)
+               return -1;
+
+       if (gctx->tls_aad_len >= 0)
+               return aes_gcm_tls_cipher(ctx, out, in, len);
+
+       if (!gctx->iv_set)
+               return -1;
+       if (in)
+               {
+               if (out == NULL)
+                       {
+                       if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
+                               return -1;
+                       }
+               else if (ctx->encrypt)
+                       {
+                       if (gctx->ctr)
+                               {
+                               if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
+                                                       in, out, len,
+                                                       gctx->ctr))
+                                       return -1;
+                               }
+                       else    {
+                               if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
+                                       return -1;
+                               }
+                       }
+               else
+                       {
+                       if (gctx->ctr)
+                               {
+                               if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
+                                                       in, out, len,
+                                                       gctx->ctr))
+                                       return -1;
+                               }
+                       else    {
+                               if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
+                                       return -1;
+                               }
+                       }
+               return len;
+               }
+       else
+               {
+               if (!ctx->encrypt)
+                       {
+                       if (gctx->taglen < 0)
+                               return -1;
+                       if (CRYPTO_gcm128_finish(&gctx->gcm,
+                                       ctx->buf, gctx->taglen) != 0)
+                               return -1;
+                       gctx->iv_set = 0;
+                       return 0;
+                       }
+               CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16);
+               gctx->taglen = 16;
+               /* Don't reuse the IV */
+               gctx->iv_set = 0;
+               return 0;
+               }
+
+       }
+
+#define CUSTOM_FLAGS   (EVP_CIPH_FLAG_DEFAULT_ASN1 \
+               | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+               | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT)
+
+BLOCK_CIPHER_custom(NID_aes,128,1,12,gcm,GCM,
+               EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes,192,1,12,gcm,GCM,
+               EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes,256,1,12,gcm,GCM,
+               EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_AEAD_CIPHER|CUSTOM_FLAGS)
+
+static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+       {
+       EVP_AES_XTS_CTX *xctx = c->cipher_data;
+       if (type != EVP_CTRL_INIT)
+               return -1;
+       /* key1 and key2 are used as an indicator both key and IV are set */
+       xctx->xts.key1 = NULL;
+       xctx->xts.key2 = NULL;
+       return 1;
+       }
+
+static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+       {
+       EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
+       if (!iv && !key)
+               return 1;
+
+       if (key) do
+               {
+#ifdef AES_XTS_ASM
+               xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
+#else
+               xctx->stream = NULL;
+#endif
+               /* key_len is two AES keys */
+#ifdef BSAES_CAPABLE
+               if (BSAES_CAPABLE)
+                       xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt;
+               else
+#endif
+#ifdef VPAES_CAPABLE
+               if (VPAES_CAPABLE)
+                   {
+                   if (enc)
+                       {
+                       vpaes_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
+                       xctx->xts.block1 = (block128_f)vpaes_encrypt;
+                       }
+                   else
+                       {
+                       vpaes_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
+                       xctx->xts.block1 = (block128_f)vpaes_decrypt;
+                       }
+
+               vpaes_set_encrypt_key(key + ctx->key_len/2,
+                                               ctx->key_len * 4, &xctx->ks2);
+               xctx->xts.block2 = (block128_f)vpaes_encrypt;
+
+               xctx->xts.key1 = &xctx->ks1;
+               break;
+               }
+#endif
+               if (enc)
+                       {
+                       AES_set_encrypt_key(key, ctx->key_len * 4, &xctx->ks1);
+                       xctx->xts.block1 = (block128_f)AES_encrypt;
+                       }
+               else
+                       {
+                       AES_set_decrypt_key(key, ctx->key_len * 4, &xctx->ks1);
+                       xctx->xts.block1 = (block128_f)AES_decrypt;
+                       }
+
+               AES_set_encrypt_key(key + ctx->key_len/2,
+                                               ctx->key_len * 4, &xctx->ks2);
+               xctx->xts.block2 = (block128_f)AES_encrypt;
+
+               xctx->xts.key1 = &xctx->ks1;
+               } while (0);
+
+       if (iv)
+               {
+               xctx->xts.key2 = &xctx->ks2;
+               memcpy(ctx->iv, iv, 16);
+               }
+
+       return 1;
+       }
+
+static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+               const unsigned char *in, size_t len)
+       {
+       EVP_AES_XTS_CTX *xctx = ctx->cipher_data;
+       if (!xctx->xts.key1 || !xctx->xts.key2)
+               return 0;
+       if (!out || !in || len<AES_BLOCK_SIZE)
+               return 0;
+#ifdef OPENSSL_FIPS
+       /* Requirement of SP800-38E */
+       if (FIPS_module_mode() && !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW) &&
+                       (len > (1UL<<20)*16))
+               {
+               EVPerr(EVP_F_AES_XTS_CIPHER, EVP_R_TOO_LARGE);
+               return 0;
+               }
+#endif
+       if (xctx->stream)
+               (*xctx->stream)(in, out, len,
+                               xctx->xts.key1, xctx->xts.key2, ctx->iv);
+       else if (CRYPTO_xts128_encrypt(&xctx->xts, ctx->iv, in, out, len,
+                                                               ctx->encrypt))
+               return 0;
+       return 1;
+       }
+
+#define aes_xts_cleanup NULL
+
+#define XTS_FLAGS      (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \
+                        | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT)
+
+BLOCK_CIPHER_custom(NID_aes,128,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS)
+BLOCK_CIPHER_custom(NID_aes,256,1,16,xts,XTS,EVP_CIPH_FLAG_FIPS|XTS_FLAGS)
+
+static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+       {
+       EVP_AES_CCM_CTX *cctx = c->cipher_data;
+       switch (type)
+               {
+       case EVP_CTRL_INIT:
+               cctx->key_set = 0;
+               cctx->iv_set = 0;
+               cctx->L = 8;
+               cctx->M = 12;
+               cctx->tag_set = 0;
+               cctx->len_set = 0;
+               return 1;
+
+       case EVP_CTRL_CCM_SET_IVLEN:
+               arg = 15 - arg;
+       case EVP_CTRL_CCM_SET_L:
+               if (arg < 2 || arg > 8)
+                       return 0;
+               cctx->L = arg;
+               return 1;
+
+       case EVP_CTRL_CCM_SET_TAG:
+               if ((arg & 1) || arg < 4 || arg > 16)
+                       return 0;
+               if ((c->encrypt && ptr) || (!c->encrypt && !ptr))
+                       return 0;
+               if (ptr)
+                       {
+                       cctx->tag_set = 1;
+                       memcpy(c->buf, ptr, arg);
+                       }
+               cctx->M = arg;
+               return 1;
+
+       case EVP_CTRL_CCM_GET_TAG:
+               if (!c->encrypt || !cctx->tag_set)
+                       return 0;
+               if(!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
+                       return 0;
+               cctx->tag_set = 0;
+               cctx->iv_set = 0;
+               cctx->len_set = 0;
+               return 1;
+
+       default:
+               return -1;
+
+               }
+       }
+
+static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+       {
+       EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
+       if (!iv && !key)
+               return 1;
+       if (key) do
+               {
+#ifdef VPAES_CAPABLE
+               if (VPAES_CAPABLE)
+                       {
+                       vpaes_set_encrypt_key(key, ctx->key_len*8, &cctx->ks);
+                       CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                                       &cctx->ks, (block128_f)vpaes_encrypt);
+                       cctx->str = NULL;
+                       cctx->key_set = 1;
+                       break;
+                       }
+#endif
+               AES_set_encrypt_key(key, ctx->key_len * 8, &cctx->ks);
+               CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                                       &cctx->ks, (block128_f)AES_encrypt);
+               cctx->str = NULL;
+               cctx->key_set = 1;
+               } while (0);
+       if (iv)
+               {
+               memcpy(ctx->iv, iv, 15 - cctx->L);
+               cctx->iv_set = 1;
+               }
+       return 1;
+       }
+
+static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+               const unsigned char *in, size_t len)
+       {
+       EVP_AES_CCM_CTX *cctx = ctx->cipher_data;
+       CCM128_CONTEXT *ccm = &cctx->ccm;
+       /* If not set up, return error */
+       if (!cctx->iv_set && !cctx->key_set)
+               return -1;
+       if (!ctx->encrypt && !cctx->tag_set)
+               return -1;
+       if (!out)
+               {
+               if (!in)
+                       {
+                       if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L,len))
+                               return -1;
+                       cctx->len_set = 1;
+                       return len;
+                       }
+               /* If have AAD need message length */
+               if (!cctx->len_set && len)
+                       return -1;
+               CRYPTO_ccm128_aad(ccm, in, len);
+               return len;
+               }
+       /* EVP_*Final() doesn't return any data */
+       if (!in)
+               return 0;
+       /* If not set length yet do it */
+       if (!cctx->len_set)
+               {
+               if (CRYPTO_ccm128_setiv(ccm, ctx->iv, 15 - cctx->L, len))
+                       return -1;
+               cctx->len_set = 1;
+               }
+       if (ctx->encrypt)
+               {
+               if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
+                                               cctx->str) :
+                               CRYPTO_ccm128_encrypt(ccm, in, out, len))
+                       return -1;
+               cctx->tag_set = 1;
+               return len;
+               }
+       else
+               {
+               int rv = -1;
+               if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+                                               cctx->str) :
+                               !CRYPTO_ccm128_decrypt(ccm, in, out, len))
+                       {
+                       unsigned char tag[16];
+                       if (CRYPTO_ccm128_tag(ccm, tag, cctx->M))
+                               {
+                               if (!memcmp(tag, ctx->buf, cctx->M))
+                                       rv = len;
+                               }
+                       }
+               if (rv == -1)
+                       OPENSSL_cleanse(out, len);
+               cctx->iv_set = 0;
+               cctx->tag_set = 0;
+               cctx->len_set = 0;
+               return rv;
+               }
+
+       }
+
+#define aes_ccm_cleanup NULL
+
+BLOCK_CIPHER_custom(NID_aes,128,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes,192,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes,256,1,12,ccm,CCM,EVP_CIPH_FLAG_FIPS|CUSTOM_FLAGS)
+
+#endif
 #endif

diff --git a/deps/openssl/openssl/crypto/evp/e_des3.c b/deps/openssl/openssl/crypto/evp/e_des3.c
index 3232cfe..1e69972 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/e_des3.c
+++ b/deps/openssl/openssl/crypto/evp/e_des3.c
@@ -65,6 +65,8 @@
 #include <openssl/des.h>
 #include <openssl/rand.h>
 
+#ifndef OPENSSL_FIPS
+
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                            const unsigned char *iv,int enc);
 
@@ -311,3 +313,4 @@ const EVP_CIPHER *EVP_des_ede3(void)
        return &des_ede3_ecb;
 }
 #endif
+#endif

diff --git a/deps/openssl/openssl/crypto/evp/e_null.c b/deps/openssl/openssl/crypto/evp/e_null.c
index 7cf50e1..f0c1f78 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/e_null.c
+++ b/deps/openssl/openssl/crypto/evp/e_null.c
@@ -61,6 +61,8 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 
+#ifndef OPENSSL_FIPS
+
 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
        const unsigned char *iv,int enc);
 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
@@ -99,4 +101,4 @@ static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                memcpy((char *)out,(const char *)in,inl);
        return 1;
        }
-
+#endif

diff --git a/deps/openssl/openssl/crypto/evp/e_rc2.c b/deps/openssl/openssl/crypto/evp/e_rc2.c
index f78d781..d4c33b5 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/e_rc2.c
+++ b/deps/openssl/openssl/crypto/evp/e_rc2.c
@@ -183,7 +183,8 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
                key_bits =rc2_magic_to_meth((int)num);
                if (!key_bits)
                        return(-1);
-               if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1);
+               if(i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
+                       return -1;
                EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
                EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
                }

diff --git a/deps/openssl/openssl/crypto/evp/e_rc4.c b/deps/openssl/openssl/crypto/evp/e_rc4.c
index 8b5175e..b4f6bda 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/e_rc4.c
+++ b/deps/openssl/openssl/crypto/evp/e_rc4.c
@@ -62,6 +62,7 @@
 #ifndef OPENSSL_NO_RC4
 
 #include <openssl/evp.h>
+#include "evp_locl.h"
 #include <openssl/objects.h>
 #include <openssl/rc4.h>
 

diff --git a/deps/openssl/openssl/crypto/evp/evp.h b/deps/openssl/openssl/crypto/evp/evp.h
index 9f9795e..faeb3c2 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/evp.h
+++ b/deps/openssl/openssl/crypto/evp/evp.h
@@ -83,7 +83,7 @@
 #define EVP_RC5_32_12_16_KEY_SIZE      16
 */
 #define EVP_MAX_MD_SIZE                        64      /* longest known is SHA512 */
-#define EVP_MAX_KEY_LENGTH             32
+#define EVP_MAX_KEY_LENGTH             64
 #define EVP_MAX_IV_LENGTH              16
 #define EVP_MAX_BLOCK_LENGTH           32
 
@@ -116,6 +116,7 @@
 #define EVP_PKEY_DH    NID_dhKeyAgreement
 #define EVP_PKEY_EC    NID_X9_62_id_ecPublicKey
 #define EVP_PKEY_HMAC  NID_hmac
+#define EVP_PKEY_CMAC  NID_cmac
 
 #ifdef __cplusplus
 extern "C" {
@@ -216,6 +217,8 @@ typedef int evp_verify_method(int type,const unsigned char *m,
 
 #define EVP_MD_FLAG_DIGALGID_CUSTOM            0x0018
 
+#define EVP_MD_FLAG_FIPS       0x0400 /* Note if suitable for use in FIPS mode */
+
 /* Digest ctrls */
 
 #define        EVP_MD_CTRL_DIGALGID                    0x1
@@ -325,6 +328,10 @@ struct evp_cipher_st
 #define                EVP_CIPH_CBC_MODE               0x2
 #define                EVP_CIPH_CFB_MODE               0x3
 #define                EVP_CIPH_OFB_MODE               0x4
+#define                EVP_CIPH_CTR_MODE               0x5
+#define                EVP_CIPH_GCM_MODE               0x6
+#define                EVP_CIPH_CCM_MODE               0x7
+#define                EVP_CIPH_XTS_MODE               0x10001
 #define        EVP_CIPH_MODE                   0xF0007
 /* Set if variable length cipher */
 #define        EVP_CIPH_VARIABLE_LENGTH        0x8
@@ -346,6 +353,15 @@ struct evp_cipher_st
 #define                EVP_CIPH_FLAG_DEFAULT_ASN1      0x1000
 /* Buffer length in bits not bytes: CFB1 mode only */
 #define                EVP_CIPH_FLAG_LENGTH_BITS       0x2000
+/* Note if suitable for use in FIPS mode */
+#define                EVP_CIPH_FLAG_FIPS              0x4000
+/* Allow non FIPS cipher in FIPS mode */
+#define                EVP_CIPH_FLAG_NON_FIPS_ALLOW    0x8000
+/* Cipher handles any and all padding logic as well
+ * as finalisation.
+ */
+#define        EVP_CIPH_FLAG_CUSTOM_CIPHER     0x100000
+#define                EVP_CIPH_FLAG_AEAD_CIPHER       0x200000
 
 /* ctrl() values */
 
@@ -358,6 +374,33 @@ struct evp_cipher_st
 #define        EVP_CTRL_RAND_KEY               0x6
 #define        EVP_CTRL_PBE_PRF_NID            0x7
 #define        EVP_CTRL_COPY                   0x8
+#define        EVP_CTRL_GCM_SET_IVLEN          0x9
+#define        EVP_CTRL_GCM_GET_TAG            0x10
+#define        EVP_CTRL_GCM_SET_TAG            0x11
+#define                EVP_CTRL_GCM_SET_IV_FIXED       0x12
+#define                EVP_CTRL_GCM_IV_GEN             0x13
+#define                EVP_CTRL_CCM_SET_IVLEN          EVP_CTRL_GCM_SET_IVLEN
+#define                EVP_CTRL_CCM_GET_TAG            EVP_CTRL_GCM_GET_TAG
+#define                EVP_CTRL_CCM_SET_TAG            EVP_CTRL_GCM_SET_TAG
+#define                EVP_CTRL_CCM_SET_L              0x14
+#define                EVP_CTRL_CCM_SET_MSGLEN         0x15
+/* AEAD cipher deduces payload length and returns number of bytes
+ * required to store MAC and eventual padding. Subsequent call to
+ * EVP_Cipher even appends/verifies MAC.
+ */
+#define                EVP_CTRL_AEAD_TLS1_AAD          0x16
+/* Used by composite AEAD ciphers, no-op in GCM, CCM... */
+#define                EVP_CTRL_AEAD_SET_MAC_KEY       0x17
+/* Set the GCM invocation field, decrypt only */
+#define                EVP_CTRL_GCM_SET_IV_INV         0x18
+
+/* GCM TLS constants */
+/* Length of fixed part of IV derived from PRF */
+#define EVP_GCM_TLS_FIXED_IV_LEN                       4
+/* Length of explicit part of IV part of TLS records */
+#define EVP_GCM_TLS_EXPLICIT_IV_LEN                    8
+/* Length of tag for TLS */
+#define EVP_GCM_TLS_TAG_LEN                            16
 
 typedef struct evp_cipher_info_st
        {
@@ -375,7 +418,7 @@ struct evp_cipher_ctx_st
        unsigned char  oiv[EVP_MAX_IV_LENGTH];  /* original iv */
        unsigned char  iv[EVP_MAX_IV_LENGTH];   /* working iv */
        unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */
-       int num;                                /* used by cfb/ofb mode */
+       int num;                                /* used by cfb/ofb/ctr mode */
 
        void *app_data;         /* application stuff */
        int key_len;            /* May change for variable length cipher */
@@ -695,6 +738,9 @@ const EVP_MD *EVP_dev_crypto_md5(void);
 #ifndef OPENSSL_NO_RC4
 const EVP_CIPHER *EVP_rc4(void);
 const EVP_CIPHER *EVP_rc4_40(void);
+#ifndef OPENSSL_NO_MD5
+const EVP_CIPHER *EVP_rc4_hmac_md5(void);
+#endif
 #endif
 #ifndef OPENSSL_NO_IDEA
 const EVP_CIPHER *EVP_idea_ecb(void);
@@ -741,9 +787,10 @@ const EVP_CIPHER *EVP_aes_128_cfb8(void);
 const EVP_CIPHER *EVP_aes_128_cfb128(void);
 # define EVP_aes_128_cfb EVP_aes_128_cfb128
 const EVP_CIPHER *EVP_aes_128_ofb(void);
-#if 0
 const EVP_CIPHER *EVP_aes_128_ctr(void);
-#endif
+const EVP_CIPHER *EVP_aes_128_ccm(void);
+const EVP_CIPHER *EVP_aes_128_gcm(void);
+const EVP_CIPHER *EVP_aes_128_xts(void);
 const EVP_CIPHER *EVP_aes_192_ecb(void);
 const EVP_CIPHER *EVP_aes_192_cbc(void);
 const EVP_CIPHER *EVP_aes_192_cfb1(void);
@@ -751,9 +798,9 @@ const EVP_CIPHER *EVP_aes_192_cfb8(void);
 const EVP_CIPHER *EVP_aes_192_cfb128(void);
 # define EVP_aes_192_cfb EVP_aes_192_cfb128
 const EVP_CIPHER *EVP_aes_192_ofb(void);
-#if 0
 const EVP_CIPHER *EVP_aes_192_ctr(void);
-#endif
+const EVP_CIPHER *EVP_aes_192_ccm(void);
+const EVP_CIPHER *EVP_aes_192_gcm(void);
 const EVP_CIPHER *EVP_aes_256_ecb(void);
 const EVP_CIPHER *EVP_aes_256_cbc(void);
 const EVP_CIPHER *EVP_aes_256_cfb1(void);
@@ -761,8 +808,13 @@ const EVP_CIPHER *EVP_aes_256_cfb8(void);
 const EVP_CIPHER *EVP_aes_256_cfb128(void);
 # define EVP_aes_256_cfb EVP_aes_256_cfb128
 const EVP_CIPHER *EVP_aes_256_ofb(void);
-#if 0
 const EVP_CIPHER *EVP_aes_256_ctr(void);
+const EVP_CIPHER *EVP_aes_256_ccm(void);
+const EVP_CIPHER *EVP_aes_256_gcm(void);
+const EVP_CIPHER *EVP_aes_256_xts(void);
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
 #endif
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
@@ -1047,13 +1099,22 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
 #define EVP_PKEY_CTRL_CMS_DECRYPT      10
 #define EVP_PKEY_CTRL_CMS_SIGN         11
 
+#define EVP_PKEY_CTRL_CIPHER           12
+
 #define EVP_PKEY_ALG_CTRL              0x1000
 
 
 #define EVP_PKEY_FLAG_AUTOARGLEN       2
+/* Method handles all operations: don't assume any digest related
+ * defaults.
+ */
+#define EVP_PKEY_FLAG_SIGCTX_CUSTOM    4
 
 const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
 EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags);
+void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
+                               const EVP_PKEY_METHOD *meth);
+void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
 void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
 int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
 
@@ -1071,7 +1132,7 @@ int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
 void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
 
 EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
-                               unsigned char *key, int keylen);
+                               const unsigned char *key, int keylen);
 
 void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
 void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
@@ -1181,6 +1242,8 @@ void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
        int (*ctrl_str)(EVP_PKEY_CTX *ctx,
                                        const char *type, const char *value));
 
+void EVP_add_alg_module(void);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -1190,8 +1253,14 @@ void ERR_load_EVP_strings(void);
 /* Error codes for the EVP functions. */
 
 /* Function codes. */
+#define EVP_F_AESNI_INIT_KEY                            165
+#define EVP_F_AESNI_XTS_CIPHER                          176
 #define EVP_F_AES_INIT_KEY                              133
+#define EVP_F_AES_XTS                                   172
+#define EVP_F_AES_XTS_CIPHER                            175
+#define EVP_F_ALG_MODULE_INIT                           177
 #define EVP_F_CAMELLIA_INIT_KEY                                 159
+#define EVP_F_CMAC_INIT                                         173
 #define EVP_F_D2I_PKEY                                  100
 #define EVP_F_DO_SIGVER_INIT                            161
 #define EVP_F_DSAPKEY2PKCS8                             134
@@ -1246,15 +1315,24 @@ void ERR_load_EVP_strings(void);
 #define EVP_F_EVP_RIJNDAEL                              126
 #define EVP_F_EVP_SIGNFINAL                             107
 #define EVP_F_EVP_VERIFYFINAL                           108
+#define EVP_F_FIPS_CIPHERINIT                           166
+#define EVP_F_FIPS_CIPHER_CTX_COPY                      170
+#define EVP_F_FIPS_CIPHER_CTX_CTRL                      167
+#define EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH            171
+#define EVP_F_FIPS_DIGESTINIT                           168
+#define EVP_F_FIPS_MD_CTX_COPY                          169
+#define EVP_F_HMAC_INIT_EX                              174
 #define EVP_F_INT_CTX_NEW                               157
 #define EVP_F_PKCS5_PBE_KEYIVGEN                        117
 #define EVP_F_PKCS5_V2_PBE_KEYIVGEN                     118
+#define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN                  164
 #define EVP_F_PKCS8_SET_BROKEN                          112
 #define EVP_F_PKEY_SET_TYPE                             158
 #define EVP_F_RC2_MAGIC_TO_METH                                 109
 #define EVP_F_RC5_CTRL                                  125
 
 /* Reason codes. */
+#define EVP_R_AES_IV_SETUP_FAILED                       162
 #define EVP_R_AES_KEY_SETUP_FAILED                      143
 #define EVP_R_ASN1_LIB                                  140
 #define EVP_R_BAD_BLOCK_LENGTH                          136
@@ -1272,16 +1350,21 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_DECODE_ERROR                              114
 #define EVP_R_DIFFERENT_KEY_TYPES                       101
 #define EVP_R_DIFFERENT_PARAMETERS                      153
+#define EVP_R_DISABLED_FOR_FIPS                                 163
 #define EVP_R_ENCODE_ERROR                              115
+#define EVP_R_ERROR_LOADING_SECTION                     165
+#define EVP_R_ERROR_SETTING_FIPS_MODE                   166
 #define EVP_R_EVP_PBE_CIPHERINIT_ERROR                  119
 #define EVP_R_EXPECTING_AN_RSA_KEY                      127
 #define EVP_R_EXPECTING_A_DH_KEY                        128
 #define EVP_R_EXPECTING_A_DSA_KEY                       129
 #define EVP_R_EXPECTING_A_ECDSA_KEY                     141
 #define EVP_R_EXPECTING_A_EC_KEY                        142
+#define EVP_R_FIPS_MODE_NOT_SUPPORTED                   167
 #define EVP_R_INITIALIZATION_ERROR                      134
 #define EVP_R_INPUT_NOT_INITIALIZED                     111
 #define EVP_R_INVALID_DIGEST                            152
+#define EVP_R_INVALID_FIPS_MODE                                 168
 #define EVP_R_INVALID_KEY_LENGTH                        130
 #define EVP_R_INVALID_OPERATION                                 148
 #define EVP_R_IV_TOO_LARGE                              102
@@ -1303,8 +1386,10 @@ void ERR_load_EVP_strings(void);
 #define EVP_R_PRIVATE_KEY_DECODE_ERROR                  145
 #define EVP_R_PRIVATE_KEY_ENCODE_ERROR                  146
 #define EVP_R_PUBLIC_KEY_NOT_RSA                        106
+#define EVP_R_TOO_LARGE                                         164
 #define EVP_R_UNKNOWN_CIPHER                            160
 #define EVP_R_UNKNOWN_DIGEST                            161
+#define EVP_R_UNKNOWN_OPTION                            169
 #define EVP_R_UNKNOWN_PBE_ALGORITHM                     121
 #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS               135
 #define EVP_R_UNSUPPORTED_ALGORITHM                     156

diff --git a/deps/openssl/openssl/crypto/evp/evp_enc.c b/deps/openssl/openssl/crypto/evp/evp_enc.c
index c268d25..0c54f05 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/evp_enc.c
+++ b/deps/openssl/openssl/crypto/evp/evp_enc.c
@@ -64,8 +64,18 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 #include "evp_locl.h"
 
+#ifdef OPENSSL_FIPS
+#define M_do_cipher(ctx, out, in, inl) FIPS_cipher(ctx, out, in, inl)
+#else
+#define M_do_cipher(ctx, out, in, inl) ctx->cipher->do_cipher(ctx, out, in, inl)
+#endif
+
+
 const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
 
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
@@ -115,10 +125,14 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                /* Ensure a context left lying around from last time is cleared
                 * (the previous check attempted to avoid this if the same
                 * ENGINE and EVP_CIPHER could be used). */
-               EVP_CIPHER_CTX_cleanup(ctx);
-
-               /* Restore encrypt field: it is zeroed by cleanup */
-               ctx->encrypt = enc;
+               if (ctx->cipher)
+                       {
+                       unsigned long flags = ctx->flags;
+                       EVP_CIPHER_CTX_cleanup(ctx);
+                       /* Restore encrypt and flags */
+                       ctx->encrypt = enc;
+                       ctx->flags = flags;
+                       }
 #ifndef OPENSSL_NO_ENGINE
                if(impl)
                        {
@@ -155,6 +169,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
                        ctx->engine = NULL;
 #endif
 
+#ifdef OPENSSL_FIPS
+               if (FIPS_mode())
+                       return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+#endif
                ctx->cipher=cipher;
                if (ctx->cipher->ctx_size)
                        {
@@ -188,6 +206,10 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *imp
 #ifndef OPENSSL_NO_ENGINE
 skip_to_init:
 #endif
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               return FIPS_cipherinit(ctx, cipher, key, iv, enc);
+#endif
        /* we assume block size is a power of 2 in *cryptUpdate */
        OPENSSL_assert(ctx->cipher->block_size == 1
            || ctx->cipher->block_size == 8
@@ -214,6 +236,13 @@ skip_to_init:
                        memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
                        break;
 
+                       case EVP_CIPH_CTR_MODE:
+                       ctx->num = 0;
+                       /* Don't reuse IV for CTR mode */
+                       if(iv)
+                               memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+                       break;
+
                        default:
                        return 0;
                        break;
@@ -280,6 +309,16 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        {
        int i,j,bl;
 
+       if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
+               {
+               i = M_do_cipher(ctx, out, in, inl);
+               if (i < 0)
+                       return 0;
+               else
+                       *outl = i;
+               return 1;
+               }
+
        if (inl <= 0)
                {
                *outl = 0;
@@ -288,7 +327,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
 
        if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
                {
-               if(ctx->cipher->do_cipher(ctx,out,in,inl))
+               if(M_do_cipher(ctx,out,in,inl))
                        {
                        *outl=inl;
                        return 1;
@@ -315,7 +354,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
                        {
                        j=bl-i;
                        memcpy(&(ctx->buf[i]),in,j);
-                       if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0;
+                       if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
                        inl-=j;
                        in+=j;
                        out+=bl;
@@ -328,7 +367,7 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        inl-=i;
        if (inl > 0)
                {
-               if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0;
+               if(!M_do_cipher(ctx,out,in,inl)) return 0;
                *outl+=inl;
                }
 
@@ -350,6 +389,16 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        int n,ret;
        unsigned int i, b, bl;
 
+       if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
+               {
+               ret = M_do_cipher(ctx, out, NULL, 0);
+               if (ret < 0)
+                       return 0;
+               else 
+                       *outl = ret;
+               return 1;
+               }
+
        b=ctx->cipher->block_size;
        OPENSSL_assert(b <= sizeof ctx->buf);
        if (b == 1)
@@ -372,7 +421,7 @@ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        n=b-bl;
        for (i=bl; i<b; i++)
                ctx->buf[i]=n;
-       ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b);
+       ret=M_do_cipher(ctx,out,ctx->buf,b);
 
 
        if(ret)
@@ -387,6 +436,19 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
        int fix_len;
        unsigned int b;
 
+       if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
+               {
+               fix_len = M_do_cipher(ctx, out, in, inl);
+               if (fix_len < 0)
+                       {
+                       *outl = 0;
+                       return 0;
+                       }
+               else
+                       *outl = fix_len;
+               return 1;
+               }
+
        if (inl <= 0)
                {
                *outl = 0;
@@ -440,8 +502,18 @@ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        {
        int i,n;
        unsigned int b;
-
        *outl=0;
+
+       if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER)
+               {
+               i = M_do_cipher(ctx, out, NULL, 0);
+               if (i < 0)
+                       return 0;
+               else
+                       *outl = i;
+               return 1;
+               }
+
        b=ctx->cipher->block_size;
        if (ctx->flags & EVP_CIPH_NO_PADDING)
                {
@@ -496,6 +568,7 @@ void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
 
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
        {
+#ifndef OPENSSL_FIPS
        if (c->cipher != NULL)
                {
                if(c->cipher->cleanup && !c->cipher->cleanup(c))
@@ -506,12 +579,16 @@ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
                }
        if (c->cipher_data)
                OPENSSL_free(c->cipher_data);
+#endif
 #ifndef OPENSSL_NO_ENGINE
        if (c->engine)
                /* The EVP_CIPHER we used belongs to an ENGINE, release the
                 * functional reference we held for this reason. */
                ENGINE_finish(c->engine);
 #endif
+#ifdef OPENSSL_FIPS
+       FIPS_cipher_ctx_cleanup(c);
+#endif
        memset(c,0,sizeof(EVP_CIPHER_CTX));
        return 1;
        }

diff --git a/deps/openssl/openssl/crypto/evp/evp_err.c b/deps/openssl/openssl/crypto/evp/evp_err.c
index d8bfec0..08eab98 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/evp_err.c
+++ b/deps/openssl/openssl/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
 /* crypto/evp/evp_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -70,8 +70,14 @@
 
 static ERR_STRING_DATA EVP_str_functs[]=
        {
+{ERR_FUNC(EVP_F_AESNI_INIT_KEY),       "AESNI_INIT_KEY"},
+{ERR_FUNC(EVP_F_AESNI_XTS_CIPHER),     "AESNI_XTS_CIPHER"},
 {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
+{ERR_FUNC(EVP_F_AES_XTS),      "AES_XTS"},
+{ERR_FUNC(EVP_F_AES_XTS_CIPHER),       "AES_XTS_CIPHER"},
+{ERR_FUNC(EVP_F_ALG_MODULE_INIT),      "ALG_MODULE_INIT"},
 {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),    "CAMELLIA_INIT_KEY"},
+{ERR_FUNC(EVP_F_CMAC_INIT),    "CMAC_INIT"},
 {ERR_FUNC(EVP_F_D2I_PKEY),     "D2I_PKEY"},
 {ERR_FUNC(EVP_F_DO_SIGVER_INIT),       "DO_SIGVER_INIT"},
 {ERR_FUNC(EVP_F_DSAPKEY2PKCS8),        "DSAPKEY2PKCS8"},
@@ -86,7 +92,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX),    "EVP_DigestInit_ex"},
 {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX),  "EVP_EncryptFinal_ex"},
 {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX),   "EVP_MD_CTX_copy_ex"},
-{ERR_FUNC(EVP_F_EVP_MD_SIZE),  "EVP_MD_SIZE"},
+{ERR_FUNC(EVP_F_EVP_MD_SIZE),  "EVP_MD_size"},
 {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
 {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD),      "EVP_PBE_alg_add"},
 {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"},
@@ -126,9 +132,17 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
 {ERR_FUNC(EVP_F_EVP_SIGNFINAL),        "EVP_SignFinal"},
 {ERR_FUNC(EVP_F_EVP_VERIFYFINAL),      "EVP_VerifyFinal"},
+{ERR_FUNC(EVP_F_FIPS_CIPHERINIT),      "FIPS_CIPHERINIT"},
+{ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_COPY), "FIPS_CIPHER_CTX_COPY"},
+{ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_CTRL), "FIPS_CIPHER_CTX_CTRL"},
+{ERR_FUNC(EVP_F_FIPS_CIPHER_CTX_SET_KEY_LENGTH),       "FIPS_CIPHER_CTX_SET_KEY_LENGTH"},
+{ERR_FUNC(EVP_F_FIPS_DIGESTINIT),      "FIPS_DIGESTINIT"},
+{ERR_FUNC(EVP_F_FIPS_MD_CTX_COPY),     "FIPS_MD_CTX_COPY"},
+{ERR_FUNC(EVP_F_HMAC_INIT_EX), "HMAC_Init_ex"},
 {ERR_FUNC(EVP_F_INT_CTX_NEW),  "INT_CTX_NEW"},
 {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN),   "PKCS5_PBE_keyivgen"},
 {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN),        "PKCS5_v2_PBE_keyivgen"},
+{ERR_FUNC(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN),     "PKCS5_V2_PBKDF2_KEYIVGEN"},
 {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN),     "PKCS8_set_broken"},
 {ERR_FUNC(EVP_F_PKEY_SET_TYPE),        "PKEY_SET_TYPE"},
 {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH),    "RC2_MAGIC_TO_METH"},
@@ -138,6 +152,7 @@ static ERR_STRING_DATA EVP_str_functs[]=
 
 static ERR_STRING_DATA EVP_str_reasons[]=
        {
+{ERR_REASON(EVP_R_AES_IV_SETUP_FAILED)   ,"aes iv setup failed"},
 {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED)  ,"aes key setup failed"},
 {ERR_REASON(EVP_R_ASN1_LIB)              ,"asn1 lib"},
 {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH)      ,"bad block length"},
@@ -155,16 +170,21 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_DECODE_ERROR)          ,"decode error"},
 {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES)   ,"different key types"},
 {ERR_REASON(EVP_R_DIFFERENT_PARAMETERS)  ,"different parameters"},
+{ERR_REASON(EVP_R_DISABLED_FOR_FIPS)     ,"disabled for fips"},
 {ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},
+{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
+{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
 {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
 {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    ,"expecting a dh key"},
 {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   ,"expecting a dsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
 {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY)    ,"expecting a ec key"},
+{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
 {ERR_REASON(EVP_R_INITIALIZATION_ERROR)  ,"initialization error"},
 {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
 {ERR_REASON(EVP_R_INVALID_DIGEST)        ,"invalid digest"},
+{ERR_REASON(EVP_R_INVALID_FIPS_MODE)     ,"invalid fips mode"},
 {ERR_REASON(EVP_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
 {ERR_REASON(EVP_R_INVALID_OPERATION)     ,"invalid operation"},
 {ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},
@@ -186,8 +206,10 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR),"private key decode error"},
 {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR),"private key encode error"},
 {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
+{ERR_REASON(EVP_R_TOO_LARGE)             ,"too large"},
 {ERR_REASON(EVP_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
 {ERR_REASON(EVP_R_UNKNOWN_DIGEST)        ,"unknown digest"},
+{ERR_REASON(EVP_R_UNKNOWN_OPTION)        ,"unknown option"},
 {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
 {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
 {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM) ,"unsupported algorithm"},

diff --git a/deps/openssl/openssl/crypto/evp/evp_key.c b/deps/openssl/openssl/crypto/evp/evp_key.c
index 839d6a3..7961fbe 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/evp_key.c
+++ b/deps/openssl/openssl/crypto/evp/evp_key.c
@@ -120,7 +120,7 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
        unsigned char md_buf[EVP_MAX_MD_SIZE];
        int niv,nkey,addmd=0;
        unsigned int mds=0,i;
-
+       int rv = 0;
        nkey=type->key_len;
        niv=type->iv_len;
        OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
@@ -134,17 +134,24 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
                if (!EVP_DigestInit_ex(&c,md, NULL))
                        return 0;
                if (addmd++)
-                       EVP_DigestUpdate(&c,&(md_buf[0]),mds);
-               EVP_DigestUpdate(&c,data,datal);
+                       if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds))
+                               goto err;
+               if (!EVP_DigestUpdate(&c,data,datal))
+                       goto err;
                if (salt != NULL)
-                       EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);
-               EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
+                       if (!EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN))
+                               goto err;
+               if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds))
+                       goto err;
 
                for (i=1; i<(unsigned int)count; i++)
                        {
-                       EVP_DigestInit_ex(&c,md, NULL);
-                       EVP_DigestUpdate(&c,&(md_buf[0]),mds);
-                       EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
+                       if (!EVP_DigestInit_ex(&c,md, NULL))
+                               goto err;
+                       if (!EVP_DigestUpdate(&c,&(md_buf[0]),mds))
+                               goto err;
+                       if (!EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds))
+                               goto err;
                        }
                i=0;
                if (nkey)
@@ -173,8 +180,10 @@ int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
                        }
                if ((nkey == 0) && (niv == 0)) break;
                }
+       rv = type->key_len;
+       err:
        EVP_MD_CTX_cleanup(&c);
        OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
-       return(type->key_len);
+       return rv;
        }
 

diff --git a/deps/openssl/openssl/crypto/evp/evp_lib.c b/deps/openssl/openssl/crypto/evp/evp_lib.c
index 40951a0..b180e48 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/evp_lib.c
+++ b/deps/openssl/openssl/crypto/evp/evp_lib.c
@@ -67,6 +67,8 @@ int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 
        if (c->cipher->set_asn1_parameters != NULL)
                ret=c->cipher->set_asn1_parameters(c,type);
+       else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
+               ret=EVP_CIPHER_set_asn1_iv(c, type);
        else
                ret=-1;
        return(ret);
@@ -78,6 +80,8 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
 
        if (c->cipher->get_asn1_parameters != NULL)
                ret=c->cipher->get_asn1_parameters(c,type);
+       else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
+               ret=EVP_CIPHER_get_asn1_iv(c, type);
        else
                ret=-1;
        return(ret);

diff --git a/deps/openssl/openssl/crypto/evp/evp_locl.h b/deps/openssl/openssl/crypto/evp/evp_locl.h
index 292d74c..08c0a66 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/evp_locl.h
+++ b/deps/openssl/openssl/crypto/evp/evp_locl.h
@@ -343,3 +343,43 @@ struct evp_pkey_method_st
        } /* EVP_PKEY_METHOD */;
 
 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
+
+int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                            ASN1_TYPE *param,
+                            const EVP_CIPHER *c, const EVP_MD *md, int en_de);
+
+#ifdef OPENSSL_FIPS
+
+#ifdef OPENSSL_DOING_MAKEDEPEND
+#undef SHA1_Init
+#undef SHA1_Update
+#undef SHA224_Init
+#undef SHA256_Init
+#undef SHA384_Init
+#undef SHA512_Init
+#undef DES_set_key_unchecked
+#endif
+
+#define RIPEMD160_Init private_RIPEMD160_Init
+#define WHIRLPOOL_Init private_WHIRLPOOL_Init
+#define MD5_Init       private_MD5_Init
+#define MD4_Init       private_MD4_Init
+#define MD2_Init       private_MD2_Init
+#define MDC2_Init      private_MDC2_Init
+#define SHA_Init       private_SHA_Init
+#define SHA1_Init      private_SHA1_Init
+#define SHA224_Init    private_SHA224_Init
+#define SHA256_Init    private_SHA256_Init
+#define SHA384_Init    private_SHA384_Init
+#define SHA512_Init    private_SHA512_Init
+
+#define BF_set_key     private_BF_set_key
+#define CAST_set_key   private_CAST_set_key
+#define idea_set_encrypt_key   private_idea_set_encrypt_key
+#define SEED_set_key   private_SEED_set_key
+#define RC2_set_key    private_RC2_set_key
+#define RC4_set_key    private_RC4_set_key
+#define DES_set_key_unchecked  private_DES_set_key_unchecked
+#define Camellia_set_key       private_Camellia_set_key
+
+#endif

diff --git a/deps/openssl/openssl/crypto/evp/evp_pbe.c b/deps/openssl/openssl/crypto/evp/evp_pbe.c
index c9d932d..f8c32d8 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/evp_pbe.c
+++ b/deps/openssl/openssl/crypto/evp/evp_pbe.c
@@ -61,6 +61,7 @@
 #include <openssl/evp.h>
 #include <openssl/pkcs12.h>
 #include <openssl/x509.h>
+#include "evp_locl.h"
 
 /* Password based encryption (PBE) functions */
 
@@ -87,6 +88,10 @@ static const EVP_PBE_CTL builtin_pbe[] =
        {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
                        NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},
 
+#ifndef OPENSSL_NO_HMAC
+       {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
+#endif
+
        {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
                        NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},
        {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4,

diff --git a/deps/openssl/openssl/crypto/evp/evptests.txt b/deps/openssl/openssl/crypto/evp/evptests.txt
index beb1214..c273707 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/evptests.txt
+++ b/deps/openssl/openssl/crypto/evp/evptests.txt
@@ -158,6 +158,19 @@ AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:B7B
 AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:E1C656305ED1A7A6563805746FE03EDC:30C81C46A35CE411E5FBC1191A0A52EF:71AB47A086E86EEDF39D1C5BBA97C408:0
 AES-256-OFB:603DEB1015CA71BE2B73AEF0857D77811F352C073B6108D72D9810A30914DFF4:41635BE625B48AFC1666DD42A09D96E7:F69F2445DF4F9B17AD2B417BE66C3710:0126141D67F37BE8538F5A8BE740E484:0
 
+# AES Counter test vectors from RFC3686
+aes-128-ctr:AE6852F8121067CC4BF7A5765577F39E:00000030000000000000000000000001:53696E676C6520626C6F636B206D7367:E4095D4FB7A7B3792D6175A3261311B8:1
+aes-128-ctr:7E24067817FAE0D743D6CE1F32539163:006CB6DBC0543B59DA48D90B00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:5104A106168A72D9790D41EE8EDAD388EB2E1EFC46DA57C8FCE630DF9141BE28:1
+aes-128-ctr:7691BE035E5020A8AC6E618529F9A0DC:00E0017B27777F3F4A1786F000000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:C1CF48A89F2FFDD9CF4652E9EFDB72D74540A42BDE6D7836D59A5CEAAEF3105325B2072F:1
+
+aes-192-ctr:16AF5B145FC9F579C175F93E3BFB0EED863D06CCFDB78515:0000004836733C147D6D93CB00000001:53696E676C6520626C6F636B206D7367:4B55384FE259C9C84E7935A003CBE928:1
+aes-192-ctr:7C5CB2401B3DC33C19E7340819E0F69C678C3DB8E6F6A91A:0096B03B020C6EADC2CB500D00000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:453243FC609B23327EDFAAFA7131CD9F8490701C5AD4A79CFC1FE0FF42F4FB00:1
+aes-192-ctr:02BF391EE8ECB159B959617B0965279BF59B60A786D3E0FE:0007BDFD5CBD60278DCC091200000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:96893FC55E5C722F540B7DD1DDF7E758D288BC95C69165884536C811662F2188ABEE0935:1
+
+aes-256-ctr:776BEFF2851DB06F4C8A0542C8696F6C6A81AF1EEC96B4D37FC1D689E6C1C104:00000060DB5672C97AA8F0B200000001:53696E676C6520626C6F636B206D7367:145AD01DBF824EC7560863DC71E3E0C0:1
+aes-256-ctr:F6D66D6BD52D59BB0796365879EFF886C66DD51A5B6A99744B50590C87A23884:00FAAC24C1585EF15A43D87500000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F:F05E231B3894612C49EE000B804EB2A9B8306B508F839D6A5530831D9344AF1C:1
+aes-256-ctr:FF7A617CE69148E4F1726E2F43581DE2AA62D9F805532EDFF1EED687FB54153D:001CC5B751A51D70A1C1114800000001:000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223:EB6C52821D0BBBF7CE7594462ACA4FAAB407DF866569FD07F48CC0B583D6071F1EC0E6B8:1
+
 # DES ECB tests (from destest)
 
 DES-ECB:0000000000000000::0000000000000000:8CA64DE9C1B123A7

diff --git a/deps/openssl/openssl/crypto/evp/m_dss.c b/deps/openssl/openssl/crypto/evp/m_dss.c
index 48c2689..6fb7e9a 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/m_dss.c
+++ b/deps/openssl/openssl/crypto/evp/m_dss.c
@@ -60,12 +60,13 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 
 #ifndef OPENSSL_NO_SHA
+#ifndef OPENSSL_FIPS
 
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
@@ -97,3 +98,4 @@ const EVP_MD *EVP_dss(void)
        return(&dsa_md);
        }
 #endif
+#endif

diff --git a/deps/openssl/openssl/crypto/evp/m_dss1.c b/deps/openssl/openssl/crypto/evp/m_dss1.c
index 4f03fb7..2df362a 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/m_dss1.c
+++ b/deps/openssl/openssl/crypto/evp/m_dss1.c
@@ -63,11 +63,13 @@
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
 
+#ifndef OPENSSL_FIPS 
+
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
 
@@ -98,3 +100,4 @@ const EVP_MD *EVP_dss1(void)
        return(&dss1_md);
        }
 #endif
+#endif

diff --git a/deps/openssl/openssl/crypto/evp/m_ecdsa.c b/deps/openssl/openssl/crypto/evp/m_ecdsa.c
index 8d87a49..4b15fb0 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/m_ecdsa.c
+++ b/deps/openssl/openssl/crypto/evp/m_ecdsa.c
@@ -116,6 +116,8 @@
 #include <openssl/x509.h>
 
 #ifndef OPENSSL_NO_SHA
+#ifndef OPENSSL_FIPS
+
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
 
@@ -146,3 +148,4 @@ const EVP_MD *EVP_ecdsa(void)
        return(&ecdsa_md);
        }
 #endif
+#endif

diff --git a/deps/openssl/openssl/crypto/evp/m_md4.c b/deps/openssl/openssl/crypto/evp/m_md4.c
index 1e0b7c5..6d47f61 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/m_md4.c
+++ b/deps/openssl/openssl/crypto/evp/m_md4.c
@@ -69,6 +69,8 @@
 #include <openssl/rsa.h>
 #endif
 
+#include "evp_locl.h"
+
 static int init(EVP_MD_CTX *ctx)
        { return MD4_Init(ctx->md_data); }
 

diff --git a/deps/openssl/openssl/crypto/evp/m_md5.c b/deps/openssl/openssl/crypto/evp/m_md5.c
index 63c1421..9a8bae0 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/m_md5.c
+++ b/deps/openssl/openssl/crypto/evp/m_md5.c
@@ -68,6 +68,7 @@
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
+#include "evp_locl.h"
 
 static int init(EVP_MD_CTX *ctx)
        { return MD5_Init(ctx->md_data); }

diff --git a/deps/openssl/openssl/crypto/evp/m_mdc2.c b/deps/openssl/openssl/crypto/evp/m_mdc2.c
index b08d559..3602bed 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/m_mdc2.c
+++ b/deps/openssl/openssl/crypto/evp/m_mdc2.c
@@ -69,6 +69,8 @@
 #include <openssl/rsa.h>
 #endif
 
+#include "evp_locl.h"
+
 static int init(EVP_MD_CTX *ctx)
        { return MDC2_Init(ctx->md_data); }
 

diff --git a/deps/openssl/openssl/crypto/evp/m_ripemd.c b/deps/openssl/openssl/crypto/evp/m_ripemd.c
index a1d60ee..7bf4804 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/m_ripemd.c
+++ b/deps/openssl/openssl/crypto/evp/m_ripemd.c
@@ -68,6 +68,7 @@
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
+#include "evp_locl.h"
 
 static int init(EVP_MD_CTX *ctx)
        { return RIPEMD160_Init(ctx->md_data); }

diff --git a/deps/openssl/openssl/crypto/evp/m_sha.c b/deps/openssl/openssl/crypto/evp/m_sha.c
index acccc8f..8769cdd 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/m_sha.c
+++ b/deps/openssl/openssl/crypto/evp/m_sha.c
@@ -67,6 +67,7 @@
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
+#include "evp_locl.h"
 
 static int init(EVP_MD_CTX *ctx)
        { return SHA_Init(ctx->md_data); }

diff --git a/deps/openssl/openssl/crypto/evp/m_sha1.c b/deps/openssl/openssl/crypto/evp/m_sha1.c
index 9a2790f..bd0c01a 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/m_sha1.c
+++ b/deps/openssl/openssl/crypto/evp/m_sha1.c
@@ -59,15 +59,18 @@
 #include <stdio.h>
 #include "cryptlib.h"
 
+#ifndef OPENSSL_FIPS
+
 #ifndef OPENSSL_NO_SHA
 
 #include <openssl/evp.h>
 #include <openssl/objects.h>
-#include <openssl/x509.h>
+#include <openssl/sha.h>
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
 
+
 static int init(EVP_MD_CTX *ctx)
        { return SHA1_Init(ctx->md_data); }
 
@@ -202,3 +205,5 @@ static const EVP_MD sha512_md=
 const EVP_MD *EVP_sha512(void)
        { return(&sha512_md); }
 #endif /* ifndef OPENSSL_NO_SHA512 */
+
+#endif

diff --git a/deps/openssl/openssl/crypto/evp/m_wp.c b/deps/openssl/openssl/crypto/evp/m_wp.c
index 1ce47c0..c51bc2d 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/m_wp.c
+++ b/deps/openssl/openssl/crypto/evp/m_wp.c
@@ -9,6 +9,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/whrlpool.h>
+#include "evp_locl.h"
 
 static int init(EVP_MD_CTX *ctx)
        { return WHIRLPOOL_Init(ctx->md_data); }

diff --git a/deps/openssl/openssl/crypto/evp/names.c b/deps/openssl/openssl/crypto/evp/names.c
index f2869f5..6311ad7 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/names.c
+++ b/deps/openssl/openssl/crypto/evp/names.c
@@ -66,6 +66,10 @@ int EVP_add_cipher(const EVP_CIPHER *c)
        {
        int r;
 
+       if (c == NULL) return 0;
+
+       OPENSSL_init();
+
        r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
        if (r == 0) return(0);
        check_defer(c->nid);
@@ -78,6 +82,7 @@ int EVP_add_digest(const EVP_MD *md)
        {
        int r;
        const char *name;
+       OPENSSL_init();
 
        name=OBJ_nid2sn(md->type);
        r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);

diff --git a/deps/openssl/openssl/crypto/evp/p5_crpt.c b/deps/openssl/openssl/crypto/evp/p5_crpt.c
index 7ecfa8d..294cc90 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/p5_crpt.c
+++ b/deps/openssl/openssl/crypto/evp/p5_crpt.c
@@ -82,6 +82,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
        unsigned char *salt;
        const unsigned char *pbuf;
        int mdsize;
+       int rv = 0;
+       EVP_MD_CTX_init(&ctx);
 
        /* Extract useful info from parameter */
        if (param == NULL || param->type != V_ASN1_SEQUENCE ||
@@ -104,29 +106,38 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
        if(!pass) passlen = 0;
        else if(passlen == -1) passlen = strlen(pass);
 
-       EVP_MD_CTX_init(&ctx);
-       EVP_DigestInit_ex(&ctx, md, NULL);
-       EVP_DigestUpdate(&ctx, pass, passlen);
-       EVP_DigestUpdate(&ctx, salt, saltlen);
+       if (!EVP_DigestInit_ex(&ctx, md, NULL))
+               goto err;
+       if (!EVP_DigestUpdate(&ctx, pass, passlen))
+               goto err;
+       if (!EVP_DigestUpdate(&ctx, salt, saltlen))
+               goto err;
        PBEPARAM_free(pbe);
-       EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
+       if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL))
+               goto err;
        mdsize = EVP_MD_size(md);
        if (mdsize < 0)
            return 0;
        for (i = 1; i < iter; i++) {
-               EVP_DigestInit_ex(&ctx, md, NULL);
-               EVP_DigestUpdate(&ctx, md_tmp, mdsize);
-               EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
+               if (!EVP_DigestInit_ex(&ctx, md, NULL))
+                       goto err;
+               if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize))
+                       goto err;
+               if (!EVP_DigestFinal_ex (&ctx, md_tmp, NULL))
+                       goto err;
        }
-       EVP_MD_CTX_cleanup(&ctx);
        OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
        memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
        OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
        memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
                                                 EVP_CIPHER_iv_length(cipher));
-       EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
+       if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
+               goto err;
        OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
        OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
        OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
-       return 1;
+       rv = 1;
+       err:
+       EVP_MD_CTX_cleanup(&ctx);
+       return rv;
 }

diff --git a/deps/openssl/openssl/crypto/evp/p5_crpt2.c b/deps/openssl/openssl/crypto/evp/p5_crpt2.c
index 334379f..975d004 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/p5_crpt2.c
+++ b/deps/openssl/openssl/crypto/evp/p5_crpt2.c
@@ -62,6 +62,7 @@
 #include <openssl/x509.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
+#include "evp_locl.h"
 
 /* set this to print out info about the keygen algorithm */
 /* #define DEBUG_PKCS5V2 */
@@ -110,10 +111,14 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                itmp[1] = (unsigned char)((i >> 16) & 0xff);
                itmp[2] = (unsigned char)((i >> 8) & 0xff);
                itmp[3] = (unsigned char)(i & 0xff);
-               HMAC_Init_ex(&hctx, pass, passlen, digest, NULL);
-               HMAC_Update(&hctx, salt, saltlen);
-               HMAC_Update(&hctx, itmp, 4);
-               HMAC_Final(&hctx, digtmp, NULL);
+               if (!HMAC_Init_ex(&hctx, pass, passlen, digest, NULL)
+                       || !HMAC_Update(&hctx, salt, saltlen)
+                       || !HMAC_Update(&hctx, itmp, 4)
+                       || !HMAC_Final(&hctx, digtmp, NULL))
+                       {
+                       HMAC_CTX_cleanup(&hctx);
+                       return 0;
+                       }
                memcpy(p, digtmp, cplen);
                for(j = 1; j < iter; j++)
                        {
@@ -168,27 +173,24 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
                          ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,
                          int en_de)
 {
-       unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
        const unsigned char *pbuf;
-       int saltlen, iter, plen;
-       unsigned int keylen;
+       int plen;
        PBE2PARAM *pbe2 = NULL;
        const EVP_CIPHER *cipher;
-       PBKDF2PARAM *kdf = NULL;
-       const EVP_MD *prfmd;
-       int prf_nid, hmac_md_nid;
+
+       int rv = 0;
 
        if (param == NULL || param->type != V_ASN1_SEQUENCE ||
            param->value.sequence == NULL) {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-               return 0;
+               goto err;
        }
 
        pbuf = param->value.sequence->data;
        plen = param->value.sequence->length;
        if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-               return 0;
+               goto err;
        }
 
        /* See if we recognise the key derivation function */
@@ -211,38 +213,63 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        }
 
        /* Fixup cipher based on AlgorithmIdentifier */
-       EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);
+       if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
+               goto err;
        if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
                EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
                                        EVP_R_CIPHER_PARAMETER_ERROR);
                goto err;
        }
+       rv = PKCS5_v2_PBKDF2_keyivgen(ctx, pass, passlen,
+                                       pbe2->keyfunc->parameter, c, md, en_de);
+       err:
+       PBE2PARAM_free(pbe2);
+       return rv;
+}
+
+int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                         ASN1_TYPE *param,
+                        const EVP_CIPHER *c, const EVP_MD *md, int en_de)
+{
+       unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
+       const unsigned char *pbuf;
+       int saltlen, iter, plen;
+       int rv = 0;
+       unsigned int keylen = 0;
+       int prf_nid, hmac_md_nid;
+       PBKDF2PARAM *kdf = NULL;
+       const EVP_MD *prfmd;
+
+       if (EVP_CIPHER_CTX_cipher(ctx) == NULL)
+               {
+               EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_NO_CIPHER_SET);
+               goto err;
+               }
        keylen = EVP_CIPHER_CTX_key_length(ctx);
        OPENSSL_assert(keylen <= sizeof key);
 
-       /* Now decode key derivation function */
+       /* Decode parameter */
 
-       if(!pbe2->keyfunc->parameter ||
-                (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE))
+       if(!param || (param->type != V_ASN1_SEQUENCE))
                {
-               EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+               EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_DECODE_ERROR);
                goto err;
                }
 
-       pbuf = pbe2->keyfunc->parameter->value.sequence->data;
-       plen = pbe2->keyfunc->parameter->value.sequence->length;
+       pbuf = param->value.sequence->data;
+       plen = param->value.sequence->length;
+
        if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
-               EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
+               EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,EVP_R_DECODE_ERROR);
                goto err;
        }
 
-       PBE2PARAM_free(pbe2);
-       pbe2 = NULL;
+       keylen = EVP_CIPHER_CTX_key_length(ctx);
 
        /* Now check the parameters of the kdf */
 
        if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
-               EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+               EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,
                                                EVP_R_UNSUPPORTED_KEYLENGTH);
                goto err;
        }
@@ -254,19 +281,19 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
 
        if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0))
                {
-               EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+               EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
                goto err;
                }
 
        prfmd = EVP_get_digestbynid(hmac_md_nid);
        if (prfmd == NULL)
                {
-               EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+               EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
                goto err;
                }
 
        if(kdf->salt->type != V_ASN1_OCTET_STRING) {
-               EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+               EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN,
                                                EVP_R_UNSUPPORTED_SALT_TYPE);
                goto err;
        }
@@ -278,15 +305,11 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
        if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
                                                   keylen, key))
                goto err;
-       EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
-       OPENSSL_cleanse(key, keylen);
-       PBKDF2PARAM_free(kdf);
-       return 1;
-
+       rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
        err:
-       PBE2PARAM_free(pbe2);
+       OPENSSL_cleanse(key, keylen);
        PBKDF2PARAM_free(kdf);
-       return 0;
+       return rv;
 }
 
 #ifdef DEBUG_PKCS5V2

diff --git a/deps/openssl/openssl/crypto/evp/p_open.c b/deps/openssl/openssl/crypto/evp/p_open.c
index 53a59a2..c748fbe 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/p_open.c
+++ b/deps/openssl/openssl/crypto/evp/p_open.c
@@ -115,7 +115,8 @@ int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        int i;
 
        i=EVP_DecryptFinal_ex(ctx,out,outl);
-       EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL);
+       if (i)
+               i = EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL);
        return(i);
        }
 #else /* !OPENSSL_NO_RSA */

diff --git a/deps/openssl/openssl/crypto/evp/p_seal.c b/deps/openssl/openssl/crypto/evp/p_seal.c
index d832452..e5919b0 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/p_seal.c
+++ b/deps/openssl/openssl/crypto/evp/p_seal.c
@@ -110,6 +110,7 @@ int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
        {
        int i;
        i = EVP_EncryptFinal_ex(ctx,out,outl);
-       EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
+       if (i) 
+               i = EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
        return i;
        }

diff --git a/deps/openssl/openssl/crypto/evp/p_sign.c b/deps/openssl/openssl/crypto/evp/p_sign.c
index bb893f5..8afb664 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/p_sign.c
+++ b/deps/openssl/openssl/crypto/evp/p_sign.c
@@ -80,18 +80,20 @@ int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
        {
        unsigned char m[EVP_MAX_MD_SIZE];
        unsigned int m_len;
-       int i,ok=0,v;
+       int i = 0,ok = 0,v;
        EVP_MD_CTX tmp_ctx;
+       EVP_PKEY_CTX *pkctx = NULL;
 
        *siglen=0;
        EVP_MD_CTX_init(&tmp_ctx);
-       EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);   
-       EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
+       if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
+               goto err;  
+       if (!EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len))
+               goto err;
        EVP_MD_CTX_cleanup(&tmp_ctx);
 
        if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
                {
-               EVP_PKEY_CTX *pkctx = NULL;
                size_t sltmp = (size_t)EVP_PKEY_size(pkey);
                i = 0;
                pkctx = EVP_PKEY_CTX_new(pkey, NULL);

diff --git a/deps/openssl/openssl/crypto/evp/p_verify.c b/deps/openssl/openssl/crypto/evp/p_verify.c
index 41d4b67..c66d63c 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/p_verify.c
+++ b/deps/openssl/openssl/crypto/evp/p_verify.c
@@ -67,17 +67,19 @@ int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
        {
        unsigned char m[EVP_MAX_MD_SIZE];
        unsigned int m_len;
-       int i,ok=0,v;
+       int i = 0,ok = 0,v;
        EVP_MD_CTX tmp_ctx;
+       EVP_PKEY_CTX *pkctx = NULL;
 
        EVP_MD_CTX_init(&tmp_ctx);
-       EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);     
-       EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
+       if (!EVP_MD_CTX_copy_ex(&tmp_ctx,ctx))
+               goto err;    
+       if (!EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len))
+               goto err;
        EVP_MD_CTX_cleanup(&tmp_ctx);
 
        if (ctx->digest->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE)
                {
-               EVP_PKEY_CTX *pkctx = NULL;
                i = -1;
                pkctx = EVP_PKEY_CTX_new(pkey, NULL);
                if (!pkctx)

diff --git a/deps/openssl/openssl/crypto/evp/pmeth_gn.c b/deps/openssl/openssl/crypto/evp/pmeth_gn.c
index 5d74161..4651c81 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/pmeth_gn.c
+++ b/deps/openssl/openssl/crypto/evp/pmeth_gn.c
@@ -199,7 +199,7 @@ int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx)
        }
 
 EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
-                               unsigned char *key, int keylen)
+                               const unsigned char *key, int keylen)
        {
        EVP_PKEY_CTX *mac_ctx = NULL;
        EVP_PKEY *mac_key = NULL;
@@ -209,7 +209,8 @@ EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
        if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
                goto merr;
        if (EVP_PKEY_CTX_ctrl(mac_ctx, -1, EVP_PKEY_OP_KEYGEN,
-                               EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key) <= 0)
+                               EVP_PKEY_CTRL_SET_MAC_KEY,
+                               keylen, (void *)key) <= 0)
                goto merr;
        if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
                goto merr;

diff --git a/deps/openssl/openssl/crypto/evp/pmeth_lib.c b/deps/openssl/openssl/crypto/evp/pmeth_lib.c
index 5481d4b..acfa7b6 100644 (file)
--- a/deps/openssl/openssl/crypto/evp/pmeth_lib.c
+++ b/deps/openssl/openssl/crypto/evp/pmeth_lib.c
@@ -73,7 +73,7 @@ DECLARE_STACK_OF(EVP_PKEY_METHOD)
 STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
 
 extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
-extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth;
+extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
 
 static const EVP_PKEY_METHOD *standard_methods[] =
        {
@@ -90,6 +90,7 @@ static const EVP_PKEY_METHOD *standard_methods[] =
        &ec_pkey_meth,
 #endif
        &hmac_pkey_meth,
+       &cmac_pkey_meth
        };
 
 DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
@@ -203,6 +204,8 @@ EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags)
        if (!pmeth)
                return NULL;
 
+       memset(pmeth, 0, sizeof(EVP_PKEY_METHOD));
+
        pmeth->pkey_id = id;
        pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
 
@@ -235,6 +238,56 @@ EVP_PKEY_METHOD* EVP_PKEY_meth_new(int id, int flags)
        return pmeth;
        }
 
+void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
+                               const EVP_PKEY_METHOD *meth)
+       {
+       if (ppkey_id)
+               *ppkey_id = meth->pkey_id;
+       if (pflags)
+               *pflags = meth->flags;
+       }
+
+void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src)
+       {
+
+       dst->init = src->init;
+       dst->copy = src->copy;
+       dst->cleanup = src->cleanup;
+
+       dst->paramgen_init = src->paramgen_init;
+       dst->paramgen = src->paramgen;
+
+       dst->keygen_init = src->keygen_init;
+       dst->keygen = src->keygen;
+
+       dst->sign_init = src->sign_init;
+       dst->sign = src->sign;
+
+       dst->verify_init = src->verify_init;
+       dst->verify = src->verify;
+
+       dst->verify_recover_init = src->verify_recover_init;
+       dst->verify_recover = src->verify_recover;
+
+       dst->signctx_init = src->signctx_init;
+       dst->signctx = src->signctx;
+
+       dst->verifyctx_init = src->verifyctx_init;
+       dst->verifyctx = src->verifyctx;
+
+       dst->encrypt_init = src->encrypt_init;
+       dst->encrypt = src->encrypt;
+
+       dst->decrypt_init = src->decrypt_init;
+       dst->decrypt = src->decrypt;
+
+       dst->derive_init = src->derive_init;
+       dst->derive = src->derive;
+
+       dst->ctrl = src->ctrl;
+       dst->ctrl_str = src->ctrl_str;
+       }
+
 void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
        {
        if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC))

diff --git a/deps/openssl/openssl/crypto/hmac/hm_ameth.c b/deps/openssl/openssl/crypto/hmac/hm_ameth.c
index 6d8a891..e03f24a 100644 (file)
--- a/deps/openssl/openssl/crypto/hmac/hm_ameth.c
+++ b/deps/openssl/openssl/crypto/hmac/hm_ameth.c
@@ -153,7 +153,7 @@ const EVP_PKEY_ASN1_METHOD hmac_asn1_meth =
 
        hmac_size,
        0,
-       0,0,0,0,0,0,
+       0,0,0,0,0,0,0,
 
        hmac_key_free,
        hmac_pkey_ctrl,

diff --git a/deps/openssl/openssl/crypto/hmac/hm_pmeth.c b/deps/openssl/openssl/crypto/hmac/hm_pmeth.c
index 71e8567..0daa445 100644 (file)
--- a/deps/openssl/openssl/crypto/hmac/hm_pmeth.c
+++ b/deps/openssl/openssl/crypto/hmac/hm_pmeth.c
@@ -100,7 +100,8 @@ static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
        dctx = dst->data;
        dctx->md = sctx->md;
        HMAC_CTX_init(&dctx->ctx);
-       HMAC_CTX_copy(&dctx->ctx, &sctx->ctx);
+       if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx))
+               return 0;
        if (sctx->ktmp.data)
                {
                if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
@@ -141,7 +142,8 @@ static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
 static int int_update(EVP_MD_CTX *ctx,const void *data,size_t count)
        {
        HMAC_PKEY_CTX *hctx = ctx->pctx->data;
-       HMAC_Update(&hctx->ctx, data, count);
+       if (!HMAC_Update(&hctx->ctx, data, count))
+               return 0;
        return 1;
        }
 
@@ -167,7 +169,8 @@ static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
        if (!sig)
                return 1;
 
-       HMAC_Final(&hctx->ctx, sig, &hlen);
+       if (!HMAC_Final(&hctx->ctx, sig, &hlen))
+               return 0;
        *siglen = (size_t)hlen;
        return 1;
        }
@@ -192,8 +195,9 @@ static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 
                case EVP_PKEY_CTRL_DIGESTINIT:
                key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
-               HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md,
-                               ctx->engine);
+               if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md,
+                               ctx->engine))
+                       return 0;
                break;
 
                default:

diff --git a/deps/openssl/openssl/crypto/hmac/hmac.c b/deps/openssl/openssl/crypto/hmac/hmac.c
index 6c98fc4..ba27cbf 100644 (file)
--- a/deps/openssl/openssl/crypto/hmac/hmac.c
+++ b/deps/openssl/openssl/crypto/hmac/hmac.c
@@ -61,12 +61,34 @@
 #include "cryptlib.h"
 #include <openssl/hmac.h>
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
                  const EVP_MD *md, ENGINE *impl)
        {
        int i,j,reset=0;
        unsigned char pad[HMAC_MAX_MD_CBLOCK];
 
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               {
+               /* If we have an ENGINE need to allow non FIPS */
+               if ((impl || ctx->i_ctx.engine)
+                       &&  !(ctx->i_ctx.flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
+                       {
+                       EVPerr(EVP_F_HMAC_INIT_EX, EVP_R_DISABLED_FOR_FIPS);
+                       return 0;
+                       }
+               /* Other algorithm blocking will be done in FIPS_cmac_init,
+                * via FIPS_hmac_init_ex().
+                */
+               if (!impl && !ctx->i_ctx.engine)
+                       return FIPS_hmac_init_ex(ctx, key, len, md, NULL);
+               }
+#endif
+
        if (md != NULL)
                {
                reset=1;
@@ -133,6 +155,10 @@ int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
 
 int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
        {
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !ctx->i_ctx.engine)
+               return FIPS_hmac_update(ctx, data, len);
+#endif
        return EVP_DigestUpdate(&ctx->md_ctx,data,len);
        }
 
@@ -140,6 +166,10 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
        {
        unsigned int i;
        unsigned char buf[EVP_MAX_MD_SIZE];
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !ctx->i_ctx.engine)
+               return FIPS_hmac_final(ctx, md, len);
+#endif
 
        if (!EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i))
                goto err;
@@ -179,6 +209,13 @@ int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
 
 void HMAC_CTX_cleanup(HMAC_CTX *ctx)
        {
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !ctx->i_ctx.engine)
+               {
+               FIPS_hmac_ctx_cleanup(ctx);
+               return;
+               }
+#endif
        EVP_MD_CTX_cleanup(&ctx->i_ctx);
        EVP_MD_CTX_cleanup(&ctx->o_ctx);
        EVP_MD_CTX_cleanup(&ctx->md_ctx);

diff --git a/deps/openssl/openssl/crypto/ia64cpuid.S b/deps/openssl/openssl/crypto/ia64cpuid.S
index d705fff..7832b9b 100644 (file)
--- a/deps/openssl/openssl/crypto/ia64cpuid.S
+++ b/deps/openssl/openssl/crypto/ia64cpuid.S
@@ -26,7 +26,7 @@ OPENSSL_atomic_add:
 { .mii;        mov             ar.ccv=r2
        add             r8=r2,r33
        mov             r3=r2           };;
-{ .mmi;        mf
+{ .mmi;        mf;;
        cmpxchg4.acq    r2=[r32],r8,ar.ccv
        nop.i           0               };;
 { .mib;        cmp.ne          p6,p0=r2,r3

diff --git a/deps/openssl/openssl/crypto/idea/Makefile b/deps/openssl/openssl/crypto/idea/Makefile
index b2e7add..8af0acd 100644 (file)
--- a/deps/openssl/openssl/crypto/idea/Makefile
+++ b/deps/openssl/openssl/crypto/idea/Makefile
@@ -82,5 +82,8 @@ i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
 i_ecb.o: ../../include/openssl/opensslv.h i_ecb.c idea_lcl.h
 i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
 i_ofb64.o: i_ofb64.c idea_lcl.h
+i_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
-i_skey.o: i_skey.c idea_lcl.h
+i_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+i_skey.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+i_skey.o: ../../include/openssl/symhacks.h i_skey.c idea_lcl.h

diff --git a/deps/openssl/openssl/crypto/idea/i_skey.c b/deps/openssl/openssl/crypto/idea/i_skey.c
index 1c95bc9..afb8309 100644 (file)
--- a/deps/openssl/openssl/crypto/idea/i_skey.c
+++ b/deps/openssl/openssl/crypto/idea/i_skey.c
@@ -56,11 +56,19 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/crypto.h>
 #include <openssl/idea.h>
 #include "idea_lcl.h"
 
 static IDEA_INT inverse(unsigned int xin);
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
+#ifdef OPENSSL_FIPS
+       {
+       fips_cipher_abort(IDEA);
+       private_idea_set_encrypt_key(key, ks);
+       }
+void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
+#endif
        {
        int i;
        register IDEA_INT *kt,*kf,r0,r1,r2;

diff --git a/deps/openssl/openssl/crypto/idea/idea.h b/deps/openssl/openssl/crypto/idea/idea.h
index 5782e54..e9a1e7f 100644 (file)
--- a/deps/openssl/openssl/crypto/idea/idea.h
+++ b/deps/openssl/openssl/crypto/idea/idea.h
@@ -83,6 +83,9 @@ typedef struct idea_key_st
 const char *idea_options(void);
 void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
        IDEA_KEY_SCHEDULE *ks);
+#ifdef OPENSSL_FIPS
+void private_idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
+#endif
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
 void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
 void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,

diff --git a/deps/openssl/openssl/crypto/install-crypto.com b/deps/openssl/openssl/crypto/install-crypto.com
old mode 100644 (file)
new mode 100755 (executable)

diff --git a/deps/openssl/openssl/crypto/md2/md2.h b/deps/openssl/openssl/crypto/md2/md2.h
index a46120e..d59c9f2 100644 (file)
--- a/deps/openssl/openssl/crypto/md2/md2.h
+++ b/deps/openssl/openssl/crypto/md2/md2.h
@@ -81,6 +81,9 @@ typedef struct MD2state_st
        } MD2_CTX;
 
 const char *MD2_options(void);
+#ifdef OPENSSL_FIPS
+int private_MD2_Init(MD2_CTX *c);
+#endif
 int MD2_Init(MD2_CTX *c);
 int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
 int MD2_Final(unsigned char *md, MD2_CTX *c);

diff --git a/deps/openssl/openssl/crypto/md2/md2_dgst.c b/deps/openssl/openssl/crypto/md2/md2_dgst.c
index c57b3da..bf89def 100644 (file)
--- a/deps/openssl/openssl/crypto/md2/md2_dgst.c
+++ b/deps/openssl/openssl/crypto/md2/md2_dgst.c
@@ -116,7 +116,7 @@ const char *MD2_options(void)
                return("md2(int)");
        }
 
-int MD2_Init(MD2_CTX *c)
+fips_md_init(MD2)
        {
        c->num=0;
        memset(c->state,0,sizeof c->state);

diff --git a/deps/openssl/openssl/crypto/md4/Makefile b/deps/openssl/openssl/crypto/md4/Makefile
index c94a139..e6f1e44 100644 (file)
--- a/deps/openssl/openssl/crypto/md4/Makefile
+++ b/deps/openssl/openssl/crypto/md4/Makefile
@@ -76,9 +76,11 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-md4_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md4.h
-md4_dgst.o: ../../include/openssl/opensslconf.h
-md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_dgst.c
+md4_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+md4_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md4_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md4_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md4_dgst.c
 md4_dgst.o: md4_locl.h
 md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 md4_one.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h

diff --git a/deps/openssl/openssl/crypto/md4/md4.h b/deps/openssl/openssl/crypto/md4/md4.h
index c3ed9b3..a55368a 100644 (file)
--- a/deps/openssl/openssl/crypto/md4/md4.h
+++ b/deps/openssl/openssl/crypto/md4/md4.h
@@ -105,6 +105,9 @@ typedef struct MD4state_st
        unsigned int num;
        } MD4_CTX;
 
+#ifdef OPENSSL_FIPS
+int private_MD4_Init(MD4_CTX *c);
+#endif
 int MD4_Init(MD4_CTX *c);
 int MD4_Update(MD4_CTX *c, const void *data, size_t len);
 int MD4_Final(unsigned char *md, MD4_CTX *c);

diff --git a/deps/openssl/openssl/crypto/md4/md4_dgst.c b/deps/openssl/openssl/crypto/md4/md4_dgst.c
index e0c42e8..b5b165b 100644 (file)
--- a/deps/openssl/openssl/crypto/md4/md4_dgst.c
+++ b/deps/openssl/openssl/crypto/md4/md4_dgst.c
@@ -57,8 +57,9 @@
  */
 
 #include <stdio.h>
-#include "md4_locl.h"
 #include <openssl/opensslv.h>
+#include <openssl/crypto.h>
+#include "md4_locl.h"
 
 const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
 
@@ -70,7 +71,7 @@ const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
 
-int MD4_Init(MD4_CTX *c)
+fips_md_init(MD4)
        {
        memset (c,0,sizeof(*c));
        c->A=INIT_DATA_A;
@@ -105,22 +106,23 @@ void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num)
 
        for (;num--;)
                {
-       HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
+       (void)HOST_c2l(data,l); X( 0)=l;
+       (void)HOST_c2l(data,l); X( 1)=l;
        /* Round 0 */
-       R0(A,B,C,D,X( 0), 3,0); HOST_c2l(data,l); X( 2)=l;
-       R0(D,A,B,C,X( 1), 7,0); HOST_c2l(data,l); X( 3)=l;
-       R0(C,D,A,B,X( 2),11,0); HOST_c2l(data,l); X( 4)=l;
-       R0(B,C,D,A,X( 3),19,0); HOST_c2l(data,l); X( 5)=l;
-       R0(A,B,C,D,X( 4), 3,0); HOST_c2l(data,l); X( 6)=l;
-       R0(D,A,B,C,X( 5), 7,0); HOST_c2l(data,l); X( 7)=l;
-       R0(C,D,A,B,X( 6),11,0); HOST_c2l(data,l); X( 8)=l;
-       R0(B,C,D,A,X( 7),19,0); HOST_c2l(data,l); X( 9)=l;
-       R0(A,B,C,D,X( 8), 3,0); HOST_c2l(data,l); X(10)=l;
-       R0(D,A,B,C,X( 9), 7,0); HOST_c2l(data,l); X(11)=l;
-       R0(C,D,A,B,X(10),11,0); HOST_c2l(data,l); X(12)=l;
-       R0(B,C,D,A,X(11),19,0); HOST_c2l(data,l); X(13)=l;
-       R0(A,B,C,D,X(12), 3,0); HOST_c2l(data,l); X(14)=l;
-       R0(D,A,B,C,X(13), 7,0); HOST_c2l(data,l); X(15)=l;
+       R0(A,B,C,D,X( 0), 3,0); (void)HOST_c2l(data,l); X( 2)=l;
+       R0(D,A,B,C,X( 1), 7,0); (void)HOST_c2l(data,l); X( 3)=l;
+       R0(C,D,A,B,X( 2),11,0); (void)HOST_c2l(data,l); X( 4)=l;
+       R0(B,C,D,A,X( 3),19,0); (void)HOST_c2l(data,l); X( 5)=l;
+       R0(A,B,C,D,X( 4), 3,0); (void)HOST_c2l(data,l); X( 6)=l;
+       R0(D,A,B,C,X( 5), 7,0); (void)HOST_c2l(data,l); X( 7)=l;
+       R0(C,D,A,B,X( 6),11,0); (void)HOST_c2l(data,l); X( 8)=l;
+       R0(B,C,D,A,X( 7),19,0); (void)HOST_c2l(data,l); X( 9)=l;
+       R0(A,B,C,D,X( 8), 3,0); (void)HOST_c2l(data,l); X(10)=l;
+       R0(D,A,B,C,X( 9), 7,0); (void)HOST_c2l(data,l); X(11)=l;
+       R0(C,D,A,B,X(10),11,0); (void)HOST_c2l(data,l); X(12)=l;
+       R0(B,C,D,A,X(11),19,0); (void)HOST_c2l(data,l); X(13)=l;
+       R0(A,B,C,D,X(12), 3,0); (void)HOST_c2l(data,l); X(14)=l;
+       R0(D,A,B,C,X(13), 7,0); (void)HOST_c2l(data,l); X(15)=l;
        R0(C,D,A,B,X(14),11,0);
        R0(B,C,D,A,X(15),19,0);
        /* Round 1 */

diff --git a/deps/openssl/openssl/crypto/md4/md4_locl.h b/deps/openssl/openssl/crypto/md4/md4_locl.h
index c8085b0..99c3e50 100644 (file)
--- a/deps/openssl/openssl/crypto/md4/md4_locl.h
+++ b/deps/openssl/openssl/crypto/md4/md4_locl.h
@@ -77,10 +77,10 @@ void md4_block_data_order (MD4_CTX *c, const void *p,size_t num);
 #define HASH_FINAL             MD4_Final
 #define        HASH_MAKE_STRING(c,s)   do {    \
        unsigned long ll;               \
-       ll=(c)->A; HOST_l2c(ll,(s));    \
-       ll=(c)->B; HOST_l2c(ll,(s));    \
-       ll=(c)->C; HOST_l2c(ll,(s));    \
-       ll=(c)->D; HOST_l2c(ll,(s));    \
+       ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+       ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+       ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+       ll=(c)->D; (void)HOST_l2c(ll,(s));      \
        } while (0)
 #define        HASH_BLOCK_DATA_ORDER   md4_block_data_order
 

diff --git a/deps/openssl/openssl/crypto/md5/Makefile b/deps/openssl/openssl/crypto/md5/Makefile
index 9858d53..b9e2ce9 100644 (file)
--- a/deps/openssl/openssl/crypto/md5/Makefile
+++ b/deps/openssl/openssl/crypto/md5/Makefile
@@ -89,9 +89,11 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-md5_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/md5.h
-md5_dgst.o: ../../include/openssl/opensslconf.h
-md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_dgst.c
+md5_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+md5_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+md5_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+md5_dgst.o: ../../include/openssl/symhacks.h ../md32_common.h md5_dgst.c
 md5_dgst.o: md5_locl.h
 md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 md5_one.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h

diff --git a/deps/openssl/openssl/crypto/md5/asm/md5-x86_64.pl b/deps/openssl/openssl/crypto/md5/asm/md5-x86_64.pl
index 8678854..f11224d 100755 (executable)
--- a/deps/openssl/openssl/crypto/md5/asm/md5-x86_64.pl
+++ b/deps/openssl/openssl/crypto/md5/asm/md5-x86_64.pl
@@ -120,7 +120,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
 die "can't locate x86_64-xlate.pl";
 
 no warnings qw(uninitialized);
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $code .= <<EOF;
 .text

diff --git a/deps/openssl/openssl/crypto/md5/md5.h b/deps/openssl/openssl/crypto/md5/md5.h
index 4cbf843..541cc92 100644 (file)
--- a/deps/openssl/openssl/crypto/md5/md5.h
+++ b/deps/openssl/openssl/crypto/md5/md5.h
@@ -105,6 +105,9 @@ typedef struct MD5state_st
        unsigned int num;
        } MD5_CTX;
 
+#ifdef OPENSSL_FIPS
+int private_MD5_Init(MD5_CTX *c);
+#endif
 int MD5_Init(MD5_CTX *c);
 int MD5_Update(MD5_CTX *c, const void *data, size_t len);
 int MD5_Final(unsigned char *md, MD5_CTX *c);

diff --git a/deps/openssl/openssl/crypto/md5/md5_dgst.c b/deps/openssl/openssl/crypto/md5/md5_dgst.c
index beace63..265890d 100644 (file)
--- a/deps/openssl/openssl/crypto/md5/md5_dgst.c
+++ b/deps/openssl/openssl/crypto/md5/md5_dgst.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "md5_locl.h"
 #include <openssl/opensslv.h>
+#include <openssl/crypto.h>
 
 const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
 
@@ -70,7 +71,7 @@ const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
 #define INIT_DATA_C (unsigned long)0x98badcfeL
 #define INIT_DATA_D (unsigned long)0x10325476L
 
-int MD5_Init(MD5_CTX *c)
+fips_md_init(MD5)
        {
        memset (c,0,sizeof(*c));
        c->A=INIT_DATA_A;

diff --git a/deps/openssl/openssl/crypto/md5/md5_locl.h b/deps/openssl/openssl/crypto/md5/md5_locl.h
index 968d577..74d63d1 100644 (file)
--- a/deps/openssl/openssl/crypto/md5/md5_locl.h
+++ b/deps/openssl/openssl/crypto/md5/md5_locl.h
@@ -86,10 +86,10 @@ void md5_block_data_order (MD5_CTX *c, const void *p,size_t num);
 #define HASH_FINAL             MD5_Final
 #define        HASH_MAKE_STRING(c,s)   do {    \
        unsigned long ll;               \
-       ll=(c)->A; HOST_l2c(ll,(s));    \
-       ll=(c)->B; HOST_l2c(ll,(s));    \
-       ll=(c)->C; HOST_l2c(ll,(s));    \
-       ll=(c)->D; HOST_l2c(ll,(s));    \
+       ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+       ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+       ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+       ll=(c)->D; (void)HOST_l2c(ll,(s));      \
        } while (0)
 #define        HASH_BLOCK_DATA_ORDER   md5_block_data_order
 

diff --git a/deps/openssl/openssl/crypto/mdc2/Makefile b/deps/openssl/openssl/crypto/mdc2/Makefile
index 1d064f1..1415531 100644 (file)
--- a/deps/openssl/openssl/crypto/mdc2/Makefile
+++ b/deps/openssl/openssl/crypto/mdc2/Makefile
@@ -84,10 +84,10 @@ mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 mdc2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 mdc2_one.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
 mdc2_one.o: ../../include/openssl/ui_compat.h ../cryptlib.h mdc2_one.c
-mdc2dgst.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-mdc2dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/mdc2.h
-mdc2dgst.o: ../../include/openssl/opensslconf.h
-mdc2dgst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
-mdc2dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-mdc2dgst.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
-mdc2dgst.o: mdc2dgst.c
+mdc2dgst.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+mdc2dgst.o: ../../include/openssl/des_old.h ../../include/openssl/e_os2.h
+mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
+mdc2dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+mdc2dgst.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+mdc2dgst.o: ../../include/openssl/symhacks.h ../../include/openssl/ui.h
+mdc2dgst.o: ../../include/openssl/ui_compat.h mdc2dgst.c

diff --git a/deps/openssl/openssl/crypto/mdc2/mdc2.h b/deps/openssl/openssl/crypto/mdc2/mdc2.h
index 72778a5..f3e8e57 100644 (file)
--- a/deps/openssl/openssl/crypto/mdc2/mdc2.h
+++ b/deps/openssl/openssl/crypto/mdc2/mdc2.h
@@ -81,6 +81,9 @@ typedef struct mdc2_ctx_st
        } MDC2_CTX;
 
 
+#ifdef OPENSSL_FIPS
+int private_MDC2_Init(MDC2_CTX *c);
+#endif
 int MDC2_Init(MDC2_CTX *c);
 int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
 int MDC2_Final(unsigned char *md, MDC2_CTX *c);

diff --git a/deps/openssl/openssl/crypto/mdc2/mdc2dgst.c b/deps/openssl/openssl/crypto/mdc2/mdc2dgst.c
index 4aa406e..d66ed6a 100644 (file)
--- a/deps/openssl/openssl/crypto/mdc2/mdc2dgst.c
+++ b/deps/openssl/openssl/crypto/mdc2/mdc2dgst.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <openssl/crypto.h>
 #include <openssl/des.h>
 #include <openssl/mdc2.h>
 
@@ -75,7 +76,7 @@
                        *((c)++)=(unsigned char)(((l)>>24L)&0xff))
 
 static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
-int MDC2_Init(MDC2_CTX *c)
+fips_md_init(MDC2)
        {
        c->num=0;
        c->pad_type=1;

diff --git a/deps/openssl/openssl/crypto/mem.c b/deps/openssl/openssl/crypto/mem.c
index ae40de3..1cc62ea 100644 (file)
--- a/deps/openssl/openssl/crypto/mem.c
+++ b/deps/openssl/openssl/crypto/mem.c
@@ -121,10 +121,11 @@ static void (*set_debug_options_func)(long) = NULL;
 static long (*get_debug_options_func)(void) = NULL;
 #endif
 
-
 int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
        void (*f)(void *))
        {
+       /* Dummy call just to ensure OPENSSL_init() gets linked in */
+       OPENSSL_init();
        if (!allow_customize)
                return 0;
        if ((m == 0) || (r == 0) || (f == 0))
@@ -186,6 +187,7 @@ int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
        {
        if (!allow_customize_debug)
                return 0;
+       OPENSSL_init();
        malloc_debug_func=m;
        realloc_debug_func=r;
        free_debug_func=f;

diff --git a/deps/openssl/openssl/crypto/modes/Makefile b/deps/openssl/openssl/crypto/modes/Makefile
index 6c85861..c825b12 100644 (file)
--- a/deps/openssl/openssl/crypto/modes/Makefile
+++ b/deps/openssl/openssl/crypto/modes/Makefile
@@ -10,21 +10,27 @@ CFLAG=-g
 MAKEFILE=      Makefile
 AR=            ar r
 
+MODES_ASM_OBJ=
+
 CFLAGS= $(INCLUDES) $(CFLAG)
+ASFLAGS= $(INCLUDES) $(ASFLAG)
+AFLAGS= $(ASFLAGS)
 
 GENERAL=Makefile
 TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c
-LIBOBJ= cbc128.o ctr128.o cts128.o cfb128.o ofb128.o
+LIBSRC= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c \
+       ccm128.c xts128.c
+LIBOBJ= cbc128.o ctr128.o cts128.o cfb128.o ofb128.o gcm128.o \
+       ccm128.o xts128.o $(MODES_ASM_OBJ)
 
 SRC= $(LIBSRC)
 
 #EXHEADER= store.h str_compat.h
 EXHEADER= modes.h
-HEADER=        $(EXHEADER)
+HEADER=        modes_lcl.h $(EXHEADER)
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
 
@@ -38,6 +44,24 @@ lib: $(LIBOBJ)
        $(RANLIB) $(LIB) || echo Never mind.
        @touch lib
 
+ghash-ia64.s:  asm/ghash-ia64.pl
+       $(PERL) asm/ghash-ia64.pl $@ $(CFLAGS)
+ghash-x86.s:   asm/ghash-x86.pl
+       $(PERL) asm/ghash-x86.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
+ghash-x86_64.s:        asm/ghash-x86_64.pl
+       $(PERL) asm/ghash-x86_64.pl $(PERLASM_SCHEME) > $@
+ghash-sparcv9.s:       asm/ghash-sparcv9.pl
+       $(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS)
+ghash-alpha.s: asm/ghash-alpha.pl
+       $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
+ghash-parisc.s:        asm/ghash-parisc.pl
+       $(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@
+
+# GNU make "catch all"
+ghash-%.S:     asm/ghash-%.pl; $(PERL) $< $(PERLASM_SCHEME) $@
+
+ghash-armv4.o: ghash-armv4.S
+
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
 
@@ -71,12 +95,47 @@ dclean:
        mv -f Makefile.new $(MAKEFILE)
 
 clean:
-       rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+       rm -f *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-cbc128.o: cbc128.c modes.h
-cfb128.o: cfb128.c modes.h
-ctr128.o: ctr128.c modes.h
-cts128.o: cts128.c modes.h
-ofb128.o: modes.h ofb128.c
+cbc128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cbc128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+cbc128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cbc128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cbc128.o: ../../include/openssl/symhacks.h cbc128.c modes_lcl.h
+ccm128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ccm128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+ccm128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ccm128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ccm128.o: ../../include/openssl/symhacks.h ccm128.c modes_lcl.h
+cfb128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cfb128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+cfb128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cfb128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cfb128.o: ../../include/openssl/symhacks.h cfb128.c modes_lcl.h
+ctr128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ctr128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+ctr128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ctr128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ctr128.o: ../../include/openssl/symhacks.h ctr128.c modes_lcl.h
+cts128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+cts128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+cts128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+cts128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+cts128.o: ../../include/openssl/symhacks.h cts128.c modes_lcl.h
+gcm128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+gcm128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+gcm128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+gcm128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+gcm128.o: ../../include/openssl/symhacks.h gcm128.c modes_lcl.h
+ofb128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+ofb128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+ofb128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+ofb128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+ofb128.o: ../../include/openssl/symhacks.h modes_lcl.h ofb128.c
+xts128.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+xts128.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
+xts128.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+xts128.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+xts128.o: ../../include/openssl/symhacks.h modes_lcl.h xts128.c

diff --git a/deps/openssl/openssl/crypto/modes/cbc128.c b/deps/openssl/openssl/crypto/modes/cbc128.c
index 8f8bd56..3d3782c 100644 (file)
--- a/deps/openssl/openssl/crypto/modes/cbc128.c
+++ b/deps/openssl/openssl/crypto/modes/cbc128.c
@@ -48,7 +48,8 @@
  *
  */
 
-#include "modes.h"
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
 #include <string.h>
 
 #ifndef MODES_DEBUG
@@ -58,12 +59,7 @@
 #endif
 #include <assert.h>
 
-#define STRICT_ALIGNMENT 1
-#if defined(__i386) || defined(__i386__) || \
-    defined(__x86_64) || defined(__x86_64__) || \
-    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
-    defined(__s390__) || defined(__s390x__)
-#  undef STRICT_ALIGNMENT
+#ifndef STRICT_ALIGNMENT
 #  define STRICT_ALIGNMENT 0
 #endif
 

diff --git a/deps/openssl/openssl/crypto/modes/cfb128.c b/deps/openssl/openssl/crypto/modes/cfb128.c
index e5938c6..4e6f5d3 100644 (file)
--- a/deps/openssl/openssl/crypto/modes/cfb128.c
+++ b/deps/openssl/openssl/crypto/modes/cfb128.c
@@ -48,7 +48,8 @@
  *
  */
 
-#include "modes.h"
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
 #include <string.h>
 
 #ifndef MODES_DEBUG
@@ -58,14 +59,6 @@
 #endif
 #include <assert.h>
 
-#define STRICT_ALIGNMENT
-#if defined(__i386) || defined(__i386__) || \
-    defined(__x86_64) || defined(__x86_64__) || \
-    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
-    defined(__s390__) || defined(__s390x__)
-#  undef STRICT_ALIGNMENT
-#endif
-
 /* The input and output encrypted as though 128bit cfb mode is being
  * used.  The extra state information to record how much of the
  * 128bit block we have used is contained in *num;

diff --git a/deps/openssl/openssl/crypto/modes/ctr128.c b/deps/openssl/openssl/crypto/modes/ctr128.c
index 932037f..ee642c5 100644 (file)
--- a/deps/openssl/openssl/crypto/modes/ctr128.c
+++ b/deps/openssl/openssl/crypto/modes/ctr128.c
@@ -48,7 +48,8 @@
  *
  */
 
-#include "modes.h"
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
 #include <string.h>
 
 #ifndef MODES_DEBUG
@@ -58,17 +59,6 @@
 #endif
 #include <assert.h>
 
-typedef unsigned int u32;
-typedef unsigned char u8;
-
-#define STRICT_ALIGNMENT
-#if defined(__i386)    || defined(__i386__)    || \
-    defined(__x86_64)  || defined(__x86_64__)  || \
-    defined(_M_IX86)   || defined(_M_AMD64)    || defined(_M_X64) || \
-    defined(__s390__)  || defined(__s390x__)
-#  undef STRICT_ALIGNMENT
-#endif
-
 /* NOTE: the IV/counter CTR mode is big-endian.  The code itself
  * is endian-neutral. */
 
@@ -182,3 +172,81 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 
        *num=n;
 }
+
+/* increment upper 96 bits of 128-bit counter by 1 */
+static void ctr96_inc(unsigned char *counter) {
+       u32 n=12;
+       u8  c;
+
+       do {
+               --n;
+               c = counter[n];
+               ++c;
+               counter[n] = c;
+               if (c) return;
+       } while (n);
+}
+
+void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], unsigned char ecount_buf[16],
+                       unsigned int *num, ctr128_f func)
+{
+       unsigned int n,ctr32;
+
+       assert(in && out && key && ecount_buf && num);
+       assert(*num < 16);
+
+       n = *num;
+
+       while (n && len) {
+               *(out++) = *(in++) ^ ecount_buf[n];
+               --len;
+               n = (n+1) % 16;
+       }
+
+       ctr32 = GETU32(ivec+12);
+       while (len>=16) {
+               size_t blocks = len/16;
+               /*
+                * 1<<28 is just a not-so-small yet not-so-large number...
+                * Below condition is practically never met, but it has to
+                * be checked for code correctness.
+                */
+               if (sizeof(size_t)>sizeof(unsigned int) && blocks>(1U<<28))
+                       blocks = (1U<<28);
+               /*
+                * As (*func) operates on 32-bit counter, caller
+                * has to handle overflow. 'if' below detects the
+                * overflow, which is then handled by limiting the
+                * amount of blocks to the exact overflow point...
+                */
+               ctr32 += (u32)blocks;
+               if (ctr32 < blocks) {
+                       blocks -= ctr32;
+                       ctr32   = 0;
+               }
+               (*func)(in,out,blocks,key,ivec);
+               /* (*ctr) does not update ivec, caller does: */
+               PUTU32(ivec+12,ctr32);
+               /* ... overflow was detected, propogate carry. */
+               if (ctr32 == 0) ctr96_inc(ivec);
+               blocks *= 16;
+               len -= blocks;
+               out += blocks;
+               in  += blocks;
+       }
+       if (len) {
+               memset(ecount_buf,0,16);
+               (*func)(ecount_buf,ecount_buf,1,key,ivec);
+               ++ctr32;
+               PUTU32(ivec+12,ctr32);
+               if (ctr32 == 0) ctr96_inc(ivec);
+               while (len--) {
+                       out[n] = in[n] ^ ecount_buf[n];
+                       ++n;
+               }
+       }
+
+       *num=n;
+}

diff --git a/deps/openssl/openssl/crypto/modes/cts128.c b/deps/openssl/openssl/crypto/modes/cts128.c
index e0430f9..c0e1f36 100644 (file)
--- a/deps/openssl/openssl/crypto/modes/cts128.c
+++ b/deps/openssl/openssl/crypto/modes/cts128.c
@@ -5,7 +5,8 @@
  * forms are granted according to the OpenSSL license.
  */
 
-#include "modes.h"
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
 #include <string.h>
 
 #ifndef MODES_DEBUG
@@ -23,8 +24,9 @@
  * deviates from mentioned RFCs. Most notably it allows input to be
  * of block length and it doesn't flip the order of the last two
  * blocks. CTS is being discussed even in ECB context, but it's not
- * adopted for any known application. This implementation complies
- * with mentioned RFCs and [as such] extends CBC mode.
+ * adopted for any known application. This implementation provides
+ * two interfaces: one compliant with above mentioned RFCs and one
+ * compliant with the NIST proposal, both extending CBC mode.
  */
 
 size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out,
@@ -54,6 +56,34 @@ size_t CRYPTO_cts128_encrypt_block(const unsigned char *in, unsigned char *out,
        return len+residue;
 }
 
+size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], block128_f block)
+{      size_t residue, n;
+
+       assert (in && out && key && ivec);
+
+       if (len < 16) return 0;
+
+       residue=len%16;
+
+       len -= residue;
+
+       CRYPTO_cbc128_encrypt(in,out,len,key,ivec,block);
+
+       if (residue==0) return len;
+
+       in  += len;
+       out += len;
+
+       for (n=0; n<residue; ++n)
+               ivec[n] ^= in[n];
+       (*block)(ivec,ivec,key);
+       memcpy(out-16+residue,ivec,16);
+
+       return len+residue;
+}
+
 size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
                        size_t len, const void *key,
                        unsigned char ivec[16], cbc128_f cbc)
@@ -90,6 +120,41 @@ size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
        return len+residue;
 }
 
+size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], cbc128_f cbc)
+{      size_t residue;
+       union { size_t align; unsigned char c[16]; } tmp;
+
+       assert (in && out && key && ivec);
+
+       if (len < 16) return 0;
+
+       residue=len%16;
+
+       len -= residue;
+
+       (*cbc)(in,out,len,key,ivec,1);
+
+       if (residue==0) return len;
+
+       in  += len;
+       out += len;
+
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+       (*cbc)(in,out-16+residue,residue,key,ivec,1);
+#else
+       {
+       size_t n;
+       for (n=0; n<16; n+=sizeof(size_t))
+               *(size_t *)(tmp.c+n) = 0;
+       memcpy(tmp.c,in,residue);
+       }
+       (*cbc)(tmp.c,out-16+residue,16,key,ivec,1);
+#endif
+       return len+residue;
+}
+
 size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
                        size_t len, const void *key,
                        unsigned char ivec[16], block128_f block)
@@ -125,7 +190,51 @@ size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
        for(residue+=16; n<residue; ++n)
                out[n] = tmp.c[n] ^ in[n];
 
-       return len+residue-16;
+       return 16+len+residue;
+}
+
+size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], block128_f block)
+{      size_t residue, n;
+       union { size_t align; unsigned char c[32]; } tmp;
+
+       assert (in && out && key && ivec);
+
+       if (len<16) return 0;
+
+       residue=len%16;
+
+       if (residue==0) {
+               CRYPTO_cbc128_decrypt(in,out,len,key,ivec,block);
+               return len;
+       }
+
+       len -= 16+residue;
+
+       if (len) {
+               CRYPTO_cbc128_decrypt(in,out,len,key,ivec,block);
+               in  += len;
+               out += len;
+       }
+
+       (*block)(in+residue,tmp.c+16,key);
+
+       for (n=0; n<16; n+=sizeof(size_t))
+               *(size_t *)(tmp.c+n) = *(size_t *)(tmp.c+16+n);
+       memcpy(tmp.c,in,residue);
+       (*block)(tmp.c,tmp.c,key);
+
+       for(n=0; n<16; ++n) {
+               unsigned char c = in[n];
+               out[n] = tmp.c[n] ^ ivec[n];
+               ivec[n] = in[n+residue];
+               tmp.c[n] = c;
+       }
+       for(residue+=16; n<residue; ++n)
+               out[n] = tmp.c[n] ^ tmp.c[n-16];
+
+       return 16+len+residue;
 }
 
 size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
@@ -160,7 +269,47 @@ size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
        (*cbc)(tmp.c,tmp.c,32,key,ivec,0);
        memcpy(out,tmp.c,16+residue);
 #endif
-       return len+residue;
+       return 16+len+residue;
+}
+
+size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], cbc128_f cbc)
+{      size_t residue, n;
+       union { size_t align; unsigned char c[32]; } tmp;
+
+       assert (in && out && key && ivec);
+
+       if (len<16) return 0;
+
+       residue=len%16;
+
+       if (residue==0) {
+               (*cbc)(in,out,len,key,ivec,0);
+               return len;
+       }
+
+       len -= 16+residue;
+
+       if (len) {
+               (*cbc)(in,out,len,key,ivec,0);
+               in  += len;
+               out += len;
+       }
+
+       for (n=16; n<32; n+=sizeof(size_t))
+               *(size_t *)(tmp.c+n) = 0;
+       /* this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0] */
+       (*cbc)(in+residue,tmp.c,16,key,tmp.c+16,0);
+
+       memcpy(tmp.c,in,residue);
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+       (*cbc)(tmp.c,out,16+residue,key,ivec,0);
+#else
+       (*cbc)(tmp.c,tmp.c,32,key,ivec,0);
+       memcpy(out,tmp.c,16+residue);
+#endif
+       return 16+len+residue;
 }
 
 #if defined(SELFTEST)
@@ -200,9 +349,8 @@ static const unsigned char vector_64[64] =
 static AES_KEY encks, decks;
 
 void test_vector(const unsigned char *vector,size_t len)
-{      unsigned char cleartext[64];
-       unsigned char iv[sizeof(test_iv)];
-       unsigned char ciphertext[64];
+{      unsigned char iv[sizeof(test_iv)];
+       unsigned char cleartext[64],ciphertext[64];
        size_t tail;
 
        printf("vector_%d\n",len); fflush(stdout);
@@ -243,7 +391,57 @@ void test_vector(const unsigned char *vector,size_t len)
                fprintf(stderr,"iv_%d mismatch\n",len), exit(4);
 }
 
-main()
+void test_nistvector(const unsigned char *vector,size_t len)
+{      unsigned char iv[sizeof(test_iv)];
+       unsigned char cleartext[64],ciphertext[64],nistvector[64];
+       size_t tail;
+
+       printf("nistvector_%d\n",len); fflush(stdout);
+
+       if ((tail=len%16) == 0) tail = 16;
+
+       len -= 16 + tail;
+       memcpy(nistvector,vector,len);
+       /* flip two last blocks */
+       memcpy(nistvector+len,vector+len+16,tail);
+       memcpy(nistvector+len+tail,vector+len,16);
+       len += 16 + tail;
+       tail = 16;
+
+       /* test block-based encryption */
+       memcpy(iv,test_iv,sizeof(test_iv));
+       CRYPTO_nistcts128_encrypt_block(test_input,ciphertext,len,&encks,iv,(block128_f)AES_encrypt);
+       if (memcmp(ciphertext,nistvector,len))
+               fprintf(stderr,"output_%d mismatch\n",len), exit(1);
+       if (memcmp(iv,nistvector+len-tail,sizeof(iv)))
+               fprintf(stderr,"iv_%d mismatch\n",len), exit(1);
+
+       /* test block-based decryption */
+       memcpy(iv,test_iv,sizeof(test_iv));
+       CRYPTO_nistcts128_decrypt_block(ciphertext,cleartext,len,&decks,iv,(block128_f)AES_decrypt);
+       if (memcmp(cleartext,test_input,len))
+               fprintf(stderr,"input_%d mismatch\n",len), exit(2);
+       if (memcmp(iv,nistvector+len-tail,sizeof(iv)))
+               fprintf(stderr,"iv_%d mismatch\n",len), exit(2);
+
+       /* test streamed encryption */
+       memcpy(iv,test_iv,sizeof(test_iv));
+       CRYPTO_nistcts128_encrypt(test_input,ciphertext,len,&encks,iv,(cbc128_f)AES_cbc_encrypt);
+       if (memcmp(ciphertext,nistvector,len))
+               fprintf(stderr,"output_%d mismatch\n",len), exit(3);
+       if (memcmp(iv,nistvector+len-tail,sizeof(iv)))
+               fprintf(stderr,"iv_%d mismatch\n",len), exit(3);
+
+       /* test streamed decryption */
+       memcpy(iv,test_iv,sizeof(test_iv));
+       CRYPTO_nistcts128_decrypt(ciphertext,cleartext,len,&decks,iv,(cbc128_f)AES_cbc_encrypt);
+       if (memcmp(cleartext,test_input,len))
+               fprintf(stderr,"input_%d mismatch\n",len), exit(4);
+       if (memcmp(iv,nistvector+len-tail,sizeof(iv)))
+               fprintf(stderr,"iv_%d mismatch\n",len), exit(4);
+}
+
+int main()
 {
        AES_set_encrypt_key(test_key,128,&encks);
        AES_set_decrypt_key(test_key,128,&decks);
@@ -254,6 +452,14 @@ main()
        test_vector(vector_47,sizeof(vector_47));
        test_vector(vector_48,sizeof(vector_48));
        test_vector(vector_64,sizeof(vector_64));
-       exit(0);
+
+       test_nistvector(vector_17,sizeof(vector_17));
+       test_nistvector(vector_31,sizeof(vector_31));
+       test_nistvector(vector_32,sizeof(vector_32));
+       test_nistvector(vector_47,sizeof(vector_47));
+       test_nistvector(vector_48,sizeof(vector_48));
+       test_nistvector(vector_64,sizeof(vector_64));
+
+       return 0;
 }
 #endif

diff --git a/deps/openssl/openssl/crypto/modes/modes.h b/deps/openssl/openssl/crypto/modes/modes.h
index af8d97d..f18215b 100644 (file)
--- a/deps/openssl/openssl/crypto/modes/modes.h
+++ b/deps/openssl/openssl/crypto/modes/modes.h
@@ -15,6 +15,14 @@ typedef void (*cbc128_f)(const unsigned char *in, unsigned char *out,
                        size_t len, const void *key,
                        unsigned char ivec[16], int enc);
 
+typedef void (*ctr128_f)(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       const unsigned char ivec[16]);
+
+typedef void (*ccm128_f)(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       const unsigned char ivec[16],unsigned char cmac[16]);
+
 void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
                        size_t len, const void *key,
                        unsigned char ivec[16], block128_f block);
@@ -27,6 +35,11 @@ void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
                        unsigned char ivec[16], unsigned char ecount_buf[16],
                        unsigned int *num, block128_f block);
 
+void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], unsigned char ecount_buf[16],
+                       unsigned int *num, ctr128_f ctr);
+
 void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
                        size_t len, const void *key,
                        unsigned char ivec[16], int *num,
@@ -57,3 +70,66 @@ size_t CRYPTO_cts128_decrypt_block(const unsigned char *in, unsigned char *out,
 size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
                        size_t len, const void *key,
                        unsigned char ivec[16], cbc128_f cbc);
+
+size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], block128_f block);
+size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], cbc128_f cbc);
+size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], block128_f block);
+size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
+                       size_t len, const void *key,
+                       unsigned char ivec[16], cbc128_f cbc);
+
+typedef struct gcm128_context GCM128_CONTEXT;
+
+GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block);
+void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx,void *key,block128_f block);
+void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
+                       size_t len);
+int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad,
+                       size_t len);
+int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
+                       const unsigned char *in, unsigned char *out,
+                       size_t len);
+int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
+                       const unsigned char *in, unsigned char *out,
+                       size_t len);
+int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
+                       const unsigned char *in, unsigned char *out,
+                       size_t len, ctr128_f stream);
+int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
+                       const unsigned char *in, unsigned char *out,
+                       size_t len, ctr128_f stream);
+int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx,const unsigned char *tag,
+                       size_t len);
+void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
+void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx);
+
+typedef struct ccm128_context CCM128_CONTEXT;
+
+void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx,
+       unsigned int M, unsigned int L, void *key,block128_f block);
+int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx,
+       const unsigned char *nonce, size_t nlen, size_t mlen);
+void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx,
+       const unsigned char *aad, size_t alen);
+int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx,
+       const unsigned char *inp, unsigned char *out, size_t len);
+int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx,
+       const unsigned char *inp, unsigned char *out, size_t len);
+int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx,
+       const unsigned char *inp, unsigned char *out, size_t len,
+       ccm128_f stream);
+int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx,
+       const unsigned char *inp, unsigned char *out, size_t len,
+       ccm128_f stream);
+size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
+
+typedef struct xts128_context XTS128_CONTEXT;
+
+int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx, const unsigned char iv[16],
+       const unsigned char *inp, unsigned char *out, size_t len, int enc);

diff --git a/deps/openssl/openssl/crypto/modes/ofb128.c b/deps/openssl/openssl/crypto/modes/ofb128.c
index c732e2e..01c0170 100644 (file)
--- a/deps/openssl/openssl/crypto/modes/ofb128.c
+++ b/deps/openssl/openssl/crypto/modes/ofb128.c
@@ -48,7 +48,8 @@
  *
  */
 
-#include "modes.h"
+#include <openssl/crypto.h>
+#include "modes_lcl.h"
 #include <string.h>
 
 #ifndef MODES_DEBUG
@@ -58,14 +59,6 @@
 #endif
 #include <assert.h>
 
-#define STRICT_ALIGNMENT
-#if defined(__i386) || defined(__i386__) || \
-    defined(__x86_64) || defined(__x86_64__) || \
-    defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
-    defined(__s390__) || defined(__s390x__)
-#  undef STRICT_ALIGNMENT
-#endif
-
 /* The input and output encrypted as though 128bit ofb mode is being
  * used.  The extra state information to record how much of the
  * 128bit block we have used is contained in *num;

diff --git a/deps/openssl/openssl/crypto/objects/o_names.c b/deps/openssl/openssl/crypto/objects/o_names.c
index 84380a9..4a548c2 100644 (file)
--- a/deps/openssl/openssl/crypto/objects/o_names.c
+++ b/deps/openssl/openssl/crypto/objects/o_names.c
@@ -73,7 +73,7 @@ int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
                name_funcs_stack=sk_NAME_FUNCS_new_null();
                MemCheck_on();
                }
-       if ((name_funcs_stack == NULL))
+       if (name_funcs_stack == NULL)
                {
                /* ERROR */
                return(0);

diff --git a/deps/openssl/openssl/crypto/objects/obj_dat.h b/deps/openssl/openssl/crypto/objects/obj_dat.h
index 6449be6..d404ad0 100644 (file)
--- a/deps/openssl/openssl/crypto/objects/obj_dat.h
+++ b/deps/openssl/openssl/crypto/objects/obj_dat.h
@@ -62,12 +62,12 @@
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 893
-#define NUM_SN 886
-#define NUM_LN 886
-#define NUM_OBJ 840
+#define NUM_NID 920
+#define NUM_SN 913
+#define NUM_LN 913
+#define NUM_OBJ 857
 
-static const unsigned char lvalues[5824]={
+static const unsigned char lvalues[5980]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -908,6 +908,23 @@ static const unsigned char lvalues[5824]={
 0x55,0x04,0x34,                              /* [5814] OBJ_supportedAlgorithms */
 0x55,0x04,0x35,                              /* [5817] OBJ_deltaRevocationList */
 0x55,0x04,0x36,                              /* [5820] OBJ_dmdName */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,/* [5823] OBJ_id_alg_PWRI_KEK */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,/* [5834] OBJ_aes_128_gcm */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,/* [5843] OBJ_aes_128_ccm */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,/* [5852] OBJ_id_aes128_wrap_pad */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,/* [5861] OBJ_aes_192_gcm */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,/* [5870] OBJ_aes_192_ccm */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,/* [5879] OBJ_id_aes192_wrap_pad */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,/* [5888] OBJ_aes_256_gcm */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,/* [5897] OBJ_aes_256_ccm */
+0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,/* [5906] OBJ_id_aes256_wrap_pad */
+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,/* [5915] OBJ_id_camellia128_wrap */
+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,/* [5926] OBJ_id_camellia192_wrap */
+0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,/* [5937] OBJ_id_camellia256_wrap */
+0x55,0x1D,0x25,0x00,                         /* [5948] OBJ_anyExtendedKeyUsage */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,/* [5952] OBJ_mgf1 */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,/* [5961] OBJ_rsassaPss */
+0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,/* [5970] OBJ_rsaesOaep */
 };
 
 static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2351,28 +2368,74 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 {"deltaRevocationList","deltaRevocationList",NID_deltaRevocationList,
        3,&(lvalues[5817]),0},
 {"dmdName","dmdName",NID_dmdName,3,&(lvalues[5820]),0},
+{"id-alg-PWRI-KEK","id-alg-PWRI-KEK",NID_id_alg_PWRI_KEK,11,
+       &(lvalues[5823]),0},
+{"CMAC","cmac",NID_cmac,0,NULL,0},
+{"id-aes128-GCM","aes-128-gcm",NID_aes_128_gcm,9,&(lvalues[5834]),0},
+{"id-aes128-CCM","aes-128-ccm",NID_aes_128_ccm,9,&(lvalues[5843]),0},
+{"id-aes128-wrap-pad","id-aes128-wrap-pad",NID_id_aes128_wrap_pad,9,
+       &(lvalues[5852]),0},
+{"id-aes192-GCM","aes-192-gcm",NID_aes_192_gcm,9,&(lvalues[5861]),0},
+{"id-aes192-CCM","aes-192-ccm",NID_aes_192_ccm,9,&(lvalues[5870]),0},
+{"id-aes192-wrap-pad","id-aes192-wrap-pad",NID_id_aes192_wrap_pad,9,
+       &(lvalues[5879]),0},
+{"id-aes256-GCM","aes-256-gcm",NID_aes_256_gcm,9,&(lvalues[5888]),0},
+{"id-aes256-CCM","aes-256-ccm",NID_aes_256_ccm,9,&(lvalues[5897]),0},
+{"id-aes256-wrap-pad","id-aes256-wrap-pad",NID_id_aes256_wrap_pad,9,
+       &(lvalues[5906]),0},
+{"AES-128-CTR","aes-128-ctr",NID_aes_128_ctr,0,NULL,0},
+{"AES-192-CTR","aes-192-ctr",NID_aes_192_ctr,0,NULL,0},
+{"AES-256-CTR","aes-256-ctr",NID_aes_256_ctr,0,NULL,0},
+{"id-camellia128-wrap","id-camellia128-wrap",NID_id_camellia128_wrap,
+       11,&(lvalues[5915]),0},
+{"id-camellia192-wrap","id-camellia192-wrap",NID_id_camellia192_wrap,
+       11,&(lvalues[5926]),0},
+{"id-camellia256-wrap","id-camellia256-wrap",NID_id_camellia256_wrap,
+       11,&(lvalues[5937]),0},
+{"anyExtendedKeyUsage","Any Extended Key Usage",
+       NID_anyExtendedKeyUsage,4,&(lvalues[5948]),0},
+{"MGF1","mgf1",NID_mgf1,9,&(lvalues[5952]),0},
+{"RSASSA-PSS","rsassaPss",NID_rsassaPss,9,&(lvalues[5961]),0},
+{"AES-128-XTS","aes-128-xts",NID_aes_128_xts,0,NULL,0},
+{"AES-256-XTS","aes-256-xts",NID_aes_256_xts,0,NULL,0},
+{"RC4-HMAC-MD5","rc4-hmac-md5",NID_rc4_hmac_md5,0,NULL,0},
+{"AES-128-CBC-HMAC-SHA1","aes-128-cbc-hmac-sha1",
+       NID_aes_128_cbc_hmac_sha1,0,NULL,0},
+{"AES-192-CBC-HMAC-SHA1","aes-192-cbc-hmac-sha1",
+       NID_aes_192_cbc_hmac_sha1,0,NULL,0},
+{"AES-256-CBC-HMAC-SHA1","aes-256-cbc-hmac-sha1",
+       NID_aes_256_cbc_hmac_sha1,0,NULL,0},
+{"RSAES-OAEP","rsaesOaep",NID_rsaesOaep,9,&(lvalues[5970]),0},
 };
 
 static const unsigned int sn_objs[NUM_SN]={
 364,   /* "AD_DVCS" */
 419,   /* "AES-128-CBC" */
+916,   /* "AES-128-CBC-HMAC-SHA1" */
 421,   /* "AES-128-CFB" */
 650,   /* "AES-128-CFB1" */
 653,   /* "AES-128-CFB8" */
+904,   /* "AES-128-CTR" */
 418,   /* "AES-128-ECB" */
 420,   /* "AES-128-OFB" */
+913,   /* "AES-128-XTS" */
 423,   /* "AES-192-CBC" */
+917,   /* "AES-192-CBC-HMAC-SHA1" */
 425,   /* "AES-192-CFB" */
 651,   /* "AES-192-CFB1" */
 654,   /* "AES-192-CFB8" */
+905,   /* "AES-192-CTR" */
 422,   /* "AES-192-ECB" */
 424,   /* "AES-192-OFB" */
 427,   /* "AES-256-CBC" */
+918,   /* "AES-256-CBC-HMAC-SHA1" */
 429,   /* "AES-256-CFB" */
 652,   /* "AES-256-CFB1" */
 655,   /* "AES-256-CFB8" */
+906,   /* "AES-256-CTR" */
 426,   /* "AES-256-ECB" */
 428,   /* "AES-256-OFB" */
+914,   /* "AES-256-XTS" */
 91,    /* "BF-CBC" */
 93,    /* "BF-CFB" */
 92,    /* "BF-ECB" */
@@ -2400,6 +2463,7 @@ static const unsigned int sn_objs[NUM_SN]={
 110,   /* "CAST5-CFB" */
 109,   /* "CAST5-ECB" */
 111,   /* "CAST5-OFB" */
+894,   /* "CMAC" */
 13,    /* "CN" */
 141,   /* "CRLReason" */
 417,   /* "CSPName" */
@@ -2451,6 +2515,7 @@ static const unsigned int sn_objs[NUM_SN]={
  4,    /* "MD5" */
 114,   /* "MD5-SHA1" */
 95,    /* "MDC2" */
+911,   /* "MGF1" */
 388,   /* "Mail" */
 393,   /* "NULL" */
 404,   /* "NULL" */
@@ -2487,6 +2552,7 @@ static const unsigned int sn_objs[NUM_SN]={
 40,    /* "RC2-OFB" */
  5,    /* "RC4" */
 97,    /* "RC4-40" */
+915,   /* "RC4-HMAC-MD5" */
 120,   /* "RC5-CBC" */
 122,   /* "RC5-CFB" */
 121,   /* "RC5-ECB" */
@@ -2507,6 +2573,8 @@ static const unsigned int sn_objs[NUM_SN]={
 668,   /* "RSA-SHA256" */
 669,   /* "RSA-SHA384" */
 670,   /* "RSA-SHA512" */
+919,   /* "RSAES-OAEP" */
+912,   /* "RSASSA-PSS" */
 777,   /* "SEED-CBC" */
 779,   /* "SEED-CFB" */
 776,   /* "SEED-ECB" */
@@ -2540,6 +2608,7 @@ static const unsigned int sn_objs[NUM_SN]={
 363,   /* "ad_timestamping" */
 376,   /* "algorithm" */
 405,   /* "ansi-X9-62" */
+910,   /* "anyExtendedKeyUsage" */
 746,   /* "anyPolicy" */
 370,   /* "archiveCutoff" */
 484,   /* "associatedDomain" */
@@ -2716,14 +2785,27 @@ static const unsigned int sn_objs[NUM_SN]={
 357,   /* "id-aca-group" */
 358,   /* "id-aca-role" */
 176,   /* "id-ad" */
+896,   /* "id-aes128-CCM" */
+895,   /* "id-aes128-GCM" */
 788,   /* "id-aes128-wrap" */
+897,   /* "id-aes128-wrap-pad" */
+899,   /* "id-aes192-CCM" */
+898,   /* "id-aes192-GCM" */
 789,   /* "id-aes192-wrap" */
+900,   /* "id-aes192-wrap-pad" */
+902,   /* "id-aes256-CCM" */
+901,   /* "id-aes256-GCM" */
 790,   /* "id-aes256-wrap" */
+903,   /* "id-aes256-wrap-pad" */
 262,   /* "id-alg" */
+893,   /* "id-alg-PWRI-KEK" */
 323,   /* "id-alg-des40" */
 326,   /* "id-alg-dh-pop" */
 325,   /* "id-alg-dh-sig-hmac-sha1" */
 324,   /* "id-alg-noSignature" */
+907,   /* "id-camellia128-wrap" */
+908,   /* "id-camellia192-wrap" */
+909,   /* "id-camellia256-wrap" */
 268,   /* "id-cct" */
 361,   /* "id-cct-PKIData" */
 362,   /* "id-cct-PKIResponse" */
@@ -3246,6 +3328,7 @@ static const unsigned int ln_objs[NUM_LN]={
 363,   /* "AD Time Stamping" */
 405,   /* "ANSI X9.62" */
 368,   /* "Acceptable OCSP Responses" */
+910,   /* "Any Extended Key Usage" */
 664,   /* "Any language" */
 177,   /* "Authority Information Access" */
 365,   /* "Basic OCSP Response" */
@@ -3386,23 +3469,37 @@ static const unsigned int ln_objs[NUM_LN]={
 364,   /* "ad dvcs" */
 606,   /* "additional verification" */
 419,   /* "aes-128-cbc" */
+916,   /* "aes-128-cbc-hmac-sha1" */
+896,   /* "aes-128-ccm" */
 421,   /* "aes-128-cfb" */
 650,   /* "aes-128-cfb1" */
 653,   /* "aes-128-cfb8" */
+904,   /* "aes-128-ctr" */
 418,   /* "aes-128-ecb" */
+895,   /* "aes-128-gcm" */
 420,   /* "aes-128-ofb" */
+913,   /* "aes-128-xts" */
 423,   /* "aes-192-cbc" */
+917,   /* "aes-192-cbc-hmac-sha1" */
+899,   /* "aes-192-ccm" */
 425,   /* "aes-192-cfb" */
 651,   /* "aes-192-cfb1" */
 654,   /* "aes-192-cfb8" */
+905,   /* "aes-192-ctr" */
 422,   /* "aes-192-ecb" */
+898,   /* "aes-192-gcm" */
 424,   /* "aes-192-ofb" */
 427,   /* "aes-256-cbc" */
+918,   /* "aes-256-cbc-hmac-sha1" */
+902,   /* "aes-256-ccm" */
 429,   /* "aes-256-cfb" */
 652,   /* "aes-256-cfb1" */
 655,   /* "aes-256-cfb8" */
+906,   /* "aes-256-ctr" */
 426,   /* "aes-256-ecb" */
+901,   /* "aes-256-gcm" */
 428,   /* "aes-256-ofb" */
+914,   /* "aes-256-xts" */
 376,   /* "algorithm" */
 484,   /* "associatedDomain" */
 485,   /* "associatedName" */
@@ -3467,6 +3564,7 @@ static const unsigned int ln_objs[NUM_LN]={
 407,   /* "characteristic-two-field" */
 395,   /* "clearance" */
 633,   /* "cleartext track 2" */
+894,   /* "cmac" */
 13,    /* "commonName" */
 513,   /* "content types" */
 50,    /* "contentType" */
@@ -3602,13 +3700,20 @@ static const unsigned int ln_objs[NUM_LN]={
 358,   /* "id-aca-role" */
 176,   /* "id-ad" */
 788,   /* "id-aes128-wrap" */
+897,   /* "id-aes128-wrap-pad" */
 789,   /* "id-aes192-wrap" */
+900,   /* "id-aes192-wrap-pad" */
 790,   /* "id-aes256-wrap" */
+903,   /* "id-aes256-wrap-pad" */
 262,   /* "id-alg" */
+893,   /* "id-alg-PWRI-KEK" */
 323,   /* "id-alg-des40" */
 326,   /* "id-alg-dh-pop" */
 325,   /* "id-alg-dh-sig-hmac-sha1" */
 324,   /* "id-alg-noSignature" */
+907,   /* "id-camellia128-wrap" */
+908,   /* "id-camellia192-wrap" */
+909,   /* "id-camellia256-wrap" */
 268,   /* "id-cct" */
 361,   /* "id-cct-PKIData" */
 362,   /* "id-cct-PKIResponse" */
@@ -3806,6 +3911,7 @@ static const unsigned int ln_objs[NUM_LN]={
 602,   /* "merchant initiated auth" */
 514,   /* "message extensions" */
 51,    /* "messageDigest" */
+911,   /* "mgf1" */
 506,   /* "mime-mhs-bodies" */
 505,   /* "mime-mhs-headings" */
 488,   /* "mobileTelephoneNumber" */
@@ -3889,6 +3995,7 @@ static const unsigned int ln_objs[NUM_LN]={
 40,    /* "rc2-ofb" */
  5,    /* "rc4" */
 97,    /* "rc4-40" */
+915,   /* "rc4-hmac-md5" */
 120,   /* "rc5-cbc" */
 122,   /* "rc5-cfb" */
 121,   /* "rc5-ecb" */
@@ -3905,6 +4012,8 @@ static const unsigned int ln_objs[NUM_LN]={
  6,    /* "rsaEncryption" */
 644,   /* "rsaOAEPEncryptionSET" */
 377,   /* "rsaSignature" */
+919,   /* "rsaesOaep" */
+912,   /* "rsassaPss" */
 124,   /* "run length compression" */
 482,   /* "sOARecord" */
 155,   /* "safeContentsBag" */
@@ -4254,6 +4363,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 96,    /* OBJ_mdc2WithRSA                  2 5 8 3 100 */
 95,    /* OBJ_mdc2                         2 5 8 3 101 */
 746,   /* OBJ_any_policy                   2 5 29 32 0 */
+910,   /* OBJ_anyExtendedKeyUsage          2 5 29 37 0 */
 519,   /* OBJ_setct_PANData                2 23 42 0 0 */
 520,   /* OBJ_setct_PANToken               2 23 42 0 1 */
 521,   /* OBJ_setct_PANOnly                2 23 42 0 2 */
@@ -4720,6 +4830,9 @@ static const unsigned int obj_objs[NUM_OBJ]={
  8,    /* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
 65,    /* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
 644,   /* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
+919,   /* OBJ_rsaesOaep                    1 2 840 113549 1 1 7 */
+911,   /* OBJ_mgf1                         1 2 840 113549 1 1 8 */
+912,   /* OBJ_rsassaPss                    1 2 840 113549 1 1 10 */
 668,   /* OBJ_sha256WithRSAEncryption      1 2 840 113549 1 1 11 */
 669,   /* OBJ_sha384WithRSAEncryption      1 2 840 113549 1 1 12 */
 670,   /* OBJ_sha512WithRSAEncryption      1 2 840 113549 1 1 13 */
@@ -4785,16 +4898,25 @@ static const unsigned int obj_objs[NUM_OBJ]={
 420,   /* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
 421,   /* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
 788,   /* OBJ_id_aes128_wrap               2 16 840 1 101 3 4 1 5 */
+895,   /* OBJ_aes_128_gcm                  2 16 840 1 101 3 4 1 6 */
+896,   /* OBJ_aes_128_ccm                  2 16 840 1 101 3 4 1 7 */
+897,   /* OBJ_id_aes128_wrap_pad           2 16 840 1 101 3 4 1 8 */
 422,   /* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
 423,   /* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
 424,   /* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
 425,   /* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
 789,   /* OBJ_id_aes192_wrap               2 16 840 1 101 3 4 1 25 */
+898,   /* OBJ_aes_192_gcm                  2 16 840 1 101 3 4 1 26 */
+899,   /* OBJ_aes_192_ccm                  2 16 840 1 101 3 4 1 27 */
+900,   /* OBJ_id_aes192_wrap_pad           2 16 840 1 101 3 4 1 28 */
 426,   /* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
 427,   /* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
 428,   /* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
 429,   /* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
 790,   /* OBJ_id_aes256_wrap               2 16 840 1 101 3 4 1 45 */
+901,   /* OBJ_aes_256_gcm                  2 16 840 1 101 3 4 1 46 */
+902,   /* OBJ_aes_256_ccm                  2 16 840 1 101 3 4 1 47 */
+903,   /* OBJ_id_aes256_wrap_pad           2 16 840 1 101 3 4 1 48 */
 672,   /* OBJ_sha256                       2 16 840 1 101 3 4 2 1 */
 673,   /* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
 674,   /* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
@@ -4901,6 +5023,9 @@ static const unsigned int obj_objs[NUM_OBJ]={
 751,   /* OBJ_camellia_128_cbc             1 2 392 200011 61 1 1 1 2 */
 752,   /* OBJ_camellia_192_cbc             1 2 392 200011 61 1 1 1 3 */
 753,   /* OBJ_camellia_256_cbc             1 2 392 200011 61 1 1 1 4 */
+907,   /* OBJ_id_camellia128_wrap          1 2 392 200011 61 1 1 3 2 */
+908,   /* OBJ_id_camellia192_wrap          1 2 392 200011 61 1 1 3 3 */
+909,   /* OBJ_id_camellia256_wrap          1 2 392 200011 61 1 1 3 4 */
 196,   /* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
 197,   /* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
 198,   /* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
@@ -4956,6 +5081,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 246,   /* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */
 247,   /* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */
 125,   /* OBJ_zlib_compression             1 2 840 113549 1 9 16 3 8 */
+893,   /* OBJ_id_alg_PWRI_KEK              1 2 840 113549 1 9 16 3 9 */
 248,   /* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */
 249,   /* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */
 250,   /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */

diff --git a/deps/openssl/openssl/crypto/objects/obj_mac.h b/deps/openssl/openssl/crypto/objects/obj_mac.h
index 282f11a..b5ea7cd 100644 (file)
--- a/deps/openssl/openssl/crypto/objects/obj_mac.h
+++ b/deps/openssl/openssl/crypto/objects/obj_mac.h
@@ -580,6 +580,21 @@
 #define NID_sha1WithRSAEncryption              65
 #define OBJ_sha1WithRSAEncryption              OBJ_pkcs1,5L
 
+#define SN_rsaesOaep           "RSAES-OAEP"
+#define LN_rsaesOaep           "rsaesOaep"
+#define NID_rsaesOaep          919
+#define OBJ_rsaesOaep          OBJ_pkcs1,7L
+
+#define SN_mgf1                "MGF1"
+#define LN_mgf1                "mgf1"
+#define NID_mgf1               911
+#define OBJ_mgf1               OBJ_pkcs1,8L
+
+#define SN_rsassaPss           "RSASSA-PSS"
+#define LN_rsassaPss           "rsassaPss"
+#define NID_rsassaPss          912
+#define OBJ_rsassaPss          OBJ_pkcs1,10L
+
 #define SN_sha256WithRSAEncryption             "RSA-SHA256"
 #define LN_sha256WithRSAEncryption             "sha256WithRSAEncryption"
 #define NID_sha256WithRSAEncryption            668
@@ -981,6 +996,10 @@
 #define NID_id_smime_alg_CMSRC2wrap            247
 #define OBJ_id_smime_alg_CMSRC2wrap            OBJ_id_smime_alg,7L
 
+#define SN_id_alg_PWRI_KEK             "id-alg-PWRI-KEK"
+#define NID_id_alg_PWRI_KEK            893
+#define OBJ_id_alg_PWRI_KEK            OBJ_id_smime_alg,9L
+
 #define SN_id_smime_cd_ldap            "id-smime-cd-ldap"
 #define NID_id_smime_cd_ldap           248
 #define OBJ_id_smime_cd_ldap           OBJ_id_smime_cd,1L
@@ -2399,6 +2418,11 @@
 #define NID_no_rev_avail               403
 #define OBJ_no_rev_avail               OBJ_id_ce,56L
 
+#define SN_anyExtendedKeyUsage         "anyExtendedKeyUsage"
+#define LN_anyExtendedKeyUsage         "Any Extended Key Usage"
+#define NID_anyExtendedKeyUsage                910
+#define OBJ_anyExtendedKeyUsage                OBJ_ext_key_usage,0L
+
 #define SN_netscape            "Netscape"
 #define LN_netscape            "Netscape Communications Corp."
 #define NID_netscape           57
@@ -2586,6 +2610,24 @@
 #define NID_aes_128_cfb128             421
 #define OBJ_aes_128_cfb128             OBJ_aes,4L
 
+#define SN_id_aes128_wrap              "id-aes128-wrap"
+#define NID_id_aes128_wrap             788
+#define OBJ_id_aes128_wrap             OBJ_aes,5L
+
+#define SN_aes_128_gcm         "id-aes128-GCM"
+#define LN_aes_128_gcm         "aes-128-gcm"
+#define NID_aes_128_gcm                895
+#define OBJ_aes_128_gcm                OBJ_aes,6L
+
+#define SN_aes_128_ccm         "id-aes128-CCM"
+#define LN_aes_128_ccm         "aes-128-ccm"
+#define NID_aes_128_ccm                896
+#define OBJ_aes_128_ccm                OBJ_aes,7L
+
+#define SN_id_aes128_wrap_pad          "id-aes128-wrap-pad"
+#define NID_id_aes128_wrap_pad         897
+#define OBJ_id_aes128_wrap_pad         OBJ_aes,8L
+
 #define SN_aes_192_ecb         "AES-192-ECB"
 #define LN_aes_192_ecb         "aes-192-ecb"
 #define NID_aes_192_ecb                422
@@ -2606,6 +2648,24 @@
 #define NID_aes_192_cfb128             425
 #define OBJ_aes_192_cfb128             OBJ_aes,24L
 
+#define SN_id_aes192_wrap              "id-aes192-wrap"
+#define NID_id_aes192_wrap             789
+#define OBJ_id_aes192_wrap             OBJ_aes,25L
+
+#define SN_aes_192_gcm         "id-aes192-GCM"
+#define LN_aes_192_gcm         "aes-192-gcm"
+#define NID_aes_192_gcm                898
+#define OBJ_aes_192_gcm                OBJ_aes,26L
+
+#define SN_aes_192_ccm         "id-aes192-CCM"
+#define LN_aes_192_ccm         "aes-192-ccm"
+#define NID_aes_192_ccm                899
+#define OBJ_aes_192_ccm                OBJ_aes,27L
+
+#define SN_id_aes192_wrap_pad          "id-aes192-wrap-pad"
+#define NID_id_aes192_wrap_pad         900
+#define OBJ_id_aes192_wrap_pad         OBJ_aes,28L
+
 #define SN_aes_256_ecb         "AES-256-ECB"
 #define LN_aes_256_ecb         "aes-256-ecb"
 #define NID_aes_256_ecb                426
@@ -2626,6 +2686,24 @@
 #define NID_aes_256_cfb128             429
 #define OBJ_aes_256_cfb128             OBJ_aes,44L
 
+#define SN_id_aes256_wrap              "id-aes256-wrap"
+#define NID_id_aes256_wrap             790
+#define OBJ_id_aes256_wrap             OBJ_aes,45L
+
+#define SN_aes_256_gcm         "id-aes256-GCM"
+#define LN_aes_256_gcm         "aes-256-gcm"
+#define NID_aes_256_gcm                901
+#define OBJ_aes_256_gcm                OBJ_aes,46L
+
+#define SN_aes_256_ccm         "id-aes256-CCM"
+#define LN_aes_256_ccm         "aes-256-ccm"
+#define NID_aes_256_ccm                902
+#define OBJ_aes_256_ccm                OBJ_aes,47L
+
+#define SN_id_aes256_wrap_pad          "id-aes256-wrap-pad"
+#define NID_id_aes256_wrap_pad         903
+#define OBJ_id_aes256_wrap_pad         OBJ_aes,48L
+
 #define SN_aes_128_cfb1                "AES-128-CFB1"
 #define LN_aes_128_cfb1                "aes-128-cfb1"
 #define NID_aes_128_cfb1               650
@@ -2650,6 +2728,26 @@
 #define LN_aes_256_cfb8                "aes-256-cfb8"
 #define NID_aes_256_cfb8               655
 
+#define SN_aes_128_ctr         "AES-128-CTR"
+#define LN_aes_128_ctr         "aes-128-ctr"
+#define NID_aes_128_ctr                904
+
+#define SN_aes_192_ctr         "AES-192-CTR"
+#define LN_aes_192_ctr         "aes-192-ctr"
+#define NID_aes_192_ctr                905
+
+#define SN_aes_256_ctr         "AES-256-CTR"
+#define LN_aes_256_ctr         "aes-256-ctr"
+#define NID_aes_256_ctr                906
+
+#define SN_aes_128_xts         "AES-128-XTS"
+#define LN_aes_128_xts         "aes-128-xts"
+#define NID_aes_128_xts                913
+
+#define SN_aes_256_xts         "AES-256-XTS"
+#define LN_aes_256_xts         "aes-256-xts"
+#define NID_aes_256_xts                914
+
 #define SN_des_cfb1            "DES-CFB1"
 #define LN_des_cfb1            "des-cfb1"
 #define NID_des_cfb1           656
@@ -2666,18 +2764,6 @@
 #define LN_des_ede3_cfb8               "des-ede3-cfb8"
 #define NID_des_ede3_cfb8              659
 
-#define SN_id_aes128_wrap              "id-aes128-wrap"
-#define NID_id_aes128_wrap             788
-#define OBJ_id_aes128_wrap             OBJ_aes,5L
-
-#define SN_id_aes192_wrap              "id-aes192-wrap"
-#define NID_id_aes192_wrap             789
-#define OBJ_id_aes192_wrap             OBJ_aes,25L
-
-#define SN_id_aes256_wrap              "id-aes256-wrap"
-#define NID_id_aes256_wrap             790
-#define OBJ_id_aes256_wrap             OBJ_aes,45L
-
 #define OBJ_nist_hashalgs              OBJ_nistAlgorithms,2L
 
 #define SN_sha256              "SHA256"
@@ -3810,6 +3896,18 @@
 #define NID_camellia_256_cbc           753
 #define OBJ_camellia_256_cbc           1L,2L,392L,200011L,61L,1L,1L,1L,4L
 
+#define SN_id_camellia128_wrap         "id-camellia128-wrap"
+#define NID_id_camellia128_wrap                907
+#define OBJ_id_camellia128_wrap                1L,2L,392L,200011L,61L,1L,1L,3L,2L
+
+#define SN_id_camellia192_wrap         "id-camellia192-wrap"
+#define NID_id_camellia192_wrap                908
+#define OBJ_id_camellia192_wrap                1L,2L,392L,200011L,61L,1L,1L,3L,3L
+
+#define SN_id_camellia256_wrap         "id-camellia256-wrap"
+#define NID_id_camellia256_wrap                909
+#define OBJ_id_camellia256_wrap                1L,2L,392L,200011L,61L,1L,1L,3L,4L
+
 #define OBJ_ntt_ds             0L,3L,4401L,5L
 
 #define OBJ_camellia           OBJ_ntt_ds,3L,1L,9L
@@ -3912,3 +4010,23 @@
 #define LN_hmac                "hmac"
 #define NID_hmac               855
 
+#define SN_cmac                "CMAC"
+#define LN_cmac                "cmac"
+#define NID_cmac               894
+
+#define SN_rc4_hmac_md5                "RC4-HMAC-MD5"
+#define LN_rc4_hmac_md5                "rc4-hmac-md5"
+#define NID_rc4_hmac_md5               915
+
+#define SN_aes_128_cbc_hmac_sha1               "AES-128-CBC-HMAC-SHA1"
+#define LN_aes_128_cbc_hmac_sha1               "aes-128-cbc-hmac-sha1"
+#define NID_aes_128_cbc_hmac_sha1              916
+
+#define SN_aes_192_cbc_hmac_sha1               "AES-192-CBC-HMAC-SHA1"
+#define LN_aes_192_cbc_hmac_sha1               "aes-192-cbc-hmac-sha1"
+#define NID_aes_192_cbc_hmac_sha1              917
+
+#define SN_aes_256_cbc_hmac_sha1               "AES-256-CBC-HMAC-SHA1"
+#define LN_aes_256_cbc_hmac_sha1               "aes-256-cbc-hmac-sha1"
+#define NID_aes_256_cbc_hmac_sha1              918
+

diff --git a/deps/openssl/openssl/crypto/objects/obj_mac.num b/deps/openssl/openssl/crypto/objects/obj_mac.num
index 8c50aac..1d0a7c8 100644 (file)
--- a/deps/openssl/openssl/crypto/objects/obj_mac.num
+++ b/deps/openssl/openssl/crypto/objects/obj_mac.num
@@ -890,3 +890,30 @@ houseIdentifier            889
 supportedAlgorithms            890
 deltaRevocationList            891
 dmdName                892
+id_alg_PWRI_KEK                893
+cmac           894
+aes_128_gcm            895
+aes_128_ccm            896
+id_aes128_wrap_pad             897
+aes_192_gcm            898
+aes_192_ccm            899
+id_aes192_wrap_pad             900
+aes_256_gcm            901
+aes_256_ccm            902
+id_aes256_wrap_pad             903
+aes_128_ctr            904
+aes_192_ctr            905
+aes_256_ctr            906
+id_camellia128_wrap            907
+id_camellia192_wrap            908
+id_camellia256_wrap            909
+anyExtendedKeyUsage            910
+mgf1           911
+rsassaPss              912
+aes_128_xts            913
+aes_256_xts            914
+rc4_hmac_md5           915
+aes_128_cbc_hmac_sha1          916
+aes_192_cbc_hmac_sha1          917
+aes_256_cbc_hmac_sha1          918
+rsaesOaep              919

diff --git a/deps/openssl/openssl/crypto/objects/obj_xref.c b/deps/openssl/openssl/crypto/objects/obj_xref.c
index 152eca5..9f744bc 100644 (file)
--- a/deps/openssl/openssl/crypto/objects/obj_xref.c
+++ b/deps/openssl/openssl/crypto/objects/obj_xref.c
@@ -110,8 +110,10 @@ int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
 #endif
        if (rv == NULL)
                return 0;
-       *pdig_nid = rv->hash_id;
-       *ppkey_nid = rv->pkey_id;
+       if (pdig_nid)
+               *pdig_nid = rv->hash_id;
+       if (ppkey_nid)
+               *ppkey_nid = rv->pkey_id;
        return 1;
        }
 
@@ -144,7 +146,8 @@ int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
 #endif
        if (rv == NULL)
                return 0;
-       *psignid = (*rv)->sign_id;
+       if (psignid)
+               *psignid = (*rv)->sign_id;
        return 1;
        }
 

diff --git a/deps/openssl/openssl/crypto/objects/obj_xref.h b/deps/openssl/openssl/crypto/objects/obj_xref.h
index d5b9b8e..e23938c 100644 (file)
--- a/deps/openssl/openssl/crypto/objects/obj_xref.h
+++ b/deps/openssl/openssl/crypto/objects/obj_xref.h
@@ -38,10 +38,12 @@ static const nid_triple sigoid_srt[] =
        {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94, NID_id_GostR3410_94},
        {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94, NID_id_GostR3410_94_cc},
        {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94, NID_id_GostR3410_2001_cc},
+       {NID_rsassaPss, NID_undef, NID_rsaEncryption},
        };
 
 static const nid_triple * const sigoid_srt_xref[] =
        {
+       &sigoid_srt[29],
        &sigoid_srt[17],
        &sigoid_srt[18],
        &sigoid_srt[0],

diff --git a/deps/openssl/openssl/crypto/objects/obj_xref.txt b/deps/openssl/openssl/crypto/objects/obj_xref.txt
index e45b3d3..cb91718 100644 (file)
--- a/deps/openssl/openssl/crypto/objects/obj_xref.txt
+++ b/deps/openssl/openssl/crypto/objects/obj_xref.txt
@@ -13,6 +13,10 @@ sha512WithRSAEncryption      sha512  rsaEncryption
 sha224WithRSAEncryption        sha224  rsaEncryption
 mdc2WithRSA            mdc2    rsaEncryption
 ripemd160WithRSA       ripemd160 rsaEncryption
+# For PSS the digest algorithm can vary and depends on the included
+# AlgorithmIdentifier. The digest "undef" indicates the public key
+# method should handle this explicitly.
+rsassaPss              undef   rsaEncryption
 
 # Alternative deprecated OIDs. By using the older "rsa" OID this
 # type will be recognized by not normally used.

diff --git a/deps/openssl/openssl/crypto/objects/objects.txt b/deps/openssl/openssl/crypto/objects/objects.txt
index e61fe60..d3bfad7 100644 (file)
--- a/deps/openssl/openssl/crypto/objects/objects.txt
+++ b/deps/openssl/openssl/crypto/objects/objects.txt
@@ -166,6 +166,10 @@ pkcs1 3                    : RSA-MD4               : md4WithRSAEncryption
 pkcs1 4                        : RSA-MD5               : md5WithRSAEncryption
 pkcs1 5                        : RSA-SHA1              : sha1WithRSAEncryption
 # According to PKCS #1 version 2.1
+pkcs1 7                        : RSAES-OAEP            : rsaesOaep
+pkcs1 8                        : MGF1                  : mgf1
+pkcs1 10               : RSASSA-PSS            : rsassaPss
+
 pkcs1 11               : RSA-SHA256            : sha256WithRSAEncryption
 pkcs1 12               : RSA-SHA384            : sha384WithRSAEncryption
 pkcs1 13               : RSA-SHA512            : sha512WithRSAEncryption
@@ -299,6 +303,7 @@ id-smime-alg 4              : id-smime-alg-RC2wrap
 id-smime-alg 5         : id-smime-alg-ESDH
 id-smime-alg 6         : id-smime-alg-CMS3DESwrap
 id-smime-alg 7         : id-smime-alg-CMSRC2wrap
+id-smime-alg 9         : id-alg-PWRI-KEK
 
 # S/MIME Certificate Distribution
 id-smime-cd 1          : id-smime-cd-ldap
@@ -770,6 +775,10 @@ id-ce 55           : targetInformation     : X509v3 AC Targeting
 !Cname no-rev-avail
 id-ce 56               : noRevAvail            : X509v3 No Revocation Available
 
+# From RFC5280
+ext-key-usage 0                : anyExtendedKeyUsage   : Any Extended Key Usage
+
+
 !Cname netscape
 2 16 840 1 113730      : Netscape              : Netscape Communications Corp.
 !Cname netscape-cert-extension
@@ -846,6 +855,10 @@ aes 2                      : AES-128-CBC           : aes-128-cbc
 aes 3                  : AES-128-OFB           : aes-128-ofb
 !Cname aes-128-cfb128
 aes 4                  : AES-128-CFB           : aes-128-cfb
+aes 5                  : id-aes128-wrap
+aes 6                  : id-aes128-GCM         : aes-128-gcm
+aes 7                  : id-aes128-CCM         : aes-128-ccm
+aes 8                  : id-aes128-wrap-pad
 
 aes 21                 : AES-192-ECB           : aes-192-ecb
 aes 22                 : AES-192-CBC           : aes-192-cbc
@@ -853,6 +866,10 @@ aes 22                     : AES-192-CBC           : aes-192-cbc
 aes 23                 : AES-192-OFB           : aes-192-ofb
 !Cname aes-192-cfb128
 aes 24                 : AES-192-CFB           : aes-192-cfb
+aes 25                 : id-aes192-wrap
+aes 26                 : id-aes192-GCM         : aes-192-gcm
+aes 27                 : id-aes192-CCM         : aes-192-ccm
+aes 28                 : id-aes192-wrap-pad
 
 aes 41                 : AES-256-ECB           : aes-256-ecb
 aes 42                 : AES-256-CBC           : aes-256-cbc
@@ -860,6 +877,10 @@ aes 42                     : AES-256-CBC           : aes-256-cbc
 aes 43                 : AES-256-OFB           : aes-256-ofb
 !Cname aes-256-cfb128
 aes 44                 : AES-256-CFB           : aes-256-cfb
+aes 45                 : id-aes256-wrap
+aes 46                 : id-aes256-GCM         : aes-256-gcm
+aes 47                 : id-aes256-CCM         : aes-256-ccm
+aes 48                 : id-aes256-wrap-pad
 
 # There are no OIDs for these modes...
 
@@ -869,15 +890,16 @@ aes 44                    : AES-256-CFB           : aes-256-cfb
                        : AES-128-CFB8          : aes-128-cfb8
                        : AES-192-CFB8          : aes-192-cfb8
                        : AES-256-CFB8          : aes-256-cfb8
+                       : AES-128-CTR           : aes-128-ctr
+                       : AES-192-CTR           : aes-192-ctr
+                       : AES-256-CTR           : aes-256-ctr
+                       : AES-128-XTS           : aes-128-xts
+                       : AES-256-XTS           : aes-256-xts
                        : DES-CFB1              : des-cfb1
                        : DES-CFB8              : des-cfb8
                        : DES-EDE3-CFB1         : des-ede3-cfb1
                        : DES-EDE3-CFB8         : des-ede3-cfb8
 
-aes 5                  : id-aes128-wrap 
-aes 25                 : id-aes192-wrap 
-aes 45                 : id-aes256-wrap 
-
 # OIDs for SHA224, SHA256, SHA385 and SHA512, according to x9.84.
 !Alias nist_hashalgs nistAlgorithms 2
 nist_hashalgs 1                : SHA256                : sha256
@@ -1211,6 +1233,9 @@ cryptocom 1 8 1           : id-GostR3410-2001-ParamSet-cc : GOST R 3410-2001 Parameter Se
 1 2 392 200011 61 1 1 1 2 : CAMELLIA-128-CBC           : camellia-128-cbc
 1 2 392 200011 61 1 1 1 3 : CAMELLIA-192-CBC           : camellia-192-cbc
 1 2 392 200011 61 1 1 1 4 : CAMELLIA-256-CBC           : camellia-256-cbc
+1 2 392 200011 61 1 1 3 2 : id-camellia128-wrap
+1 2 392 200011 61 1 1 3 3 : id-camellia192-wrap
+1 2 392 200011 61 1 1 3 4 : id-camellia256-wrap
 
 # Definitions for Camellia cipher - ECB, CFB, OFB MODE
 
@@ -1257,3 +1282,11 @@ kisa 1 6                : SEED-OFB      : seed-ofb
 # There is no OID that just denotes "HMAC" oddly enough...
 
                        : HMAC                          : hmac
+# Nor CMAC either
+                       : CMAC                          : cmac
+
+# Synthetic composite ciphersuites
+                       : RC4-HMAC-MD5                  : rc4-hmac-md5
+                       : AES-128-CBC-HMAC-SHA1         : aes-128-cbc-hmac-sha1
+                       : AES-192-CBC-HMAC-SHA1         : aes-192-cbc-hmac-sha1
+                       : AES-256-CBC-HMAC-SHA1         : aes-256-cbc-hmac-sha1

diff --git a/deps/openssl/openssl/crypto/ocsp/ocsp_lib.c b/deps/openssl/openssl/crypto/ocsp/ocsp_lib.c
index e92b86c..a94dc83 100644 (file)
--- a/deps/openssl/openssl/crypto/ocsp/ocsp_lib.c
+++ b/deps/openssl/openssl/crypto/ocsp/ocsp_lib.c
@@ -124,7 +124,8 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
        if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
 
        /* Calculate the issuerKey hash, excluding tag and length */
-       EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL);
+       if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
+               goto err;
 
        if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
 

diff --git a/deps/openssl/openssl/crypto/ocsp/ocsp_vfy.c b/deps/openssl/openssl/crypto/ocsp/ocsp_vfy.c
index 415d67e..2767183 100644 (file)
--- a/deps/openssl/openssl/crypto/ocsp/ocsp_vfy.c
+++ b/deps/openssl/openssl/crypto/ocsp/ocsp_vfy.c
@@ -91,9 +91,12 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                {
                EVP_PKEY *skey;
                skey = X509_get_pubkey(signer);
-               ret = OCSP_BASICRESP_verify(bs, skey, 0);
-               EVP_PKEY_free(skey);
-               if(ret <= 0)
+               if (skey)
+                       {
+                       ret = OCSP_BASICRESP_verify(bs, skey, 0);
+                       EVP_PKEY_free(skey);
+                       }
+               if(!skey || ret <= 0)
                        {
                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
                        goto end;
@@ -108,6 +111,7 @@ int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
                        init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
                if(!init_res)
                        {
+                       ret = -1;
                        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
                        goto end;
                        }

diff --git a/deps/openssl/openssl/crypto/opensslv.h b/deps/openssl/openssl/crypto/opensslv.h
index d6d61a0..5bc8e53 100644 (file)
--- a/deps/openssl/openssl/crypto/opensslv.h
+++ b/deps/openssl/openssl/crypto/opensslv.h
@@ -25,11 +25,11 @@
  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
  *  major minor fix final patch/beta)
  */
-#define OPENSSL_VERSION_NUMBER 0x1000006fL
+#define OPENSSL_VERSION_NUMBER 0x1000105fL
 #ifdef OPENSSL_FIPS
-#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.0f-fips 4 Jan 2012"
+#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.1e-fips 11 Feb 2013"
 #else
-#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.0f 4 Jan 2012"
+#define OPENSSL_VERSION_TEXT   "OpenSSL 1.0.1e 11 Feb 2013"
 #endif
 #define OPENSSL_VERSION_PTEXT  " part of " OPENSSL_VERSION_TEXT
 

diff --git a/deps/openssl/openssl/crypto/ossl_typ.h b/deps/openssl/openssl/crypto/ossl_typ.h
index 12bd701..ea9227f 100644 (file)
--- a/deps/openssl/openssl/crypto/ossl_typ.h
+++ b/deps/openssl/openssl/crypto/ossl_typ.h
@@ -91,10 +91,12 @@ typedef struct asn1_string_st ASN1_TIME;
 typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
 typedef struct asn1_string_st ASN1_VISIBLESTRING;
 typedef struct asn1_string_st ASN1_UTF8STRING;
+typedef struct asn1_string_st ASN1_STRING;
 typedef int ASN1_BOOLEAN;
 typedef int ASN1_NULL;
 #endif
 
+typedef struct ASN1_ITEM_st ASN1_ITEM;
 typedef struct asn1_pctx_st ASN1_PCTX;
 
 #ifdef OPENSSL_SYS_WIN32

diff --git a/deps/openssl/openssl/crypto/pem/pem_all.c b/deps/openssl/openssl/crypto/pem/pem_all.c
index 3e7a609..eac0460 100644 (file)
--- a/deps/openssl/openssl/crypto/pem/pem_all.c
+++ b/deps/openssl/openssl/crypto/pem/pem_all.c
@@ -193,7 +193,61 @@ RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
 
 #endif
 
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+       if (FIPS_mode())
+               {
+               EVP_PKEY *k;
+               int ret;
+               k = EVP_PKEY_new();
+               if (!k)
+                       return 0;
+               EVP_PKEY_set1_RSA(k, x);
+
+               ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+               EVP_PKEY_free(k);
+               return ret;
+               }
+       else
+               return PEM_ASN1_write_bio((i2d_of_void *)i2d_RSAPrivateKey,
+                                       PEM_STRING_RSA,bp,x,enc,kstr,klen,cb,u);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+       if (FIPS_mode())
+               {
+               EVP_PKEY *k;
+               int ret;
+               k = EVP_PKEY_new();
+               if (!k)
+                       return 0;
+
+               EVP_PKEY_set1_RSA(k, x);
+
+               ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+               EVP_PKEY_free(k);
+               return ret;
+               }
+       else
+               return PEM_ASN1_write((i2d_of_void *)i2d_RSAPrivateKey,
+                                       PEM_STRING_RSA,fp,x,enc,kstr,klen,cb,u);
+}
+#endif
+
+#else
+
 IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
+
+#endif
+
 IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
 IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
 
@@ -223,7 +277,59 @@ DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
        return pkey_get_dsa(pktmp, dsa);        /* will free pktmp */
 }
 
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+       if (FIPS_mode())
+               {
+               EVP_PKEY *k;
+               int ret;
+               k = EVP_PKEY_new();
+               if (!k)
+                       return 0;
+               EVP_PKEY_set1_DSA(k, x);
+
+               ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+               EVP_PKEY_free(k);
+               return ret;
+               }
+       else
+               return PEM_ASN1_write_bio((i2d_of_void *)i2d_DSAPrivateKey,
+                                       PEM_STRING_DSA,bp,x,enc,kstr,klen,cb,u);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+       if (FIPS_mode())
+               {
+               EVP_PKEY *k;
+               int ret;
+               k = EVP_PKEY_new();
+               if (!k)
+                       return 0;
+               EVP_PKEY_set1_DSA(k, x);
+               ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+               EVP_PKEY_free(k);
+               return ret;
+               }
+       else
+               return PEM_ASN1_write((i2d_of_void *)i2d_DSAPrivateKey,
+                                       PEM_STRING_DSA,fp,x,enc,kstr,klen,cb,u);
+}
+#endif
+
+#else
+
 IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
+
+#endif
+
 IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API
@@ -269,8 +375,63 @@ EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
 
 IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
 
+
+
+#ifdef OPENSSL_FIPS
+
+int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+       if (FIPS_mode())
+               {
+               EVP_PKEY *k;
+               int ret;
+               k = EVP_PKEY_new();
+               if (!k)
+                       return 0;
+               EVP_PKEY_set1_EC_KEY(k, x);
+
+               ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+               EVP_PKEY_free(k);
+               return ret;
+               }
+       else
+               return PEM_ASN1_write_bio((i2d_of_void *)i2d_ECPrivateKey,
+                                               PEM_STRING_ECPRIVATEKEY,
+                                               bp,x,enc,kstr,klen,cb,u);
+}
+
+#ifndef OPENSSL_NO_FP_API
+int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
+                                               unsigned char *kstr, int klen,
+                                               pem_password_cb *cb, void *u)
+{
+       if (FIPS_mode())
+               {
+               EVP_PKEY *k;
+               int ret;
+               k = EVP_PKEY_new();
+               if (!k)
+                       return 0;
+               EVP_PKEY_set1_EC_KEY(k, x);
+               ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+               EVP_PKEY_free(k);
+               return ret;
+               }
+       else
+               return PEM_ASN1_write((i2d_of_void *)i2d_ECPrivateKey,
+                                               PEM_STRING_ECPRIVATEKEY,
+                                               fp,x,enc,kstr,klen,cb,u);
+}
+#endif
+
+#else
+
 IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
 
+#endif
+
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
 
 #ifndef OPENSSL_NO_FP_API

diff --git a/deps/openssl/openssl/crypto/pem/pem_lib.c b/deps/openssl/openssl/crypto/pem/pem_lib.c
index cfc89a9..5a421fc 100644 (file)
--- a/deps/openssl/openssl/crypto/pem/pem_lib.c
+++ b/deps/openssl/openssl/crypto/pem/pem_lib.c
@@ -394,7 +394,8 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                        goto err;
                /* The 'iv' is used as the iv and as a salt.  It is
                 * NOT taken from the BytesToKey function */
-               EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+               if (!EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL))
+                       goto err;
 
                if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
 
@@ -406,12 +407,15 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
                /* k=strlen(buf); */
 
                EVP_CIPHER_CTX_init(&ctx);
-               EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
-               EVP_EncryptUpdate(&ctx,data,&j,data,i);
-               EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
+               ret = 1;
+               if (!EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv)
+                       || !EVP_EncryptUpdate(&ctx,data,&j,data,i)
+                       || !EVP_EncryptFinal_ex(&ctx,&(data[j]),&i))
+                       ret = 0;
                EVP_CIPHER_CTX_cleanup(&ctx);
+               if (ret == 0)
+                       goto err;
                i+=j;
-               ret=1;
                }
        else
                {
@@ -459,14 +463,17 @@ int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
        ebcdic2ascii(buf, buf, klen);
 #endif
 
-       EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
-               (unsigned char *)buf,klen,1,key,NULL);
+       if (!EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
+               (unsigned char *)buf,klen,1,key,NULL))
+               return 0;
 
        j=(int)len;
        EVP_CIPHER_CTX_init(&ctx);
-       EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
-       EVP_DecryptUpdate(&ctx,data,&i,data,j);
-       o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
+       o = EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
+       if (o)
+               o = EVP_DecryptUpdate(&ctx,data,&i,data,j);
+       if (o)
+               o = EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
        EVP_CIPHER_CTX_cleanup(&ctx);
        OPENSSL_cleanse((char *)buf,sizeof(buf));
        OPENSSL_cleanse((char *)key,sizeof(key));

diff --git a/deps/openssl/openssl/crypto/pem/pem_seal.c b/deps/openssl/openssl/crypto/pem/pem_seal.c
index 59690b5..b6b4e13 100644 (file)
--- a/deps/openssl/openssl/crypto/pem/pem_seal.c
+++ b/deps/openssl/openssl/crypto/pem/pem_seal.c
@@ -96,7 +96,8 @@ int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
        EVP_EncodeInit(&ctx->encode);
 
        EVP_MD_CTX_init(&ctx->md);
-       EVP_SignInit(&ctx->md,md_type);
+       if (!EVP_SignInit(&ctx->md,md_type))
+               goto err;
 
        EVP_CIPHER_CTX_init(&ctx->cipher);
        ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
@@ -163,7 +164,8 @@ int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
                goto err;
                }
 
-       EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
+       if (!EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i))
+               goto err;
        EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
        *outl=j;
        out+=j;

diff --git a/deps/openssl/openssl/crypto/pem/pvkfmt.c b/deps/openssl/openssl/crypto/pem/pvkfmt.c
index 5f130c4..b1bf71a 100644 (file)
--- a/deps/openssl/openssl/crypto/pem/pvkfmt.c
+++ b/deps/openssl/openssl/crypto/pem/pvkfmt.c
@@ -709,13 +709,16 @@ static int derive_pvk_key(unsigned char *key,
                        const unsigned char *pass, int passlen)
        {
        EVP_MD_CTX mctx;
+       int rv = 1;
        EVP_MD_CTX_init(&mctx);
-       EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL);
-       EVP_DigestUpdate(&mctx, salt, saltlen);
-       EVP_DigestUpdate(&mctx, pass, passlen);
-       EVP_DigestFinal_ex(&mctx, key, NULL);
+       if (!EVP_DigestInit_ex(&mctx, EVP_sha1(), NULL)
+               || !EVP_DigestUpdate(&mctx, salt, saltlen)
+               || !EVP_DigestUpdate(&mctx, pass, passlen)
+               || !EVP_DigestFinal_ex(&mctx, key, NULL))
+                       rv = 0;
+
        EVP_MD_CTX_cleanup(&mctx);
-       return 1;
+       return rv;
        }
        
 
@@ -727,11 +730,12 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
        const unsigned char *p = *in;
        unsigned int magic;
        unsigned char *enctmp = NULL, *q;
+       EVP_CIPHER_CTX cctx;
+       EVP_CIPHER_CTX_init(&cctx);
        if (saltlen)
                {
                char psbuf[PEM_BUFSIZE];
                unsigned char keybuf[20];
-               EVP_CIPHER_CTX cctx;
                int enctmplen, inlen;
                if (cb)
                        inlen=cb(psbuf,PEM_BUFSIZE,0,u);
@@ -757,37 +761,41 @@ static EVP_PKEY *do_PVK_body(const unsigned char **in,
                p += 8;
                inlen = keylen - 8;
                q = enctmp + 8;
-               EVP_CIPHER_CTX_init(&cctx);
-               EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL);
-               EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen);
-               EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen);
+               if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
+                       goto err;
+               if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
+                       goto err;
+               if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen, &enctmplen))
+                       goto err;
                magic = read_ledword((const unsigned char **)&q);
                if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
                        {
                        q = enctmp + 8;
                        memset(keybuf + 5, 0, 11);
-                       EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf,
-                                                               NULL);
+                       if (!EVP_DecryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf,
+                                                               NULL))
+                               goto err;
                        OPENSSL_cleanse(keybuf, 20);
-                       EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen);
-                       EVP_DecryptFinal_ex(&cctx, q + enctmplen,
-                                                               &enctmplen);
+                       if (!EVP_DecryptUpdate(&cctx, q, &enctmplen, p, inlen))
+                               goto err;
+                       if (!EVP_DecryptFinal_ex(&cctx, q + enctmplen,
+                                                               &enctmplen))
+                               goto err;
                        magic = read_ledword((const unsigned char **)&q);
                        if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC)
                                {
-                               EVP_CIPHER_CTX_cleanup(&cctx);
                                PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
                                goto err;
                                }
                        }
                else
                        OPENSSL_cleanse(keybuf, 20);
-               EVP_CIPHER_CTX_cleanup(&cctx);
                p = enctmp;
                }
 
        ret = b2i_PrivateKey(&p, keylen);
        err:
+       EVP_CIPHER_CTX_cleanup(&cctx);
        if (enctmp && saltlen)
                OPENSSL_free(enctmp);
        return ret;
@@ -841,6 +849,8 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
        {
        int outlen = 24, pklen;
        unsigned char *p, *salt = NULL;
+       EVP_CIPHER_CTX cctx;
+       EVP_CIPHER_CTX_init(&cctx);
        if (enclevel)
                outlen += PVK_SALTLEN;
        pklen = do_i2b(NULL, pk, 0);
@@ -885,7 +895,6 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
                {
                char psbuf[PEM_BUFSIZE];
                unsigned char keybuf[20];
-               EVP_CIPHER_CTX cctx;
                int enctmplen, inlen;
                if (cb)
                        inlen=cb(psbuf,PEM_BUFSIZE,1,u);
@@ -902,16 +911,19 @@ static int i2b_PVK(unsigned char **out, EVP_PKEY*pk, int enclevel,
                if (enclevel == 1)
                        memset(keybuf + 5, 0, 11);
                p = salt + PVK_SALTLEN + 8;
-               EVP_CIPHER_CTX_init(&cctx);
-               EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL);
+               if (!EVP_EncryptInit_ex(&cctx, EVP_rc4(), NULL, keybuf, NULL))
+                       goto error;
                OPENSSL_cleanse(keybuf, 20);
-               EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8);
-               EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen);
-               EVP_CIPHER_CTX_cleanup(&cctx);
+               if (!EVP_DecryptUpdate(&cctx, p, &enctmplen, p, pklen - 8))
+                       goto error;
+               if (!EVP_DecryptFinal_ex(&cctx, p + enctmplen, &enctmplen))
+                       goto error;
                }
+       EVP_CIPHER_CTX_cleanup(&cctx);
        return outlen;
 
        error:
+       EVP_CIPHER_CTX_cleanup(&cctx);
        return -1;
        }
 

diff --git a/deps/openssl/openssl/crypto/perlasm/cbc.pl b/deps/openssl/openssl/crypto/perlasm/cbc.pl
index 6fc2510..24561e7 100644 (file)
--- a/deps/openssl/openssl/crypto/perlasm/cbc.pl
+++ b/deps/openssl/openssl/crypto/perlasm/cbc.pl
@@ -150,7 +150,7 @@ sub cbc
 &set_label("PIC_point");
        &blindpop("edx");
        &lea("ecx",&DWP(&label("cbc_enc_jmp_table")."-".&label("PIC_point"),"edx"));
-       &mov($count,&DWP(0,"ecx",$count,4))
+       &mov($count,&DWP(0,"ecx",$count,4));
        &add($count,"edx");
        &xor("ecx","ecx");
        &xor("edx","edx");

diff --git a/deps/openssl/openssl/crypto/perlasm/ppc-xlate.pl b/deps/openssl/openssl/crypto/perlasm/ppc-xlate.pl
old mode 100644 (file)
new mode 100755 (executable)
index 4579671..a3edd98
--- a/deps/openssl/openssl/crypto/perlasm/ppc-xlate.pl
+++ b/deps/openssl/openssl/crypto/perlasm/ppc-xlate.pl
@@ -31,10 +31,9 @@ my $globl = sub {
                                $ret .= ".type  $name,\@function";
                                last;
                              };
-       /linux.*64/     && do { $ret .= ".globl .$name\n";
-                               $ret .= ".type  .$name,\@function\n";
+       /linux.*64/     && do { $ret .= ".globl $name\n";
+                               $ret .= ".type  $name,\@function\n";
                                $ret .= ".section       \".opd\",\"aw\"\n";
-                               $ret .= ".globl $name\n";
                                $ret .= ".align 3\n";
                                $ret .= "$name:\n";
                                $ret .= ".quad  .$name,.TOC.\@tocbase,0\n";
@@ -62,6 +61,14 @@ my $machine = sub {
     }
     ".machine  $arch";
 };
+my $size = sub {
+    if ($flavour =~ /linux.*32/)
+    {  shift;
+       ".size  " . join(",",@_);
+    }
+    else
+    {  "";     }
+};
 my $asciz = sub {
     shift;
     my $line = join(",",@_);

diff --git a/deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl b/deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl
index 674da3b..56d9b64 100755 (executable)
--- a/deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl
+++ b/deps/openssl/openssl/crypto/perlasm/x86_64-xlate.pl
@@ -62,12 +62,8 @@ my $flavour = shift;
 my $output  = shift;
 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
 
-{ my ($stddev,$stdino,@junk)=stat(STDOUT);
-  my ($outdev,$outino,@junk)=stat($output);
-
-    open STDOUT,">$output" || die "can't open $output: $!"
-       if ($stddev!=$outdev || $stdino!=$outino);
-}
+open STDOUT,">$output" || die "can't open $output: $!"
+       if (defined($output));
 
 my $gas=1;     $gas=0 if ($output =~ /\.asm$/);
 my $elf=1;     $elf=0 if (!$gas);
@@ -116,12 +112,16 @@ my %globals;
            $line = substr($line,@+[0]); $line =~ s/^\s+//;
 
            undef $self->{sz};
-           if ($self->{op} =~ /^(movz)b.*/) {  # movz is pain...
+           if ($self->{op} =~ /^(movz)x?([bw]).*/) {   # movz is pain...
                $self->{op} = $1;
-               $self->{sz} = "b";
+               $self->{sz} = $2;
            } elsif ($self->{op} =~ /call|jmp/) {
                $self->{sz} = "";
-           } elsif ($self->{op} =~ /^p/ && $' !~ /^(ush|op)/) { # SSEn
+           } elsif ($self->{op} =~ /^p/ && $' !~ /^(ush|op|insrw)/) { # SSEn
+               $self->{sz} = "";
+           } elsif ($self->{op} =~ /^v/) { # VEX
+               $self->{sz} = "";
+           } elsif ($self->{op} =~ /movq/ && $line =~ /%xmm/) {
                $self->{sz} = "";
            } elsif ($self->{op} =~ /([a-z]{3,})([qlwb])$/) {
                $self->{op} = $1;
@@ -246,35 +246,39 @@ my %globals;
        $self->{index} =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
        $self->{base}  =~ s/^[er](.?[0-9xpi])[d]?$/r\1/;
 
+       # Solaris /usr/ccs/bin/as can't handle multiplications
+       # in $self->{label}, new gas requires sign extension...
+       use integer;
+       $self->{label} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
+       $self->{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
+       $self->{label} =~ s/([0-9]+)/$1<<32>>32/eg;
+
        if ($gas) {
-           # Solaris /usr/ccs/bin/as can't handle multiplications
-           # in $self->{label}, new gas requires sign extension...
-           use integer;
-           $self->{label} =~ s/(?<![\w\$\.])(0x?[0-9a-f]+)/oct($1)/egi;
-           $self->{label} =~ s/([0-9]+\s*[\*\/\%]\s*[0-9]+)/eval($1)/eg;
-           $self->{label} =~ s/([0-9]+)/$1<<32>>32/eg;
            $self->{label} =~ s/^___imp_/__imp__/   if ($flavour eq "mingw64");
 
            if (defined($self->{index})) {
-               sprintf "%s%s(%%%s,%%%s,%d)",$self->{asterisk},
-                                       $self->{label},$self->{base},
+               sprintf "%s%s(%s,%%%s,%d)",$self->{asterisk},
+                                       $self->{label},
+                                       $self->{base}?"%$self->{base}":"",
                                        $self->{index},$self->{scale};
            } else {
                sprintf "%s%s(%%%s)",   $self->{asterisk},$self->{label},$self->{base};
            }
        } else {
-           %szmap = ( b=>"BYTE$PTR", w=>"WORD$PTR", l=>"DWORD$PTR", q=>"QWORD$PTR" );
+           %szmap = (  b=>"BYTE$PTR", w=>"WORD$PTR", l=>"DWORD$PTR",
+                       q=>"QWORD$PTR",o=>"OWORD$PTR",x=>"XMMWORD$PTR" );
 
            $self->{label} =~ s/\./\$/g;
            $self->{label} =~ s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/ig;
            $self->{label} = "($self->{label})" if ($self->{label} =~ /[\*\+\-\/]/);
-           $sz="q" if ($self->{asterisk});
+           $sz="q" if ($self->{asterisk} || opcode->mnemonic() eq "movq");
+           $sz="l" if (opcode->mnemonic() eq "movd");
 
            if (defined($self->{index})) {
-               sprintf "%s[%s%s*%d+%s]",$szmap{$sz},
+               sprintf "%s[%s%s*%d%s]",$szmap{$sz},
                                        $self->{label}?"$self->{label}+":"",
                                        $self->{index},$self->{scale},
-                                       $self->{base};
+                                       $self->{base}?"+$self->{base}":"";
            } elsif ($self->{base} eq "rip") {
                sprintf "%s[%s]",$szmap{$sz},$self->{label};
            } else {
@@ -506,6 +510,12 @@ my %globals;
                    }
                } elsif ($dir =~ /\.(text|data)/) {
                    $current_segment=".$1";
+               } elsif ($dir =~ /\.hidden/) {
+                   if    ($flavour eq "macosx")  { $self->{value} = ".private_extern\t$prefix$line"; }
+                   elsif ($flavour eq "mingw64") { $self->{value} = ""; }
+               } elsif ($dir =~ /\.comm/) {
+                   $self->{value} = "$dir\t$prefix$line";
+                   $self->{value} =~ s|,([0-9]+),([0-9]+)$|",$1,".log($2)/log(2)|e if ($flavour eq "macosx");
                }
                $line = "";
                return $self;
@@ -578,7 +588,7 @@ my %globals;
                                            $self->{value}="${decor}SEH_end_$current_function->{name}:";
                                            $self->{value}.=":\n" if($masm);
                                        }
-                                       $self->{value}.="$current_function->{name}\tENDP" if($masm);
+                                       $self->{value}.="$current_function->{name}\tENDP" if($masm && $current_function->{name});
                                        undef $current_function;
                                    }
                                    last;
@@ -614,6 +624,19 @@ my %globals;
                                                .join(",",@str) if (@str);
                                    last;
                                  };
+               /\.comm/    && do { my @str=split(/,\s*/,$line);
+                                   my $v=undef;
+                                   if ($nasm) {
+                                       $v.="common     $prefix@str[0] @str[1]";
+                                   } else {
+                                       $v="$current_segment\tENDS\n" if ($current_segment);
+                                       $current_segment = "_DATA";
+                                       $v.="$current_segment\tSEGMENT\n";
+                                       $v.="COMM       @str[0]:DWORD:".@str[1]/4;
+                                   }
+                                   $self->{value} = $v;
+                                   last;
+                                 };
            }
            $line = "";
        }
@@ -626,9 +649,133 @@ my %globals;
     }
 }
 
+sub rex {
+ local *opcode=shift;
+ my ($dst,$src,$rex)=@_;
+
+   $rex|=0x04 if($dst>=8);
+   $rex|=0x01 if($src>=8);
+   push @opcode,($rex|0x40) if ($rex);
+}
+
+# older gas and ml64 don't handle SSE>2 instructions
+my %regrm = (  "%eax"=>0, "%ecx"=>1, "%edx"=>2, "%ebx"=>3,
+               "%esp"=>4, "%ebp"=>5, "%esi"=>6, "%edi"=>7      );
+
+my $movq = sub {       # elderly gas can't handle inter-register movq
+  my $arg = shift;
+  my @opcode=(0x66);
+    if ($arg =~ /%xmm([0-9]+),\s*%r(\w+)/) {
+       my ($src,$dst)=($1,$2);
+       if ($dst !~ /[0-9]+/)   { $dst = $regrm{"%e$dst"}; }
+       rex(\@opcode,$src,$dst,0x8);
+       push @opcode,0x0f,0x7e;
+       push @opcode,0xc0|(($src&7)<<3)|($dst&7);       # ModR/M
+       @opcode;
+    } elsif ($arg =~ /%r(\w+),\s*%xmm([0-9]+)/) {
+       my ($src,$dst)=($2,$1);
+       if ($dst !~ /[0-9]+/)   { $dst = $regrm{"%e$dst"}; }
+       rex(\@opcode,$src,$dst,0x8);
+       push @opcode,0x0f,0x6e;
+       push @opcode,0xc0|(($src&7)<<3)|($dst&7);       # ModR/M
+       @opcode;
+    } else {
+       ();
+    }
+};
+
+my $pextrd = sub {
+    if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*(%\w+)/) {
+      my @opcode=(0x66);
+       $imm=$1;
+       $src=$2;
+       $dst=$3;
+       if ($dst =~ /%r([0-9]+)d/)      { $dst = $1; }
+       elsif ($dst =~ /%e/)            { $dst = $regrm{$dst}; }
+       rex(\@opcode,$src,$dst);
+       push @opcode,0x0f,0x3a,0x16;
+       push @opcode,0xc0|(($src&7)<<3)|($dst&7);       # ModR/M
+       push @opcode,$imm;
+       @opcode;
+    } else {
+       ();
+    }
+};
+
+my $pinsrd = sub {
+    if (shift =~ /\$([0-9]+),\s*(%\w+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x66);
+       $imm=$1;
+       $src=$2;
+       $dst=$3;
+       if ($src =~ /%r([0-9]+)/)       { $src = $1; }
+       elsif ($src =~ /%e/)            { $src = $regrm{$src}; }
+       rex(\@opcode,$dst,$src);
+       push @opcode,0x0f,0x3a,0x22;
+       push @opcode,0xc0|(($dst&7)<<3)|($src&7);       # ModR/M
+       push @opcode,$imm;
+       @opcode;
+    } else {
+       ();
+    }
+};
+
+my $pshufb = sub {
+    if (shift =~ /%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x66);
+       rex(\@opcode,$2,$1);
+       push @opcode,0x0f,0x38,0x00;
+       push @opcode,0xc0|($1&7)|(($2&7)<<3);           # ModR/M
+       @opcode;
+    } else {
+       ();
+    }
+};
+
+my $palignr = sub {
+    if (shift =~ /\$([0-9]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x66);
+       rex(\@opcode,$3,$2);
+       push @opcode,0x0f,0x3a,0x0f;
+       push @opcode,0xc0|($2&7)|(($3&7)<<3);           # ModR/M
+       push @opcode,$1;
+       @opcode;
+    } else {
+       ();
+    }
+};
+
+my $pclmulqdq = sub {
+    if (shift =~ /\$([x0-9a-f]+),\s*%xmm([0-9]+),\s*%xmm([0-9]+)/) {
+      my @opcode=(0x66);
+       rex(\@opcode,$3,$2);
+       push @opcode,0x0f,0x3a,0x44;
+       push @opcode,0xc0|($2&7)|(($3&7)<<3);           # ModR/M
+       my $c=$1;
+       push @opcode,$c=~/^0/?oct($c):$c;
+       @opcode;
+    } else {
+       ();
+    }
+};
+
+my $rdrand = sub {
+    if (shift =~ /%[er](\w+)/) {
+      my @opcode=();
+      my $dst=$1;
+       if ($dst !~ /[0-9]+/) { $dst = $regrm{"%e$dst"}; }
+       rex(\@opcode,0,$1,8);
+       push @opcode,0x0f,0xc7,0xf0|($dst&7);
+       @opcode;
+    } else {
+       ();
+    }
+};
+
 if ($nasm) {
     print <<___;
 default        rel
+%define XMMWORD
 ___
 } elsif ($masm) {
     print <<___;
@@ -645,14 +792,22 @@ while($line=<>) {
 
     undef $label;
     undef $opcode;
-    undef $sz;
     undef @args;
 
     if ($label=label->re(\$line))      { print $label->out(); }
 
     if (directive->re(\$line)) {
        printf "%s",directive->out();
-    } elsif ($opcode=opcode->re(\$line)) { ARGUMENT: while (1) {
+    } elsif ($opcode=opcode->re(\$line)) {
+       my $asm = eval("\$".$opcode->mnemonic());
+       undef @bytes;
+       
+       if ((ref($asm) eq 'CODE') && scalar(@bytes=&$asm($line))) {
+           print $gas?".byte\t":"DB\t",join(',',@bytes),"\n";
+           next;
+       }
+
+       ARGUMENT: while (1) {
        my $arg;
 
        if ($arg=register->re(\$line))  { opcode->size($arg->size()); }
@@ -668,19 +823,26 @@ while($line=<>) {
        $line =~ s/^,\s*//;
        } # ARGUMENT:
 
-       $sz=opcode->size();
-
        if ($#args>=0) {
            my $insn;
+           my $sz=opcode->size();
+
            if ($gas) {
                $insn = $opcode->out($#args>=1?$args[$#args]->size():$sz);
+               @args = map($_->out($sz),@args);
+               printf "\t%s\t%s",$insn,join(",",@args);
            } else {
                $insn = $opcode->out();
-               $insn .= $sz if (map($_->out() =~ /x?mm/,@args));
+               foreach (@args) {
+                   my $arg = $_->out();
+                   # $insn.=$sz compensates for movq, pinsrw, ...
+                   if ($arg =~ /^xmm[0-9]+$/) { $insn.=$sz; $sz="x" if(!$sz); last; }
+                   if ($arg =~ /^mm[0-9]+$/)  { $insn.=$sz; $sz="q" if(!$sz); last; }
+               }
                @args = reverse(@args);
                undef $sz if ($nasm && $opcode->mnemonic() eq "lea");
+               printf "\t%s\t%s",$insn,join(",",map($_->out($sz),@args));
            }
-           printf "\t%s\t%s",$insn,join(",",map($_->out($sz),@args));
        } else {
            printf "\t%s",$opcode->out();
        }

diff --git a/deps/openssl/openssl/crypto/perlasm/x86asm.pl b/deps/openssl/openssl/crypto/perlasm/x86asm.pl
index 28080ca..eb543db 100644 (file)
--- a/deps/openssl/openssl/crypto/perlasm/x86asm.pl
+++ b/deps/openssl/openssl/crypto/perlasm/x86asm.pl
@@ -80,6 +80,57 @@ sub ::movq
     {  &::generic("movq",@_);                  }
 }
 
+# SSE>2 instructions
+my %regrm = (  "eax"=>0, "ecx"=>1, "edx"=>2, "ebx"=>3,
+               "esp"=>4, "ebp"=>5, "esi"=>6, "edi"=>7  );
+sub ::pextrd
+{ my($dst,$src,$imm)=@_;
+    if ("$dst:$src" =~ /(e[a-dsd][ixp]):xmm([0-7])/)
+    {  &::data_byte(0x66,0x0f,0x3a,0x16,0xc0|($2<<3)|$regrm{$1},$imm); }
+    else
+    {  &::generic("pextrd",@_);                }
+}
+
+sub ::pinsrd
+{ my($dst,$src,$imm)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):(e[a-dsd][ixp])/)
+    {  &::data_byte(0x66,0x0f,0x3a,0x22,0xc0|($1<<3)|$regrm{$2},$imm); }
+    else
+    {  &::generic("pinsrd",@_);                }
+}
+
+sub ::pshufb
+{ my($dst,$src)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {  &data_byte(0x66,0x0f,0x38,0x00,0xc0|($1<<3)|$2);        }
+    else
+    {  &::generic("pshufb",@_);                }
+}
+
+sub ::palignr
+{ my($dst,$src,$imm)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {  &::data_byte(0x66,0x0f,0x3a,0x0f,0xc0|($1<<3)|$2,$imm); }
+    else
+    {  &::generic("palignr",@_);               }
+}
+
+sub ::pclmulqdq
+{ my($dst,$src,$imm)=@_;
+    if ("$dst:$src" =~ /xmm([0-7]):xmm([0-7])/)
+    {  &::data_byte(0x66,0x0f,0x3a,0x44,0xc0|($1<<3)|$2,$imm); }
+    else
+    {  &::generic("pclmulqdq",@_);             }
+}
+
+sub ::rdrand
+{ my ($dst)=@_;
+    if ($dst =~ /(e[a-dsd][ixp])/)
+    {  &::data_byte(0x0f,0xc7,0xf0|$regrm{$dst});      }
+    else
+    {  &::generic("rdrand",@_);        }
+}
+
 # label management
 $lbdecor="L";          # local label decoration, set by package
 $label="000";
@@ -167,7 +218,7 @@ sub ::asm_init
     $filename=$fn;
     $i386=$cpu;
 
-    $elf=$cpp=$coff=$aout=$macosx=$win32=$netware=$mwerks=0;
+    $elf=$cpp=$coff=$aout=$macosx=$win32=$netware=$mwerks=$android=0;
     if    (($type eq "elf"))
     {  $elf=1;                 require "x86gas.pl";    }
     elsif (($type eq "a\.out"))
@@ -184,6 +235,8 @@ sub ::asm_init
     {  $win32=1;               require "x86masm.pl";   }
     elsif (($type eq "macosx"))
     {  $aout=1; $macosx=1;     require "x86gas.pl";    }
+    elsif (($type eq "android"))
+    {  $elf=1; $android=1;     require "x86gas.pl";    }
     else
     {  print STDERR <<"EOF";
 Pick one target type from

diff --git a/deps/openssl/openssl/crypto/perlasm/x86gas.pl b/deps/openssl/openssl/crypto/perlasm/x86gas.pl
index 6eab727..682a3a3 100644 (file)
--- a/deps/openssl/openssl/crypto/perlasm/x86gas.pl
+++ b/deps/openssl/openssl/crypto/perlasm/x86gas.pl
@@ -45,9 +45,8 @@ sub ::generic
     undef $suffix if ($dst =~ m/^%[xm]/o || $src =~ m/^%[xm]/o);
 
     if ($#_==0)                                { &::emit($opcode);             }
-    elsif ($opcode =~ m/^j/o && $#_==1)        { &::emit($opcode,@arg);        }
-    elsif ($opcode eq "call" && $#_==1)        { &::emit($opcode,@arg);        }
-    elsif ($opcode =~ m/^set/&& $#_==1)        { &::emit($opcode,@arg);        }
+    elsif ($#_==1 && $opcode =~ m/^(call|clflush|j|loop|set)/o)
+                                       { &::emit($opcode,@arg);        }
     else                               { &::emit($opcode.$suffix,@arg);}
 
   1;
@@ -91,6 +90,7 @@ sub ::DWP
 }
 sub ::QWP      { &::DWP(@_);   }
 sub ::BP       { &::DWP(@_);   }
+sub ::WP       { &::DWP(@_);   }
 sub ::BC       { @_;           }
 sub ::DWC      { @_;           }
 
@@ -149,22 +149,24 @@ sub ::public_label
 {   push(@out,".globl\t".&::LABEL($_[0],$nmdecor.$_[0])."\n");   }
 
 sub ::file_end
-{   if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) {
-       my $tmp=".comm\t${nmdecor}OPENSSL_ia32cap_P,4";
-       if ($::elf)     { push (@out,"$tmp,4\n"); }
-       else            { push (@out,"$tmp\n"); }
-    }
-    if ($::macosx)
+{   if ($::macosx)
     {  if (%non_lazy_ptr)
        {   push(@out,".section __IMPORT,__pointers,non_lazy_symbol_pointers\n");
            foreach $i (keys %non_lazy_ptr)
            {   push(@out,"$non_lazy_ptr{$i}:\n.indirect_symbol\t$i\n.long\t0\n");   }
        }
     }
+    if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out) {
+       my $tmp=".comm\t${nmdecor}OPENSSL_ia32cap_P,8";
+       if ($::macosx)  { push (@out,"$tmp,2\n"); }
+       elsif ($::elf)  { push (@out,"$tmp,4\n"); }
+       else            { push (@out,"$tmp\n"); }
+    }
     push(@out,$initseg) if ($initseg);
 }
 
 sub ::data_byte        {   push(@out,".byte\t".join(',',@_)."\n");   }
+sub ::data_short{   push(@out,".value\t".join(',',@_)."\n");  }
 sub ::data_word {   push(@out,".long\t".join(',',@_)."\n");   }
 
 sub ::align
@@ -180,7 +182,7 @@ sub ::align
 sub ::picmeup
 { my($dst,$sym,$base,$reflabel)=@_;
 
-    if ($::pic && ($::elf || $::aout))
+    if (($::pic && ($::elf || $::aout)) || $::macosx)
     {  if (!defined($base))
        {   &::call(&::label("PIC_me_up"));
            &::set_label("PIC_me_up");
@@ -206,13 +208,17 @@ sub ::picmeup
 sub ::initseg
 { my $f=$nmdecor.shift;
 
-    if ($::elf)
+    if ($::android)
+    {  $initseg.=<<___;
+.section       .init_array
+.align 4
+.long  $f
+___
+    }
+    elsif ($::elf)
     {  $initseg.=<<___;
 .section       .init
        call    $f
-       jmp     .Linitalign
-.align $align
-.Linitalign:
 ___
     }
     elsif ($::coff)

diff --git a/deps/openssl/openssl/crypto/perlasm/x86masm.pl b/deps/openssl/openssl/crypto/perlasm/x86masm.pl
index 7815b17..6b33b14 100644 (file)
--- a/deps/openssl/openssl/crypto/perlasm/x86masm.pl
+++ b/deps/openssl/openssl/crypto/perlasm/x86masm.pl
@@ -14,9 +14,11 @@ sub ::generic
 { my ($opcode,@arg)=@_;
 
     # fix hexadecimal constants
-    for (@arg) { s/0x([0-9a-f]+)/0$1h/oi; }
+    for (@arg) { s/(?<![\w\$\.])0x([0-9a-f]+)/0$1h/oi; }
 
-    if ($opcode !~ /movq/)
+    if ($opcode =~ /lea/ && @arg[1] =~ s/.*PTR\s+(\(.*\))$/OFFSET $1/) # no []
+    {  $opcode="mov";  }
+    elsif ($opcode !~ /movq/)
     {  # fix xmm references
        $arg[0] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[1]=~/\bxmm[0-7]\b/i);
        $arg[1] =~ s/\b[A-Z]+WORD\s+PTR/XMMWORD PTR/i if ($arg[0]=~/\bxmm[0-7]\b/i);
@@ -31,6 +33,7 @@ sub ::generic
 sub ::call     { &::emit("call",(&::islabel($_[0]) or "$nmdecor$_[0]")); }
 sub ::call_ptr { &::emit("call",@_);   }
 sub ::jmp_ptr  { &::emit("jmp",@_);    }
+sub ::lock     { &::data_byte(0xf0);   }
 
 sub get_mem
 { my($size,$addr,$reg1,$reg2,$idx)=@_;
@@ -65,6 +68,7 @@ sub get_mem
   $ret;
 }
 sub ::BP       { &get_mem("BYTE",@_);  }
+sub ::WP       { &get_mem("WORD",@_);  }
 sub ::DWP      { &get_mem("DWORD",@_); }
 sub ::QWP      { &get_mem("QWORD",@_); }
 sub ::BC       { "@_";  }
@@ -76,7 +80,7 @@ TITLE $_[0].asm
 IF \@Version LT 800
 ECHO MASM version 8.00 or later is strongly recommended.
 ENDIF
-.586
+.686
 .MODEL FLAT
 OPTION DOTNAME
 IF \@Version LT 800
@@ -129,7 +133,7 @@ ___
     if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out)
     {  my $comm=<<___;
 .bss   SEGMENT 'BSS'
-COMM   ${nmdecor}OPENSSL_ia32cap_P:DWORD
+COMM   ${nmdecor}OPENSSL_ia32cap_P:QWORD
 .bss   ENDS
 ___
        # comment out OPENSSL_ia32cap_P declarations
@@ -156,6 +160,9 @@ sub ::public_label
 sub ::data_byte
 {   push(@out,("DB\t").join(',',@_)."\n");     }
 
+sub ::data_short
+{   push(@out,("DW\t").join(',',@_)."\n");     }
+
 sub ::data_word
 {   push(@out,("DD\t").join(',',@_)."\n");     }
 
@@ -181,4 +188,11 @@ ___
 sub ::dataseg
 {   push(@out,"$segment\tENDS\n_DATA\tSEGMENT\n"); $segment="_DATA";   }
 
+sub ::safeseh
+{ my $nm=shift;
+    push(@out,"IF \@Version GE 710\n");
+    push(@out,".SAFESEH        ".&::LABEL($nm,$nmdecor.$nm)."\n");
+    push(@out,"ENDIF\n");
+}
+
 1;

diff --git a/deps/openssl/openssl/crypto/perlasm/x86nasm.pl b/deps/openssl/openssl/crypto/perlasm/x86nasm.pl
index ce2bed9..ca2511c 100644 (file)
--- a/deps/openssl/openssl/crypto/perlasm/x86nasm.pl
+++ b/deps/openssl/openssl/crypto/perlasm/x86nasm.pl
@@ -19,6 +19,8 @@ sub ::generic
        {   $_[0] = "NEAR $_[0]";       }
        elsif ($opcode eq "lea" && $#_==1)  # wipe storage qualifier from lea
        {   $_[1] =~ s/^[^\[]*\[/\[/o;  }
+       elsif ($opcode eq "clflush" && $#_==0)
+       {   $_[0] =~ s/^[^\[]*\[/\[/o;  }
     }
     &::emit($opcode,@_);
   1;
@@ -67,6 +69,7 @@ sub get_mem
 }
 sub ::BP       { &get_mem("BYTE",@_);  }
 sub ::DWP      { &get_mem("DWORD",@_); }
+sub ::WP       { &get_mem("WORD",@_);  }
 sub ::QWP      { &get_mem("",@_);      }
 sub ::BC       { (($::mwerks)?"":"BYTE ")."@_";  }
 sub ::DWC      { (($::mwerks)?"":"DWORD ")."@_"; }
@@ -114,7 +117,7 @@ sub ::file_end
 {   if (grep {/\b${nmdecor}OPENSSL_ia32cap_P\b/i} @out)
     {  my $comm=<<___;
 ${drdecor}segment      .bss
-${drdecor}common       ${nmdecor}OPENSSL_ia32cap_P 4
+${drdecor}common       ${nmdecor}OPENSSL_ia32cap_P 8
 ___
        # comment out OPENSSL_ia32cap_P declarations
        grep {s/(^extern\s+${nmdecor}OPENSSL_ia32cap_P)/\;$1/} @out;
@@ -135,7 +138,8 @@ sub ::public_label
 
 sub ::data_byte
 {   push(@out,(($::mwerks)?".byte\t":"db\t").join(',',@_)."\n");       }
-
+sub ::data_short
+{   push(@out,(($::mwerks)?".word\t":"dw\t").join(',',@_)."\n");       }
 sub ::data_word
 {   push(@out,(($::mwerks)?".long\t":"dd\t").join(',',@_)."\n");       }
 
@@ -163,4 +167,11 @@ sub ::dataseg
     else               { push(@out,"section\t.data align=4\n"); }
 }
 
+sub ::safeseh
+{ my $nm=shift;
+    push(@out,"%if     __NASM_VERSION_ID__ >= 0x02030000\n");
+    push(@out,"safeseh ".&::LABEL($nm,$nmdecor.$nm)."\n");
+    push(@out,"%endif\n");
+}
+
 1;

diff --git a/deps/openssl/openssl/crypto/pkcs12/p12_decr.c b/deps/openssl/openssl/crypto/pkcs12/p12_decr.c
index ba77dbb..9d3557e 100644 (file)
--- a/deps/openssl/openssl/crypto/pkcs12/p12_decr.c
+++ b/deps/openssl/openssl/crypto/pkcs12/p12_decr.c
@@ -89,7 +89,14 @@ unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
                goto err;
        }
 
-       EVP_CipherUpdate(&ctx, out, &i, in, inlen);
+       if (!EVP_CipherUpdate(&ctx, out, &i, in, inlen))
+               {
+               OPENSSL_free(out);
+               out = NULL;
+               PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_EVP_LIB);
+               goto err;
+               }
+
        outlen = i;
        if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
                OPENSSL_free(out);

diff --git a/deps/openssl/openssl/crypto/pkcs12/p12_key.c b/deps/openssl/openssl/crypto/pkcs12/p12_key.c
index 424203f..61d5850 100644 (file)
--- a/deps/openssl/openssl/crypto/pkcs12/p12_key.c
+++ b/deps/openssl/openssl/crypto/pkcs12/p12_key.c
@@ -152,14 +152,16 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
        for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
        for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
        for (;;) {
-               EVP_DigestInit_ex(&ctx, md_type, NULL);
-               EVP_DigestUpdate(&ctx, D, v);
-               EVP_DigestUpdate(&ctx, I, Ilen);
-               EVP_DigestFinal_ex(&ctx, Ai, NULL);
+               if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
+                       || !EVP_DigestUpdate(&ctx, D, v)
+                       || !EVP_DigestUpdate(&ctx, I, Ilen)
+                       || !EVP_DigestFinal_ex(&ctx, Ai, NULL))
+                       goto err;
                for (j = 1; j < iter; j++) {
-                       EVP_DigestInit_ex(&ctx, md_type, NULL);
-                       EVP_DigestUpdate(&ctx, Ai, u);
-                       EVP_DigestFinal_ex(&ctx, Ai, NULL);
+                       if (!EVP_DigestInit_ex(&ctx, md_type, NULL)
+                               || !EVP_DigestUpdate(&ctx, Ai, u)
+                               || !EVP_DigestFinal_ex(&ctx, Ai, NULL))
+                       goto err;
                }
                memcpy (out, Ai, min (n, u));
                if (u >= n) {
@@ -174,24 +176,32 @@ int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
                out += u;
                for (j = 0; j < v; j++) B[j] = Ai[j % u];
                /* Work out B + 1 first then can use B as tmp space */
-               if (!BN_bin2bn (B, v, Bpl1)) goto err;
-               if (!BN_add_word (Bpl1, 1)) goto err;
+               if (!BN_bin2bn (B, v, Bpl1))
+                       goto err;
+               if (!BN_add_word (Bpl1, 1))
+                       goto err;
                for (j = 0; j < Ilen ; j+=v) {
-                       if (!BN_bin2bn (I + j, v, Ij)) goto err;
-                       if (!BN_add (Ij, Ij, Bpl1)) goto err;
-                       BN_bn2bin (Ij, B);
+                       if (!BN_bin2bn(I + j, v, Ij))
+                               goto err;
+                       if (!BN_add(Ij, Ij, Bpl1))
+                               goto err;
+                       if (!BN_bn2bin(Ij, B))
+                               goto err;
                        Ijlen = BN_num_bytes (Ij);
                        /* If more than 2^(v*8) - 1 cut off MSB */
                        if (Ijlen > v) {
-                               BN_bn2bin (Ij, B);
+                               if (!BN_bn2bin (Ij, B))
+                                       goto err;
                                memcpy (I + j, B + 1, v);
 #ifndef PKCS12_BROKEN_KEYGEN
                        /* If less than v bytes pad with zeroes */
                        } else if (Ijlen < v) {
                                memset(I + j, 0, v - Ijlen);
-                               BN_bn2bin(Ij, I + j + v - Ijlen); 
+                               if (!BN_bn2bin(Ij, I + j + v - Ijlen))
+                                       goto err;
 #endif
-                       } else BN_bn2bin (Ij, I + j);
+                       } else if (!BN_bn2bin (Ij, I + j))
+                               goto err;
                }
        }
 

diff --git a/deps/openssl/openssl/crypto/pkcs12/p12_kiss.c b/deps/openssl/openssl/crypto/pkcs12/p12_kiss.c
index 292cc3e..206b1b0 100644 (file)
--- a/deps/openssl/openssl/crypto/pkcs12/p12_kiss.c
+++ b/deps/openssl/openssl/crypto/pkcs12/p12_kiss.c
@@ -167,7 +167,7 @@ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
        if (cert && *cert)
                X509_free(*cert);
        if (x)
-               X509_free(*cert);
+               X509_free(x);
        if (ocerts)
                sk_X509_pop_free(ocerts, X509_free);
        return 0;

diff --git a/deps/openssl/openssl/crypto/pkcs12/p12_mutl.c b/deps/openssl/openssl/crypto/pkcs12/p12_mutl.c
index 9ab740d..96de1bd 100644 (file)
--- a/deps/openssl/openssl/crypto/pkcs12/p12_mutl.c
+++ b/deps/openssl/openssl/crypto/pkcs12/p12_mutl.c
@@ -97,10 +97,14 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
                return 0;
        }
        HMAC_CTX_init(&hmac);
-       HMAC_Init_ex(&hmac, key, md_size, md_type, NULL);
-       HMAC_Update(&hmac, p12->authsafes->d.data->data,
-                                        p12->authsafes->d.data->length);
-       HMAC_Final(&hmac, mac, maclen);
+       if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL)
+               || !HMAC_Update(&hmac, p12->authsafes->d.data->data,
+                                        p12->authsafes->d.data->length)
+               || !HMAC_Final(&hmac, mac, maclen))
+               {
+               HMAC_CTX_cleanup(&hmac);
+               return 0;
+               }
        HMAC_CTX_cleanup(&hmac);
        return 1;
 }

diff --git a/deps/openssl/openssl/crypto/pkcs7/bio_pk7.c b/deps/openssl/openssl/crypto/pkcs7/bio_pk7.c
index c8d06d6..0fd31e7 100644 (file)
--- a/deps/openssl/openssl/crypto/pkcs7/bio_pk7.c
+++ b/deps/openssl/openssl/crypto/pkcs7/bio_pk7.c
@@ -56,7 +56,7 @@
 #include <openssl/pkcs7.h>
 #include <openssl/bio.h>
 
-#ifndef OPENSSL_SYSNAME_NETWARE
+#if !defined(OPENSSL_SYSNAME_NETWARE) && !defined(OPENSSL_SYSNAME_VXWORKS)
 #include <memory.h>
 #endif
 #include <stdio.h>

diff --git a/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c b/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c
index 3bf1a36..77fda3b 100644 (file)
--- a/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c
+++ b/deps/openssl/openssl/crypto/pkcs7/pk7_doit.c
@@ -204,11 +204,11 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
        unsigned char *ek = NULL;
        size_t eklen;
 
-       int ret = 0;
+       int ret = -1;
 
        pctx = EVP_PKEY_CTX_new(pkey, NULL);
        if (!pctx)
-               return 0;
+               return -1;
 
        if (EVP_PKEY_decrypt_init(pctx) <= 0)
                goto err;
@@ -235,12 +235,19 @@ static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
        if (EVP_PKEY_decrypt(pctx, ek, &eklen,
                                ri->enc_key->data, ri->enc_key->length) <= 0)
                {
+               ret = 0;
                PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
                goto err;
                }
 
        ret = 1;
 
+       if (*pek)
+               {
+               OPENSSL_cleanse(*pek, *peklen);
+               OPENSSL_free(*pek);
+               }
+
        *pek = ek;
        *peklen = eklen;
 
@@ -423,6 +430,8 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
        STACK_OF(X509_ALGOR) *md_sk=NULL;
        STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
        PKCS7_RECIP_INFO *ri=NULL;
+       unsigned char *ek = NULL, *tkey = NULL;
+       int eklen = 0, tkeylen = 0;
 
        i=OBJ_obj2nid(p7->type);
        p7->state=PKCS7_S_HEADER;
@@ -500,8 +509,6 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                int max;
                X509_OBJECT ret;
 #endif
-               unsigned char *ek = NULL;
-               int eklen;
 
                if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
                        {
@@ -534,29 +541,28 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                        }
 
                /* If we haven't got a certificate try each ri in turn */
-
                if (pcert == NULL)
                        {
+                       /* Always attempt to decrypt all rinfo even
+                        * after sucess as a defence against MMA timing
+                        * attacks.
+                        */
                        for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
                                {
                                ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+                               
                                if (pkcs7_decrypt_rinfo(&ek, &eklen,
-                                                       ri, pkey) > 0)
-                                       break;
+                                                       ri, pkey) < 0)
+                                       goto err;
                                ERR_clear_error();
-                               ri = NULL;
-                               }
-                       if (ri == NULL)
-                               {
-                               PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                                     PKCS7_R_NO_RECIPIENT_MATCHES_KEY);
-                               goto err;
                                }
                        }
                else
                        {
-                       if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) <= 0)
+                       /* Only exit on fatal errors, not decrypt failure */
+                       if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey) < 0)
                                goto err;
+                       ERR_clear_error();
                        }
 
                evp_ctx=NULL;
@@ -565,6 +571,19 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                        goto err;
                if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
                        goto err;
+               /* Generate random key as MMA defence */
+               tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
+               tkey = OPENSSL_malloc(tkeylen);
+               if (!tkey)
+                       goto err;
+               if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
+                       goto err;
+               if (ek == NULL)
+                       {
+                       ek = tkey;
+                       eklen = tkeylen;
+                       tkey = NULL;
+                       }
 
                if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
                        /* Some S/MIME clients don't use the same key
@@ -573,11 +592,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                         */
                        if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen))
                                {
-                               PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-                                       PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
-                               goto err;
+                               /* Use random key as MMA defence */
+                               OPENSSL_cleanse(ek, eklen);
+                               OPENSSL_free(ek);
+                               ek = tkey;
+                               eklen = tkeylen;
+                               tkey = NULL;
                                }
                } 
+               /* Clear errors so we don't leak information useful in MMA */
+               ERR_clear_error();
                if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,ek,NULL,0) <= 0)
                        goto err;
 
@@ -585,6 +609,13 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
                        {
                        OPENSSL_cleanse(ek,eklen);
                        OPENSSL_free(ek);
+                       ek = NULL;
+                       }
+               if (tkey)
+                       {
+                       OPENSSL_cleanse(tkey,tkeylen);
+                       OPENSSL_free(tkey);
+                       tkey = NULL;
                        }
 
                if (out == NULL)
@@ -627,6 +658,16 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
        if (0)
                {
 err:
+               if (ek)
+                       {
+                       OPENSSL_cleanse(ek,eklen);
+                       OPENSSL_free(ek);
+                       }
+               if (tkey)
+                       {
+                       OPENSSL_cleanse(tkey,tkeylen);
+                       OPENSSL_free(tkey);
+                       }
                if (out != NULL) BIO_free_all(out);
                if (btmp != NULL) BIO_free_all(btmp);
                if (etmp != NULL) BIO_free_all(etmp);
@@ -676,7 +717,11 @@ static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
                }
 
        /* Add digest */
-       EVP_DigestFinal_ex(mctx, md_data,&md_len);
+       if (!EVP_DigestFinal_ex(mctx, md_data,&md_len))
+               {
+               PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB);
+               return 0;
+               }
        if (!PKCS7_add1_attrib_digest(si, md_data, md_len))
                {
                PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
@@ -784,7 +829,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
 
                        /* We now have the EVP_MD_CTX, lets do the
                         * signing. */
-                       EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
+                       if (!EVP_MD_CTX_copy_ex(&ctx_tmp,mdc))
+                               goto err;
 
                        sk=si->auth_attr;
 
@@ -822,7 +868,8 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
                if (!PKCS7_find_digest(&mdc, bio,
                                OBJ_obj2nid(p7->d.digest->md->algorithm)))
                        goto err;
-               EVP_DigestFinal_ex(mdc,md_data,&md_len);
+               if (!EVP_DigestFinal_ex(mdc,md_data,&md_len))
+                       goto err;
                M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
                }
 
@@ -1015,7 +1062,8 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
 
        /* mdc is the digest ctx that we want, unless there are attributes,
         * in which case the digest is the signed attributes */
-       EVP_MD_CTX_copy_ex(&mdc_tmp,mdc);
+       if (!EVP_MD_CTX_copy_ex(&mdc_tmp,mdc))
+               goto err;
 
        sk=si->auth_attr;
        if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
@@ -1025,7 +1073,8 @@ int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
                int alen;
                ASN1_OCTET_STRING *message_digest;
 
-               EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len);
+               if (!EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len))
+                       goto err;
                message_digest=PKCS7_digest_from_attributes(sk);
                if (!message_digest)
                        {
@@ -1050,7 +1099,8 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
                        goto err;
                        }
 
-               EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL);
+               if (!EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL))
+                       goto err;
 
                alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
                                                ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
@@ -1060,7 +1110,8 @@ for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
                        ret = -1;
                        goto err;
                        }
-               EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
+               if (!EVP_VerifyUpdate(&mdc_tmp, abuf, alen))
+                       goto err;
 
                OPENSSL_free(abuf);
                }

diff --git a/deps/openssl/openssl/crypto/pkcs7/pk7_smime.c b/deps/openssl/openssl/crypto/pkcs7/pk7_smime.c
index 86742d0..a5104f8 100644 (file)
--- a/deps/openssl/openssl/crypto/pkcs7/pk7_smime.c
+++ b/deps/openssl/openssl/crypto/pkcs7/pk7_smime.c
@@ -573,15 +573,34 @@ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
                        return 0;
                }
                ret = SMIME_text(bread, data);
+               if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
+                       {
+                       if (!BIO_get_cipher_status(tmpmem))
+                               ret = 0;
+                       }
                BIO_free_all(bread);
                return ret;
        } else {
                for(;;) {
                        i = BIO_read(tmpmem, buf, sizeof(buf));
-                       if(i <= 0) break;
-                       BIO_write(data, buf, i);
+                       if(i <= 0)
+                               {
+                               ret = 1;
+                               if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
+                                       {
+                                       if (!BIO_get_cipher_status(tmpmem))
+                                               ret = 0;
+                                       }
+                                       
+                               break;
+                               }
+                       if (BIO_write(data, buf, i) != i)
+                               {
+                               ret = 0;
+                               break;
+                               }
                }
                BIO_free_all(tmpmem);
-               return 1;
+               return ret;
        }
 }

diff --git a/deps/openssl/openssl/crypto/ppccpuid.pl b/deps/openssl/openssl/crypto/ppccpuid.pl
old mode 100644 (file)
new mode 100755 (executable)
index 369e1d0..4ba736a
--- a/deps/openssl/openssl/crypto/ppccpuid.pl
+++ b/deps/openssl/openssl/crypto/ppccpuid.pl
@@ -23,36 +23,67 @@ $code=<<___;
 .machine       "any"
 .text
 
-.globl .OPENSSL_cpuid_setup
+.globl .OPENSSL_ppc64_probe
 .align 4
-.OPENSSL_cpuid_setup:
+.OPENSSL_ppc64_probe:
+       fcfid   f1,f1
+       extrdi  r0,r0,32,0
        blr
+       .long   0
+       .byte   0,12,0x14,0,0,0,0,0
+
+.globl .OPENSSL_altivec_probe
+.align 4
+.OPENSSL_altivec_probe:
+       .long   0x10000484      # vor   v0,v0,v0
+       blr
+       .long   0
+       .byte   0,12,0x14,0,0,0,0,0
 
 .globl .OPENSSL_wipe_cpu
 .align 4
 .OPENSSL_wipe_cpu:
        xor     r0,r0,r0
+       fmr     f0,f31
+       fmr     f1,f31
+       fmr     f2,f31
        mr      r3,r1
+       fmr     f3,f31
        xor     r4,r4,r4
+       fmr     f4,f31
        xor     r5,r5,r5
+       fmr     f5,f31
        xor     r6,r6,r6
+       fmr     f6,f31
        xor     r7,r7,r7
+       fmr     f7,f31
        xor     r8,r8,r8
+       fmr     f8,f31
        xor     r9,r9,r9
+       fmr     f9,f31
        xor     r10,r10,r10
+       fmr     f10,f31
        xor     r11,r11,r11
+       fmr     f11,f31
        xor     r12,r12,r12
+       fmr     f12,f31
+       fmr     f13,f31
        blr
+       .long   0
+       .byte   0,12,0x14,0,0,0,0,0
 
 .globl .OPENSSL_atomic_add
 .align 4
 .OPENSSL_atomic_add:
-Loop:  lwarx   r5,0,r3
+Ladd:  lwarx   r5,0,r3
        add     r0,r4,r5
        stwcx.  r0,0,r3
-       bne-    Loop
+       bne-    Ladd
        $SIGNX  r3,r0
        blr
+       .long   0
+       .byte   0,12,0x14,0,0,0,2,0
+       .long   0
 
 .globl .OPENSSL_rdtsc
 .align 4
@@ -60,6 +91,8 @@ Loop: lwarx   r5,0,r3
        mftb    r3
        mftbu   r4
        blr
+       .long   0
+       .byte   0,12,0x14,0,0,0,0,0
 
 .globl .OPENSSL_cleanse
 .align 4
@@ -72,7 +105,7 @@ Loop:        lwarx   r5,0,r3
 Little:        mtctr   r4
        stb     r0,0(r3)
        addi    r3,r3,1
-       bdnz-   \$-8
+       bdnz    \$-8
        blr
 Lot:   andi.   r5,r3,3
        beq     Laligned
@@ -85,10 +118,13 @@ Laligned:
        mtctr   r5
        stw     r0,0(r3)
        addi    r3,r3,4
-       bdnz-   \$-8
+       bdnz    \$-8
        andi.   r4,r4,3
        bne     Little
        blr
+       .long   0
+       .byte   0,12,0x14,0,0,0,2,0
+       .long   0
 ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;

diff --git a/deps/openssl/openssl/crypto/rand/md_rand.c b/deps/openssl/openssl/crypto/rand/md_rand.c
index b2f04ff..1e3bcb9 100644 (file)
--- a/deps/openssl/openssl/crypto/rand/md_rand.c
+++ b/deps/openssl/openssl/crypto/rand/md_rand.c
@@ -109,6 +109,8 @@
  *
  */
 
+#define OPENSSL_FIPSEVP
+
 #ifdef MD_RAND_DEBUG
 # ifndef NDEBUG
 #   define NDEBUG
@@ -121,10 +123,10 @@
 
 #include "e_os.h"
 
+#include <openssl/crypto.h>
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 
-#include <openssl/crypto.h>
 #include <openssl/err.h>
 
 #ifdef BN_DEBUG
@@ -157,13 +159,14 @@ const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;
 static void ssleay_rand_cleanup(void);
 static void ssleay_rand_seed(const void *buf, int num);
 static void ssleay_rand_add(const void *buf, int num, double add_entropy);
-static int ssleay_rand_bytes(unsigned char *buf, int num);
+static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo);
+static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num);
 static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
 static int ssleay_rand_status(void);
 
 RAND_METHOD rand_ssleay_meth={
        ssleay_rand_seed,
-       ssleay_rand_bytes,
+       ssleay_rand_nopseudo_bytes,
        ssleay_rand_cleanup,
        ssleay_rand_add,
        ssleay_rand_pseudo_bytes,
@@ -328,7 +331,7 @@ static void ssleay_rand_seed(const void *buf, int num)
        ssleay_rand_add(buf, num, (double)num);
        }
 
-static int ssleay_rand_bytes(unsigned char *buf, int num)
+static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
        {
        static volatile int stirred_pool = 0;
        int i,j,k,st_num,st_idx;
@@ -517,7 +520,9 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
        EVP_MD_CTX_cleanup(&m);
        if (ok)
                return(1);
-       else
+       else if (pseudo)
+               return 0;
+       else 
                {
                RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);
                ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
@@ -526,22 +531,16 @@ static int ssleay_rand_bytes(unsigned char *buf, int num)
                }
        }
 
+static int ssleay_rand_nopseudo_bytes(unsigned char *buf, int num)
+       {
+       return ssleay_rand_bytes(buf, num, 0);
+       }
+
 /* pseudo-random bytes that are guaranteed to be unique but not
    unpredictable */
 static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 
        {
-       int ret;
-       unsigned long err;
-
-       ret = RAND_bytes(buf, num);
-       if (ret == 0)
-               {
-               err = ERR_peek_error();
-               if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
-                   ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
-                       ERR_clear_error();
-               }
-       return (ret);
+       return ssleay_rand_bytes(buf, num, 1);
        }
 
 static int ssleay_rand_status(void)

diff --git a/deps/openssl/openssl/crypto/rand/rand.h b/deps/openssl/openssl/crypto/rand/rand.h
index ac6c021..dc8fcf9 100644 (file)
--- a/deps/openssl/openssl/crypto/rand/rand.h
+++ b/deps/openssl/openssl/crypto/rand/rand.h
@@ -119,6 +119,11 @@ int RAND_event(UINT, WPARAM, LPARAM);
 
 #endif
 
+#ifdef OPENSSL_FIPS
+void RAND_set_fips_drbg_type(int type, int flags);
+int RAND_init_fips(void);
+#endif
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -129,9 +134,13 @@ void ERR_load_RAND_strings(void);
 
 /* Function codes. */
 #define RAND_F_RAND_GET_RAND_METHOD                     101
+#define RAND_F_RAND_INIT_FIPS                           102
 #define RAND_F_SSLEAY_RAND_BYTES                        100
 
 /* Reason codes. */
+#define RAND_R_ERROR_INITIALISING_DRBG                  102
+#define RAND_R_ERROR_INSTANTIATING_DRBG                         103
+#define RAND_R_NO_FIPS_RANDOM_METHOD_SET                101
 #define RAND_R_PRNG_NOT_SEEDED                          100
 
 #ifdef  __cplusplus

diff --git a/deps/openssl/openssl/crypto/rand/rand_err.c b/deps/openssl/openssl/crypto/rand/rand_err.c
index 03cda4d..b8586c8 100644 (file)
--- a/deps/openssl/openssl/crypto/rand/rand_err.c
+++ b/deps/openssl/openssl/crypto/rand/rand_err.c
@@ -1,6 +1,6 @@
 /* crypto/rand/rand_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2006 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -71,12 +71,16 @@
 static ERR_STRING_DATA RAND_str_functs[]=
        {
 {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD),        "RAND_get_rand_method"},
+{ERR_FUNC(RAND_F_RAND_INIT_FIPS),      "RAND_init_fips"},
 {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES),   "SSLEAY_RAND_BYTES"},
 {0,NULL}
        };
 
 static ERR_STRING_DATA RAND_str_reasons[]=
        {
+{ERR_REASON(RAND_R_ERROR_INITIALISING_DRBG),"error initialising drbg"},
+{ERR_REASON(RAND_R_ERROR_INSTANTIATING_DRBG),"error instantiating drbg"},
+{ERR_REASON(RAND_R_NO_FIPS_RANDOM_METHOD_SET),"no fips random method set"},
 {ERR_REASON(RAND_R_PRNG_NOT_SEEDED)      ,"PRNG not seeded"},
 {0,NULL}
        };

diff --git a/deps/openssl/openssl/crypto/rand/rand_lib.c b/deps/openssl/openssl/crypto/rand/rand_lib.c
index 513e338..476a0cd 100644 (file)
--- a/deps/openssl/openssl/crypto/rand/rand_lib.c
+++ b/deps/openssl/openssl/crypto/rand/rand_lib.c
@@ -60,10 +60,16 @@
 #include <time.h>
 #include "cryptlib.h"
 #include <openssl/rand.h>
+
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#include <openssl/fips_rand.h>
+#endif
+
 #ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
 static ENGINE *funct_ref =NULL;
@@ -174,3 +180,119 @@ int RAND_status(void)
                return meth->status();
        return 0;
        }
+
+#ifdef OPENSSL_FIPS
+
+/* FIPS DRBG initialisation code. This sets up the DRBG for use by the
+ * rest of OpenSSL. 
+ */
+
+/* Entropy gatherer: use standard OpenSSL PRNG to seed (this will gather
+ * entropy internally through RAND_poll().
+ */
+
+static size_t drbg_get_entropy(DRBG_CTX *ctx, unsigned char **pout,
+                                int entropy, size_t min_len, size_t max_len)
+        {
+       /* Round up request to multiple of block size */
+       min_len = ((min_len + 19) / 20) * 20;
+       *pout = OPENSSL_malloc(min_len);
+       if (!*pout)
+               return 0;
+       if (RAND_SSLeay()->bytes(*pout, min_len) <= 0)
+               {
+               OPENSSL_free(*pout);
+               *pout = NULL;
+               return 0;
+               }
+        return min_len;
+        }
+
+static void drbg_free_entropy(DRBG_CTX *ctx, unsigned char *out, size_t olen)
+       {
+       if (out)
+               {
+               OPENSSL_cleanse(out, olen);
+               OPENSSL_free(out);
+               }
+       }
+
+/* Set "additional input" when generating random data. This uses the
+ * current PID, a time value and a counter.
+ */
+
+static size_t drbg_get_adin(DRBG_CTX *ctx, unsigned char **pout)
+       {
+       /* Use of static variables is OK as this happens under a lock */
+       static unsigned char buf[16];
+       static unsigned long counter;
+       FIPS_get_timevec(buf, &counter);
+       *pout = buf;
+       return sizeof(buf);
+       }
+
+/* RAND_add() and RAND_seed() pass through to OpenSSL PRNG so it is 
+ * correctly seeded by RAND_poll().
+ */
+
+static int drbg_rand_add(DRBG_CTX *ctx, const void *in, int inlen,
+                               double entropy)
+       {
+       RAND_SSLeay()->add(in, inlen, entropy);
+       return 1;
+       }
+
+static int drbg_rand_seed(DRBG_CTX *ctx, const void *in, int inlen)
+       {
+       RAND_SSLeay()->seed(in, inlen);
+       return 1;
+       }
+
+#ifndef OPENSSL_DRBG_DEFAULT_TYPE
+#define OPENSSL_DRBG_DEFAULT_TYPE      NID_aes_256_ctr
+#endif
+#ifndef OPENSSL_DRBG_DEFAULT_FLAGS
+#define OPENSSL_DRBG_DEFAULT_FLAGS     DRBG_FLAG_CTR_USE_DF
+#endif 
+
+static int fips_drbg_type = OPENSSL_DRBG_DEFAULT_TYPE;
+static int fips_drbg_flags = OPENSSL_DRBG_DEFAULT_FLAGS;
+
+void RAND_set_fips_drbg_type(int type, int flags)
+       {
+       fips_drbg_type = type;
+       fips_drbg_flags = flags;
+       }
+
+int RAND_init_fips(void)
+       {
+       DRBG_CTX *dctx;
+       size_t plen;
+       unsigned char pers[32], *p;
+       dctx = FIPS_get_default_drbg();
+        if (FIPS_drbg_init(dctx, fips_drbg_type, fips_drbg_flags) <= 0)
+               {
+               RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INITIALISING_DRBG);
+               return 0;
+               }
+               
+        FIPS_drbg_set_callbacks(dctx,
+                               drbg_get_entropy, drbg_free_entropy, 20,
+                               drbg_get_entropy, drbg_free_entropy);
+       FIPS_drbg_set_rand_callbacks(dctx, drbg_get_adin, 0,
+                                       drbg_rand_seed, drbg_rand_add);
+       /* Personalisation string: a string followed by date time vector */
+       strcpy((char *)pers, "OpenSSL DRBG2.0");
+       plen = drbg_get_adin(dctx, &p);
+       memcpy(pers + 16, p, plen);
+
+        if (FIPS_drbg_instantiate(dctx, pers, sizeof(pers)) <= 0)
+               {
+               RANDerr(RAND_F_RAND_INIT_FIPS, RAND_R_ERROR_INSTANTIATING_DRBG);
+               return 0;
+               }
+        FIPS_rand_set_method(FIPS_drbg_method());
+       return 1;
+       }
+
+#endif

diff --git a/deps/openssl/openssl/crypto/rand/randfile.c b/deps/openssl/openssl/crypto/rand/randfile.c
index bc7d9c5..7f14280 100644 (file)
--- a/deps/openssl/openssl/crypto/rand/randfile.c
+++ b/deps/openssl/openssl/crypto/rand/randfile.c
@@ -57,7 +57,9 @@
  */
 
 /* We need to define this to get macros like S_IFBLK and S_IFCHR */
+#if !defined(OPENSSL_SYS_VXWORKS)
 #define _XOPEN_SOURCE 500
+#endif
 
 #include <errno.h>
 #include <stdio.h>
@@ -137,7 +139,7 @@ int RAND_load_file(const char *file, long bytes)
        in=fopen(file,"rb");
 #endif
        if (in == NULL) goto err;
-#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPNESSL_NO_POSIX_IO)
+#if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO)
        if (sb.st_mode & (S_IFBLK | S_IFCHR)) {
          /* this file is a device. we don't want read an infinite number
           * of bytes from a random device, nor do we want to use buffered

diff --git a/deps/openssl/openssl/crypto/rc2/Makefile b/deps/openssl/openssl/crypto/rc2/Makefile
index 73eac34..8a9d49a 100644 (file)
--- a/deps/openssl/openssl/crypto/rc2/Makefile
+++ b/deps/openssl/openssl/crypto/rc2/Makefile
@@ -78,7 +78,11 @@ rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
 rc2_cbc.o: rc2_cbc.c rc2_locl.h
 rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
 rc2_ecb.o: ../../include/openssl/rc2.h rc2_ecb.c rc2_locl.h
-rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+rc2_skey.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rc2_skey.o: ../../include/openssl/opensslconf.h
+rc2_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rc2_skey.o: ../../include/openssl/rc2.h ../../include/openssl/safestack.h
+rc2_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rc2_skey.o: rc2_locl.h rc2_skey.c
 rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
 rc2cfb64.o: rc2_locl.h rc2cfb64.c

diff --git a/deps/openssl/openssl/crypto/rc2/rc2.h b/deps/openssl/openssl/crypto/rc2/rc2.h
index 34c8362..e542ec9 100644 (file)
--- a/deps/openssl/openssl/crypto/rc2/rc2.h
+++ b/deps/openssl/openssl/crypto/rc2/rc2.h
@@ -79,7 +79,9 @@ typedef struct rc2_key_st
        RC2_INT data[64];
        } RC2_KEY;
 
- 
+#ifdef OPENSSL_FIPS 
+void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
+#endif
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits);
 void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key,
                     int enc);

diff --git a/deps/openssl/openssl/crypto/rc2/rc2_skey.c b/deps/openssl/openssl/crypto/rc2/rc2_skey.c
index 0150b0e..6668ac0 100644 (file)
--- a/deps/openssl/openssl/crypto/rc2/rc2_skey.c
+++ b/deps/openssl/openssl/crypto/rc2/rc2_skey.c
@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/crypto.h>
 #include <openssl/rc2.h>
 #include "rc2_locl.h"
 
@@ -95,6 +96,13 @@ static const unsigned char key_table[256]={
  * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
  * a version where the bits parameter is the same as len*8 */
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
+#ifdef OPENSSL_FIPS
+       {
+       fips_cipher_abort(RC2);
+       private_RC2_set_key(key, len, data, bits);
+       }
+void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
+#endif
        {
        int i,j;
        unsigned char *k;

diff --git a/deps/openssl/openssl/crypto/rc4/Makefile b/deps/openssl/openssl/crypto/rc4/Makefile
index 264451a..1614d47 100644 (file)
--- a/deps/openssl/openssl/crypto/rc4/Makefile
+++ b/deps/openssl/openssl/crypto/rc4/Makefile
@@ -21,8 +21,8 @@ TEST=rc4test.c
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC=rc4_skey.c rc4_enc.c
-LIBOBJ=$(RC4_ENC)
+LIBSRC=rc4_skey.c rc4_enc.c rc4_utl.c
+LIBOBJ=$(RC4_ENC) rc4_utl.o
 
 SRC= $(LIBSRC)
 
@@ -46,12 +46,14 @@ rc4-586.s:  asm/rc4-586.pl ../perlasm/x86asm.pl
 
 rc4-x86_64.s: asm/rc4-x86_64.pl
        $(PERL) asm/rc4-x86_64.pl $(PERLASM_SCHEME) > $@
+rc4-md5-x86_64.s:      asm/rc4-md5-x86_64.pl
+       $(PERL) asm/rc4-md5-x86_64.pl $(PERLASM_SCHEME) > $@
 
 rc4-ia64.S: asm/rc4-ia64.pl
        $(PERL) asm/rc4-ia64.pl $(CFLAGS) > $@
 
-rc4-s390x.s:   asm/rc4-s390x.pl
-       $(PERL) asm/rc4-s390x.pl > $@
+rc4-parisc.s:  asm/rc4-parisc.pl
+       $(PERL) asm/rc4-parisc.pl $(PERLASM_SCHEME) $@
 
 rc4-ia64.s: rc4-ia64.S
        @case `awk '/^#define RC4_INT/{print$$NF}' $(TOP)/include/openssl/opensslconf.h` in \
@@ -60,6 +62,9 @@ rc4-ia64.s: rc4-ia64.S
        *)      exit 1 ;; \
        esac
 
+# GNU make "catch all"
+rc4-%.s:       asm/rc4-%.pl;   $(PERL) $< $(PERLASM_SCHEME) $@
+
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
 
@@ -113,3 +118,8 @@ rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rc4_skey.o: ../../include/openssl/rc4.h ../../include/openssl/safestack.h
 rc4_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rc4_skey.o: ../cryptlib.h rc4_locl.h rc4_skey.c
+rc4_utl.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rc4_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rc4_utl.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rc4.h
+rc4_utl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+rc4_utl.o: ../../include/openssl/symhacks.h rc4_utl.c

diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-586.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-586.pl
index 38a44a7..5c9ac6a 100644 (file)
--- a/deps/openssl/openssl/crypto/rc4/asm/rc4-586.pl
+++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-586.pl
@@ -28,6 +28,34 @@
 #
 #                                      <appro@fy.chalmers.se>
 
+# May 2011
+#
+# Optimize for Core2 and Westmere [and incidentally Opteron]. Current
+# performance in cycles per processed byte (less is better) and
+# improvement relative to previous version of this module is:
+#
+# Pentium      10.2                    # original numbers
+# Pentium III  7.8(*)
+# Intel P4     7.5
+#
+# Opteron      6.1/+20%                # new MMX numbers
+# Core2                5.3/+67%(**)
+# Westmere     5.1/+94%(**)
+# Sandy Bridge 5.0/+8%
+# Atom         12.6/+6%
+#
+# (*)  PIII can actually deliver 6.6 cycles per byte with MMX code,
+#      but this specific code performs poorly on Core2. And vice
+#      versa, below MMX/SSE code delivering 5.8/7.1 on Core2 performs
+#      poorly on PIII, at 8.0/14.5:-( As PIII is not a "hot" CPU
+#      [anymore], I chose to discard PIII-specific code path and opt
+#      for original IALU-only code, which is why MMX/SSE code path
+#      is guarded by SSE2 bit (see below), not MMX/SSE.
+# (**) Performance vs. block size on Core2 and Westmere had a maximum
+#      at ... 64 bytes block size. And it was quite a maximum, 40-60%
+#      in comparison to largest 8KB block size. Above improvement
+#      coefficients are for the largest block size.
+
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
@@ -62,6 +90,68 @@ sub RC4_loop {
        &$func  ($out,&DWP(0,$dat,$ty,4));
 }
 
+if ($alt=0) {
+  # >20% faster on Atom and Sandy Bridge[!], 8% faster on Opteron,
+  # but ~40% slower on Core2 and Westmere... Attempt to add movz
+  # brings down Opteron by 25%, Atom and Sandy Bridge by 15%, yet
+  # on Core2 with movz it's almost 20% slower than below alternative
+  # code... Yes, it's a total mess...
+  my @XX=($xx,$out);
+  $RC4_loop_mmx = sub {                # SSE actually...
+    my $i=shift;
+    my $j=$i<=0?0:$i>>1;
+    my $mm=$i<=0?"mm0":"mm".($i&1);
+
+       &add    (&LB($yy),&LB($tx));
+       &lea    (@XX[1],&DWP(1,@XX[0]));
+       &pxor   ("mm2","mm0")                           if ($i==0);
+       &psllq  ("mm1",8)                               if ($i==0);
+       &and    (@XX[1],0xff);
+       &pxor   ("mm0","mm0")                           if ($i<=0);
+       &mov    ($ty,&DWP(0,$dat,$yy,4));
+       &mov    (&DWP(0,$dat,$yy,4),$tx);
+       &pxor   ("mm1","mm2")                           if ($i==0);
+       &mov    (&DWP(0,$dat,$XX[0],4),$ty);
+       &add    (&LB($ty),&LB($tx));
+       &movd   (@XX[0],"mm7")                          if ($i==0);
+       &mov    ($tx,&DWP(0,$dat,@XX[1],4));
+       &pxor   ("mm1","mm1")                           if ($i==1);
+       &movq   ("mm2",&QWP(0,$inp))                    if ($i==1);
+       &movq   (&QWP(-8,(@XX[0],$inp)),"mm1")          if ($i==0);
+       &pinsrw ($mm,&DWP(0,$dat,$ty,4),$j);
+
+       push    (@XX,shift(@XX))                        if ($i>=0);
+  }
+} else {
+  # Using pinsrw here improves performane on Intel CPUs by 2-3%, but
+  # brings down AMD by 7%...
+  $RC4_loop_mmx = sub {
+    my $i=shift;
+
+       &add    (&LB($yy),&LB($tx));
+       &psllq  ("mm1",8*(($i-1)&7))                    if (abs($i)!=1);
+       &mov    ($ty,&DWP(0,$dat,$yy,4));
+       &mov    (&DWP(0,$dat,$yy,4),$tx);
+       &mov    (&DWP(0,$dat,$xx,4),$ty);
+       &inc    ($xx);
+       &add    ($ty,$tx);
+       &movz   ($xx,&LB($xx));                         # (*)
+       &movz   ($ty,&LB($ty));                         # (*)
+       &pxor   ("mm2",$i==1?"mm0":"mm1")               if ($i>=0);
+       &movq   ("mm0",&QWP(0,$inp))                    if ($i<=0);
+       &movq   (&QWP(-8,($out,$inp)),"mm2")            if ($i==0);
+       &mov    ($tx,&DWP(0,$dat,$xx,4));
+       &movd   ($i>0?"mm1":"mm2",&DWP(0,$dat,$ty,4));
+
+       # (*)   This is the key to Core2 and Westmere performance.
+       #       Whithout movz out-of-order execution logic confuses
+       #       itself and fails to reorder loads and stores. Problem
+       #       appears to be fixed in Sandy Bridge...
+  }
+}
+
+&external_label("OPENSSL_ia32cap_P");
+
 # void RC4(RC4_KEY *key,size_t len,const unsigned char *inp,unsigned char *out);
 &function_begin("RC4");
        &mov    ($dat,&wparam(0));      # load key schedule pointer
@@ -94,11 +184,56 @@ sub RC4_loop {
        &and    ($ty,-4);               # how many 4-byte chunks?
        &jz     (&label("loop1"));
 
+       &test   ($ty,-8);
+       &mov    (&wparam(3),$out);      # $out as accumulator in these loops
+       &jz     (&label("go4loop4"));
+
+       &picmeup($out,"OPENSSL_ia32cap_P");
+       &bt     (&DWP(0,$out),26);      # check SSE2 bit [could have been MMX]
+       &jnc    (&label("go4loop4"));
+
+       &mov    ($out,&wparam(3))       if (!$alt);
+       &movd   ("mm7",&wparam(3))      if ($alt);
+       &and    ($ty,-8);
+       &lea    ($ty,&DWP(-8,$inp,$ty));
+       &mov    (&DWP(-4,$dat),$ty);    # save input+(len/8)*8-8
+
+       &$RC4_loop_mmx(-1);
+       &jmp(&label("loop_mmx_enter"));
+
+       &set_label("loop_mmx",16);
+               &$RC4_loop_mmx(0);
+       &set_label("loop_mmx_enter");
+               for     ($i=1;$i<8;$i++) { &$RC4_loop_mmx($i); }
+               &mov    ($ty,$yy);
+               &xor    ($yy,$yy);              # this is second key to Core2
+               &mov    (&LB($yy),&LB($ty));    # and Westmere performance...
+               &cmp    ($inp,&DWP(-4,$dat));
+               &lea    ($inp,&DWP(8,$inp));
+       &jb     (&label("loop_mmx"));
+
+    if ($alt) {
+       &movd   ($out,"mm7");
+       &pxor   ("mm2","mm0");
+       &psllq  ("mm1",8);
+       &pxor   ("mm1","mm2");
+       &movq   (&QWP(-8,$out,$inp),"mm1");
+    } else {
+       &psllq  ("mm1",56);
+       &pxor   ("mm2","mm1");
+       &movq   (&QWP(-8,$out,$inp),"mm2");
+    }
+       &emms   ();
+
+       &cmp    ($inp,&wparam(1));      # compare to input+len
+       &je     (&label("done"));
+       &jmp    (&label("loop1"));
+
+&set_label("go4loop4",16);
        &lea    ($ty,&DWP(-4,$inp,$ty));
        &mov    (&wparam(2),$ty);       # save input+(len/4)*4-4
-       &mov    (&wparam(3),$out);      # $out as accumulator in this loop
 
-       &set_label("loop4",16);
+       &set_label("loop4");
                for ($i=0;$i<4;$i++) { RC4_loop($i); }
                &ror    ($out,8);
                &xor    ($out,&DWP(0,$inp));
@@ -151,7 +286,7 @@ sub RC4_loop {
 
 &set_label("done");
        &dec    (&LB($xx));
-       &mov    (&BP(-4,$dat),&LB($yy));        # save key->y
+       &mov    (&DWP(-4,$dat),$yy);            # save key->y
        &mov    (&BP(-8,$dat),&LB($xx));        # save key->x
 &set_label("abort");
 &function_end("RC4");
@@ -164,10 +299,8 @@ $idi="ebp";
 $ido="ecx";
 $idx="edx";
 
-&external_label("OPENSSL_ia32cap_P");
-
 # void RC4_set_key(RC4_KEY *key,int len,const unsigned char *data);
-&function_begin("RC4_set_key");
+&function_begin("private_RC4_set_key");
        &mov    ($out,&wparam(0));              # load key
        &mov    ($idi,&wparam(1));              # load len
        &mov    ($inp,&wparam(2));              # load data
@@ -245,7 +378,7 @@ $idx="edx";
        &xor    ("eax","eax");
        &mov    (&DWP(-8,$out),"eax");          # key->x=0;
        &mov    (&DWP(-4,$out),"eax");          # key->y=0;
-&function_end("RC4_set_key");
+&function_end("private_RC4_set_key");
 
 # const char *RC4_options(void);
 &function_begin_B("RC4_options");
@@ -254,14 +387,21 @@ $idx="edx";
        &blindpop("eax");
        &lea    ("eax",&DWP(&label("opts")."-".&label("pic_point"),"eax"));
        &picmeup("edx","OPENSSL_ia32cap_P");
-       &bt     (&DWP(0,"edx"),20);
-       &jnc    (&label("skip"));
-         &add  ("eax",12);
-       &set_label("skip");
+       &mov    ("edx",&DWP(0,"edx"));
+       &bt     ("edx",20);
+       &jc     (&label("1xchar"));
+       &bt     ("edx",26);
+       &jnc    (&label("ret"));
+       &add    ("eax",25);
+       &ret    ();
+&set_label("1xchar");
+       &add    ("eax",12);
+&set_label("ret");
        &ret    ();
 &set_label("opts",64);
 &asciz ("rc4(4x,int)");
 &asciz ("rc4(1x,char)");
+&asciz ("rc4(8x,mmx)");
 &asciz ("RC4 for x86, CRYPTOGAMS by <appro\@openssl.org>");
 &align (64);
 &function_end_B("RC4_options");

diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-s390x.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-s390x.pl
index 96681fa..7528ece 100644 (file)
--- a/deps/openssl/openssl/crypto/rc4/asm/rc4-s390x.pl
+++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-s390x.pl
@@ -13,6 +13,29 @@
 # "cluster" Address Generation Interlocks, so that one pipeline stall
 # resolves several dependencies.
 
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific. On z990 it was measured to perform
+# 50% better than code generated by gcc 4.3.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+       $SIZE_T=4;
+       $g="";
+} else {
+       $SIZE_T=8;
+       $g="g";
+}
+
+while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
+open STDOUT,">$output";
+
 $rp="%r14";
 $sp="%r15";
 $code=<<___;
@@ -39,7 +62,12 @@ $code.=<<___;
 .type  RC4,\@function
 .align 64
 RC4:
-       stmg    %r6,%r11,48($sp)
+       stm${g} %r6,%r11,6*$SIZE_T($sp)
+___
+$code.=<<___ if ($flavour =~ /3[12]/);
+       llgfr   $len,$len
+___
+$code.=<<___;
        llgc    $XX[0],0($key)
        llgc    $YY,1($key)
        la      $XX[0],1($XX[0])
@@ -90,7 +118,7 @@ $code.=<<___;
        xgr     $acc,$TX[1]
        stg     $acc,0($out)
        la      $out,8($out)
-       brct    $cnt,.Loop8
+       brctg   $cnt,.Loop8
 
 .Lshort:
        lghi    $acc,7
@@ -122,7 +150,7 @@ $code.=<<___;
        ahi     $XX[0],-1
        stc     $XX[0],0($key)
        stc     $YY,1($key)
-       lmg     %r6,%r11,48($sp)
+       lm${g}  %r6,%r11,6*$SIZE_T($sp)
        br      $rp
 .size  RC4,.-RC4
 .string        "RC4 for s390x, CRYPTOGAMS by <appro\@openssl.org>"
@@ -143,11 +171,11 @@ $ikey="%r7";
 $iinp="%r8";
 
 $code.=<<___;
-.globl RC4_set_key
-.type  RC4_set_key,\@function
+.globl private_RC4_set_key
+.type  private_RC4_set_key,\@function
 .align 64
-RC4_set_key:
-       stmg    %r6,%r8,48($sp)
+private_RC4_set_key:
+       stm${g} %r6,%r8,6*$SIZE_T($sp)
        lhi     $cnt,256
        la      $idx,0(%r0)
        sth     $idx,0($key)
@@ -180,9 +208,9 @@ RC4_set_key:
        la      $iinp,0(%r0)
        j       .L2ndloop
 .Ldone:
-       lmg     %r6,%r8,48($sp)
+       lm${g}  %r6,%r8,6*$SIZE_T($sp)
        br      $rp
-.size  RC4_set_key,.-RC4_set_key
+.size  private_RC4_set_key,.-private_RC4_set_key
 
 ___
 }
@@ -203,3 +231,4 @@ RC4_options:
 ___
 
 print $code;
+close STDOUT;  # force flush

diff --git a/deps/openssl/openssl/crypto/rc4/asm/rc4-x86_64.pl b/deps/openssl/openssl/crypto/rc4/asm/rc4-x86_64.pl
index 677be5f..75750db 100755 (executable)
--- a/deps/openssl/openssl/crypto/rc4/asm/rc4-x86_64.pl
+++ b/deps/openssl/openssl/crypto/rc4/asm/rc4-x86_64.pl
@@ -7,6 +7,8 @@
 # details see http://www.openssl.org/~appro/cryptogams/.
 # ====================================================================
 #
+# July 2004
+#
 # 2.22x RC4 tune-up:-) It should be noted though that my hand [as in
 # "hand-coded assembler"] doesn't stand for the whole improvement
 # coefficient. It turned out that eliminating RC4_CHAR from config
@@ -19,6 +21,8 @@
 # to operate on partial registers, it turned out to be the best bet.
 # At least for AMD... How IA32E would perform remains to be seen...
 
+# November 2004
+#
 # As was shown by Marc Bevand reordering of couple of load operations
 # results in even higher performance gain of 3.3x:-) At least on
 # Opteron... For reference, 1x in this case is RC4_CHAR C-code
@@ -26,6 +30,8 @@
 # Latter means that if you want to *estimate* what to expect from
 # *your* Opteron, then multiply 54 by 3.3 and clock frequency in GHz.
 
+# November 2004
+#
 # Intel P4 EM64T core was found to run the AMD64 code really slow...
 # The only way to achieve comparable performance on P4 was to keep
 # RC4_CHAR. Kind of ironic, huh? As it's apparently impossible to
@@ -33,10 +39,14 @@
 # on either AMD and Intel platforms, I implement both cases. See
 # rc4_skey.c for further details...
 
+# April 2005
+#
 # P4 EM64T core appears to be "allergic" to 64-bit inc/dec. Replacing 
 # those with add/sub results in 50% performance improvement of folded
 # loop...
 
+# May 2005
+#
 # As was shown by Zou Nanhai loop unrolling can improve Intel EM64T
 # performance by >30% [unlike P4 32-bit case that is]. But this is
 # provided that loads are reordered even more aggressively! Both code
@@ -50,6 +60,8 @@
 # is not implemented, then this final RC4_CHAR code-path should be
 # preferred, as it provides better *all-round* performance].
 
+# March 2007
+#
 # Intel Core2 was observed to perform poorly on both code paths:-( It
 # apparently suffers from some kind of partial register stall, which
 # occurs in 64-bit mode only [as virtually identical 32-bit loop was
@@ -58,6 +70,37 @@
 # fit for Core2 and therefore the code was modified to skip cloop8 on
 # this CPU.
 
+# May 2010
+#
+# Intel Westmere was observed to perform suboptimally. Adding yet
+# another movzb to cloop1 improved performance by almost 50%! Core2
+# performance is improved too, but nominally...
+
+# May 2011
+#
+# The only code path that was not modified is P4-specific one. Non-P4
+# Intel code path optimization is heavily based on submission by Maxim
+# Perminov, Maxim Locktyukhin and Jim Guilford of Intel. I've used
+# some of the ideas even in attempt to optmize the original RC4_INT
+# code path... Current performance in cycles per processed byte (less
+# is better) and improvement coefficients relative to previous
+# version of this module are:
+#
+# Opteron      5.3/+0%(*)
+# P4           6.5
+# Core2                6.2/+15%(**)
+# Westmere     4.2/+60%
+# Sandy Bridge 4.2/+120%
+# Atom         9.3/+80%
+#
+# (*)  But corresponding loop has less instructions, which should have
+#      positive effect on upcoming Bulldozer, which has one less ALU.
+#      For reference, Intel code runs at 6.8 cpb rate on Opteron.
+# (**) Note that Core2 result is ~15% lower than corresponding result
+#      for 32-bit code, meaning that it's possible to improve it,
+#      but more than likely at the cost of the others (see rc4-586.pl
+#      to get the idea)...
+
 $flavour = shift;
 $output  = shift;
 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
@@ -69,20 +112,18 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $dat="%rdi";       # arg1
 $len="%rsi";       # arg2
 $inp="%rdx";       # arg3
 $out="%rcx";       # arg4
 
-@XX=("%r8","%r10");
-@TX=("%r9","%r11");
-$YY="%r12";
-$TY="%r13";
-
+{
 $code=<<___;
 .text
+.extern        OPENSSL_ia32cap_P
 
 .globl RC4
 .type  RC4,\@function,4
@@ -95,48 +136,173 @@ RC4:      or      $len,$len
        push    %r12
        push    %r13
 .Lprologue:
+       mov     $len,%r11
+       mov     $inp,%r12
+       mov     $out,%r13
+___
+my $len="%r11";                # reassign input arguments
+my $inp="%r12";
+my $out="%r13";
 
-       add     \$8,$dat
-       movl    -8($dat),$XX[0]#d
-       movl    -4($dat),$YY#d
+my @XX=("%r10","%rsi");
+my @TX=("%rax","%rbx");
+my $YY="%rcx";
+my $TY="%rdx";
+
+$code.=<<___;
+       xor     $XX[0],$XX[0]
+       xor     $YY,$YY
+
+       lea     8($dat),$dat
+       mov     -8($dat),$XX[0]#b
+       mov     -4($dat),$YY#b
        cmpl    \$-1,256($dat)
        je      .LRC4_CHAR
+       mov     OPENSSL_ia32cap_P(%rip),%r8d
+       xor     $TX[1],$TX[1]
        inc     $XX[0]#b
+       sub     $XX[0],$TX[1]
+       sub     $inp,$out
        movl    ($dat,$XX[0],4),$TX[0]#d
-       test    \$-8,$len
+       test    \$-16,$len
        jz      .Lloop1
-       jmp     .Lloop8
+       bt      \$30,%r8d       # Intel CPU?
+       jc      .Lintel
+       and     \$7,$TX[1]
+       lea     1($XX[0]),$XX[1]
+       jz      .Loop8
+       sub     $TX[1],$len
+.Loop8_warmup:
+       add     $TX[0]#b,$YY#b
+       movl    ($dat,$YY,4),$TY#d
+       movl    $TX[0]#d,($dat,$YY,4)
+       movl    $TY#d,($dat,$XX[0],4)
+       add     $TY#b,$TX[0]#b
+       inc     $XX[0]#b
+       movl    ($dat,$TX[0],4),$TY#d
+       movl    ($dat,$XX[0],4),$TX[0]#d
+       xorb    ($inp),$TY#b
+       movb    $TY#b,($out,$inp)
+       lea     1($inp),$inp
+       dec     $TX[1]
+       jnz     .Loop8_warmup
+
+       lea     1($XX[0]),$XX[1]
+       jmp     .Loop8
 .align 16
-.Lloop8:
+.Loop8:
 ___
 for ($i=0;$i<8;$i++) {
+$code.=<<___ if ($i==7);
+       add     \$8,$XX[1]#b
+___
 $code.=<<___;
        add     $TX[0]#b,$YY#b
-       mov     $XX[0],$XX[1]
        movl    ($dat,$YY,4),$TY#d
-       ror     \$8,%rax                        # ror is redundant when $i=0
-       inc     $XX[1]#b
-       movl    ($dat,$XX[1],4),$TX[1]#d
-       cmp     $XX[1],$YY
        movl    $TX[0]#d,($dat,$YY,4)
-       cmove   $TX[0],$TX[1]
-       movl    $TY#d,($dat,$XX[0],4)
+       movl    `4*($i==7?-1:$i)`($dat,$XX[1],4),$TX[1]#d
+       ror     \$8,%r8                         # ror is redundant when $i=0
+       movl    $TY#d,4*$i($dat,$XX[0],4)
        add     $TX[0]#b,$TY#b
-       movb    ($dat,$TY,4),%al
+       movb    ($dat,$TY,4),%r8b
 ___
-push(@TX,shift(@TX)); push(@XX,shift(@XX));    # "rotate" registers
+push(@TX,shift(@TX)); #push(@XX,shift(@XX));   # "rotate" registers
 }
 $code.=<<___;
-       ror     \$8,%rax
+       add     \$8,$XX[0]#b
+       ror     \$8,%r8
        sub     \$8,$len
 
-       xor     ($inp),%rax
-       add     \$8,$inp
-       mov     %rax,($out)
-       add     \$8,$out
+       xor     ($inp),%r8
+       mov     %r8,($out,$inp)
+       lea     8($inp),$inp
 
        test    \$-8,$len
-       jnz     .Lloop8
+       jnz     .Loop8
+       cmp     \$0,$len
+       jne     .Lloop1
+       jmp     .Lexit
+
+.align 16
+.Lintel:
+       test    \$-32,$len
+       jz      .Lloop1
+       and     \$15,$TX[1]
+       jz      .Loop16_is_hot
+       sub     $TX[1],$len
+.Loop16_warmup:
+       add     $TX[0]#b,$YY#b
+       movl    ($dat,$YY,4),$TY#d
+       movl    $TX[0]#d,($dat,$YY,4)
+       movl    $TY#d,($dat,$XX[0],4)
+       add     $TY#b,$TX[0]#b
+       inc     $XX[0]#b
+       movl    ($dat,$TX[0],4),$TY#d
+       movl    ($dat,$XX[0],4),$TX[0]#d
+       xorb    ($inp),$TY#b
+       movb    $TY#b,($out,$inp)
+       lea     1($inp),$inp
+       dec     $TX[1]
+       jnz     .Loop16_warmup
+
+       mov     $YY,$TX[1]
+       xor     $YY,$YY
+       mov     $TX[1]#b,$YY#b
+
+.Loop16_is_hot:
+       lea     ($dat,$XX[0],4),$XX[1]
+___
+sub RC4_loop {
+  my $i=shift;
+  my $j=$i<0?0:$i;
+  my $xmm="%xmm".($j&1);
+
+    $code.="   add     \$16,$XX[0]#b\n"                if ($i==15);
+    $code.="   movdqu  ($inp),%xmm2\n"                 if ($i==15);
+    $code.="   add     $TX[0]#b,$YY#b\n"               if ($i<=0);
+    $code.="   movl    ($dat,$YY,4),$TY#d\n";
+    $code.="   pxor    %xmm0,%xmm2\n"                  if ($i==0);
+    $code.="   psllq   \$8,%xmm1\n"                    if ($i==0);
+    $code.="   pxor    $xmm,$xmm\n"                    if ($i<=1);
+    $code.="   movl    $TX[0]#d,($dat,$YY,4)\n";
+    $code.="   add     $TY#b,$TX[0]#b\n";
+    $code.="   movl    `4*($j+1)`($XX[1]),$TX[1]#d\n"  if ($i<15);
+    $code.="   movz    $TX[0]#b,$TX[0]#d\n";
+    $code.="   movl    $TY#d,4*$j($XX[1])\n";
+    $code.="   pxor    %xmm1,%xmm2\n"                  if ($i==0);
+    $code.="   lea     ($dat,$XX[0],4),$XX[1]\n"       if ($i==15);
+    $code.="   add     $TX[1]#b,$YY#b\n"               if ($i<15);
+    $code.="   pinsrw  \$`($j>>1)&7`,($dat,$TX[0],4),$xmm\n";
+    $code.="   movdqu  %xmm2,($out,$inp)\n"            if ($i==0);
+    $code.="   lea     16($inp),$inp\n"                if ($i==0);
+    $code.="   movl    ($XX[1]),$TX[1]#d\n"            if ($i==15);
+}
+       RC4_loop(-1);
+$code.=<<___;
+       jmp     .Loop16_enter
+.align 16
+.Loop16:
+___
+
+for ($i=0;$i<16;$i++) {
+    $code.=".Loop16_enter:\n"          if ($i==1);
+       RC4_loop($i);
+       push(@TX,shift(@TX));           # "rotate" registers
+}
+$code.=<<___;
+       mov     $YY,$TX[1]
+       xor     $YY,$YY                 # keyword to partial register
+       sub     \$16,$len
+       mov     $TX[1]#b,$YY#b
+       test    \$-16,$len
+       jnz     .Loop16
+
+       psllq   \$8,%xmm1
+       pxor    %xmm0,%xmm2
+       pxor    %xmm1,%xmm2
+       movdqu  %xmm2,($out,$inp)
+       lea     16($inp),$inp
+
        cmp     \$0,$len
        jne     .Lloop1
        jmp     .Lexit
@@ -152,9 +318,8 @@ $code.=<<___;
        movl    ($dat,$TX[0],4),$TY#d
        movl    ($dat,$XX[0],4),$TX[0]#d
        xorb    ($inp),$TY#b
-       inc     $inp
-       movb    $TY#b,($out)
-       inc     $out
+       movb    $TY#b,($out,$inp)
+       lea     1($inp),$inp
        dec     $len
        jnz     .Lloop1
        jmp     .Lexit
@@ -165,13 +330,11 @@ $code.=<<___;
        movzb   ($dat,$XX[0]),$TX[0]#d
        test    \$-8,$len
        jz      .Lcloop1
-       cmpl    \$0,260($dat)
-       jnz     .Lcloop1
        jmp     .Lcloop8
 .align 16
 .Lcloop8:
-       mov     ($inp),%eax
-       mov     4($inp),%ebx
+       mov     ($inp),%r8d
+       mov     4($inp),%r9d
 ___
 # unroll 2x4-wise, because 64-bit rotates kill Intel P4...
 for ($i=0;$i<4;$i++) {
@@ -188,8 +351,8 @@ $code.=<<___;
        mov     $TX[0],$TX[1]
 .Lcmov$i:
        add     $TX[0]#b,$TY#b
-       xor     ($dat,$TY),%al
-       ror     \$8,%eax
+       xor     ($dat,$TY),%r8b
+       ror     \$8,%r8d
 ___
 push(@TX,shift(@TX)); push(@XX,shift(@XX));    # "rotate" registers
 }
@@ -207,16 +370,16 @@ $code.=<<___;
        mov     $TX[0],$TX[1]
 .Lcmov$i:
        add     $TX[0]#b,$TY#b
-       xor     ($dat,$TY),%bl
-       ror     \$8,%ebx
+       xor     ($dat,$TY),%r9b
+       ror     \$8,%r9d
 ___
 push(@TX,shift(@TX)); push(@XX,shift(@XX));    # "rotate" registers
 }
 $code.=<<___;
        lea     -8($len),$len
-       mov     %eax,($out)
+       mov     %r8d,($out)
        lea     8($inp),$inp
-       mov     %ebx,4($out)
+       mov     %r9d,4($out)
        lea     8($out),$out
 
        test    \$-8,$len
@@ -229,6 +392,7 @@ $code.=<<___;
 .align 16
 .Lcloop1:
        add     $TX[0]#b,$YY#b
+       movzb   $YY#b,$YY#d
        movzb   ($dat,$YY),$TY#d
        movb    $TX[0]#b,($dat,$YY)
        movb    $TY#b,($dat,$XX[0])
@@ -260,16 +424,16 @@ $code.=<<___;
        ret
 .size  RC4,.-RC4
 ___
+}
 
 $idx="%r8";
 $ido="%r9";
 
 $code.=<<___;
-.extern        OPENSSL_ia32cap_P
-.globl RC4_set_key
-.type  RC4_set_key,\@function,3
+.globl private_RC4_set_key
+.type  private_RC4_set_key,\@function,3
 .align 16
-RC4_set_key:
+private_RC4_set_key:
        lea     8($dat),$dat
        lea     ($inp,$len),$inp
        neg     $len
@@ -280,12 +444,9 @@ RC4_set_key:
        xor     %r11,%r11
 
        mov     OPENSSL_ia32cap_P(%rip),$idx#d
-       bt      \$20,$idx#d
-       jnc     .Lw1stloop
-       bt      \$30,$idx#d
-       setc    $ido#b
-       mov     $ido#d,260($dat)
-       jmp     .Lc1stloop
+       bt      \$20,$idx#d     # RC4_CHAR?
+       jc      .Lc1stloop
+       jmp     .Lw1stloop
 
 .align 16
 .Lw1stloop:
@@ -339,7 +500,7 @@ RC4_set_key:
        mov     %eax,-8($dat)
        mov     %eax,-4($dat)
        ret
-.size  RC4_set_key,.-RC4_set_key
+.size  private_RC4_set_key,.-private_RC4_set_key
 
 .globl RC4_options
 .type  RC4_options,\@abi-omnipotent
@@ -348,18 +509,20 @@ RC4_options:
        lea     .Lopts(%rip),%rax
        mov     OPENSSL_ia32cap_P(%rip),%edx
        bt      \$20,%edx
-       jnc     .Ldone
-       add     \$12,%rax
+       jc      .L8xchar
        bt      \$30,%edx
        jnc     .Ldone
-       add     \$13,%rax
+       add     \$25,%rax
+       ret
+.L8xchar:
+       add     \$12,%rax
 .Ldone:
        ret
 .align 64
 .Lopts:
 .asciz "rc4(8x,int)"
 .asciz "rc4(8x,char)"
-.asciz "rc4(1x,char)"
+.asciz "rc4(16x,int)"
 .asciz "RC4 for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
 .align 64
 .size  RC4_options,.-RC4_options
@@ -482,22 +645,32 @@ key_se_handler:
        .rva    .LSEH_end_RC4
        .rva    .LSEH_info_RC4
 
-       .rva    .LSEH_begin_RC4_set_key
-       .rva    .LSEH_end_RC4_set_key
-       .rva    .LSEH_info_RC4_set_key
+       .rva    .LSEH_begin_private_RC4_set_key
+       .rva    .LSEH_end_private_RC4_set_key
+       .rva    .LSEH_info_private_RC4_set_key
 
 .section       .xdata
 .align 8
 .LSEH_info_RC4:
        .byte   9,0,0,0
        .rva    stream_se_handler
-.LSEH_info_RC4_set_key:
+.LSEH_info_private_RC4_set_key:
        .byte   9,0,0,0
        .rva    key_se_handler
 ___
 }
 
-$code =~ s/#([bwd])/$1/gm;
+sub reg_part {
+my ($reg,$conv)=@_;
+    if ($reg =~ /%r[0-9]+/)    { $reg .= $conv; }
+    elsif ($conv eq "b")       { $reg =~ s/%[er]([^x]+)x?/%$1l/;       }
+    elsif ($conv eq "w")       { $reg =~ s/%[er](.+)/%$1/;             }
+    elsif ($conv eq "d")       { $reg =~ s/%[er](.+)/%e$1/;            }
+    return $reg;
+}
+
+$code =~ s/(%[a-z0-9]+)#([bwd])/reg_part($1,$2)/gem;
+$code =~ s/\`([^\`]*)\`/eval $1/gem;
 
 print $code;
 

diff --git a/deps/openssl/openssl/crypto/rc4/rc4.h b/deps/openssl/openssl/crypto/rc4/rc4.h
index 29d1acc..88ceb46 100644 (file)
--- a/deps/openssl/openssl/crypto/rc4/rc4.h
+++ b/deps/openssl/openssl/crypto/rc4/rc4.h
@@ -79,6 +79,7 @@ typedef struct rc4_key_st
  
 const char *RC4_options(void);
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
 void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
                unsigned char *outdata);
 

diff --git a/deps/openssl/openssl/crypto/rc4/rc4_skey.c b/deps/openssl/openssl/crypto/rc4/rc4_skey.c
index b22c40b..fda2763 100644 (file)
--- a/deps/openssl/openssl/crypto/rc4/rc4_skey.c
+++ b/deps/openssl/openssl/crypto/rc4/rc4_skey.c
@@ -85,7 +85,7 @@ const char *RC4_options(void)
  * Date: Wed, 14 Sep 1994 06:35:31 GMT
  */
 
-void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
        {
         register RC4_INT tmp;
         register int id1,id2;
@@ -104,40 +104,6 @@ void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
                d[(n)]=d[id2]; \
                d[id2]=tmp; }
 
-#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM)
-# if   defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
-       defined(__INTEL__) || \
-       defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64)
-       if (sizeof(RC4_INT) > 1) {
-               /*
-                * Unlike all other x86 [and x86_64] implementations,
-                * Intel P4 core [including EM64T] was found to perform
-                * poorly with wider RC4_INT. Performance improvement
-                * for IA-32 hand-coded assembler turned out to be 2.8x
-                * if re-coded for RC4_CHAR! It's however inappropriate
-                * to just switch to RC4_CHAR for x86[_64], as non-P4
-                * implementations suffer from significant performance
-                * losses then, e.g. PIII exhibits >2x deterioration,
-                * and so does Opteron. In order to assure optimal
-                * all-round performance, let us [try to] detect P4 at
-                * run-time by checking upon HTT bit in CPU capability
-                * vector and set up compressed key schedule, which is
-                * recognized by correspondingly updated assembler
-                * module...
-                *                              <appro@fy.chalmers.se>
-                */
-               if (OPENSSL_ia32cap_P & (1<<28)) {
-                       unsigned char *cp=(unsigned char *)d;
-
-                       for (i=0;i<256;i++) cp[i]=i;
-                       for (i=0;i<256;i++) SK_LOOP(cp,i);
-                       /* mark schedule as compressed! */
-                       d[256/sizeof(RC4_INT)]=-1;
-                       return;
-               }
-       }
-# endif
-#endif
        for (i=0; i < 256; i++) d[i]=i;
        for (i=0; i < 256; i+=4)
                {

diff --git a/deps/openssl/openssl/crypto/rc4/rc4test.c b/deps/openssl/openssl/crypto/rc4/rc4test.c
index 633a79e..4312605 100644 (file)
--- a/deps/openssl/openssl/crypto/rc4/rc4test.c
+++ b/deps/openssl/openssl/crypto/rc4/rc4test.c
@@ -120,6 +120,12 @@ int main(int argc, char *argv[])
        RC4_KEY key;
        unsigned char obuf[512];
 
+#if !defined(OPENSSL_PIC)
+       void OPENSSL_cpuid_setup(void);
+
+       OPENSSL_cpuid_setup();
+#endif
+
        for (i=0; i<6; i++)
                {
                RC4_set_key(&key,keys[i][0],&(keys[i][1]));

diff --git a/deps/openssl/openssl/crypto/ripemd/Makefile b/deps/openssl/openssl/crypto/ripemd/Makefile
index d5b1067..25140b2 100644 (file)
--- a/deps/openssl/openssl/crypto/ripemd/Makefile
+++ b/deps/openssl/openssl/crypto/ripemd/Makefile
@@ -82,8 +82,11 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
-rmd_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+rmd_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rmd_dgst.o: ../../include/openssl/opensslconf.h
+rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rmd_dgst.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
+rmd_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rmd_dgst.o: ../md32_common.h rmd_dgst.c rmd_locl.h rmdconst.h
 rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 rmd_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

diff --git a/deps/openssl/openssl/crypto/ripemd/ripemd.h b/deps/openssl/openssl/crypto/ripemd/ripemd.h
index 5942eb6..189bd8c 100644 (file)
--- a/deps/openssl/openssl/crypto/ripemd/ripemd.h
+++ b/deps/openssl/openssl/crypto/ripemd/ripemd.h
@@ -91,6 +91,9 @@ typedef struct RIPEMD160state_st
        unsigned int   num;
        } RIPEMD160_CTX;
 
+#ifdef OPENSSL_FIPS
+int private_RIPEMD160_Init(RIPEMD160_CTX *c);
+#endif
 int RIPEMD160_Init(RIPEMD160_CTX *c);
 int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
 int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);

diff --git a/deps/openssl/openssl/crypto/ripemd/rmd_dgst.c b/deps/openssl/openssl/crypto/ripemd/rmd_dgst.c
index 59b017f..d8e72da 100644 (file)
--- a/deps/openssl/openssl/crypto/ripemd/rmd_dgst.c
+++ b/deps/openssl/openssl/crypto/ripemd/rmd_dgst.c
@@ -59,6 +59,7 @@
 #include <stdio.h>
 #include "rmd_locl.h"
 #include <openssl/opensslv.h>
+#include <openssl/crypto.h>
 
 const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT;
 
@@ -69,7 +70,7 @@ const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT;
      void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
 #  endif
 
-int RIPEMD160_Init(RIPEMD160_CTX *c)
+fips_md_init(RIPEMD160)
        {
        memset (c,0,sizeof(*c));
        c->A=RIPEMD160_A;
@@ -104,21 +105,21 @@ void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num)
 
        A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
 
-       HOST_c2l(data,l); X( 0)=l;      HOST_c2l(data,l); X( 1)=l;
-       RIP1(A,B,C,D,E,WL00,SL00);      HOST_c2l(data,l); X( 2)=l;
-       RIP1(E,A,B,C,D,WL01,SL01);      HOST_c2l(data,l); X( 3)=l;
-       RIP1(D,E,A,B,C,WL02,SL02);      HOST_c2l(data,l); X( 4)=l;
-       RIP1(C,D,E,A,B,WL03,SL03);      HOST_c2l(data,l); X( 5)=l;
-       RIP1(B,C,D,E,A,WL04,SL04);      HOST_c2l(data,l); X( 6)=l;
-       RIP1(A,B,C,D,E,WL05,SL05);      HOST_c2l(data,l); X( 7)=l;
-       RIP1(E,A,B,C,D,WL06,SL06);      HOST_c2l(data,l); X( 8)=l;
-       RIP1(D,E,A,B,C,WL07,SL07);      HOST_c2l(data,l); X( 9)=l;
-       RIP1(C,D,E,A,B,WL08,SL08);      HOST_c2l(data,l); X(10)=l;
-       RIP1(B,C,D,E,A,WL09,SL09);      HOST_c2l(data,l); X(11)=l;
-       RIP1(A,B,C,D,E,WL10,SL10);      HOST_c2l(data,l); X(12)=l;
-       RIP1(E,A,B,C,D,WL11,SL11);      HOST_c2l(data,l); X(13)=l;
-       RIP1(D,E,A,B,C,WL12,SL12);      HOST_c2l(data,l); X(14)=l;
-       RIP1(C,D,E,A,B,WL13,SL13);      HOST_c2l(data,l); X(15)=l;
+       (void)HOST_c2l(data,l); X( 0)=l;(void)HOST_c2l(data,l); X( 1)=l;
+       RIP1(A,B,C,D,E,WL00,SL00);      (void)HOST_c2l(data,l); X( 2)=l;
+       RIP1(E,A,B,C,D,WL01,SL01);      (void)HOST_c2l(data,l); X( 3)=l;
+       RIP1(D,E,A,B,C,WL02,SL02);      (void)HOST_c2l(data,l); X( 4)=l;
+       RIP1(C,D,E,A,B,WL03,SL03);      (void)HOST_c2l(data,l); X( 5)=l;
+       RIP1(B,C,D,E,A,WL04,SL04);      (void)HOST_c2l(data,l); X( 6)=l;
+       RIP1(A,B,C,D,E,WL05,SL05);      (void)HOST_c2l(data,l); X( 7)=l;
+       RIP1(E,A,B,C,D,WL06,SL06);      (void)HOST_c2l(data,l); X( 8)=l;
+       RIP1(D,E,A,B,C,WL07,SL07);      (void)HOST_c2l(data,l); X( 9)=l;
+       RIP1(C,D,E,A,B,WL08,SL08);      (void)HOST_c2l(data,l); X(10)=l;
+       RIP1(B,C,D,E,A,WL09,SL09);      (void)HOST_c2l(data,l); X(11)=l;
+       RIP1(A,B,C,D,E,WL10,SL10);      (void)HOST_c2l(data,l); X(12)=l;
+       RIP1(E,A,B,C,D,WL11,SL11);      (void)HOST_c2l(data,l); X(13)=l;
+       RIP1(D,E,A,B,C,WL12,SL12);      (void)HOST_c2l(data,l); X(14)=l;
+       RIP1(C,D,E,A,B,WL13,SL13);      (void)HOST_c2l(data,l); X(15)=l;
        RIP1(B,C,D,E,A,WL14,SL14);
        RIP1(A,B,C,D,E,WL15,SL15);
 

diff --git a/deps/openssl/openssl/crypto/ripemd/rmd_locl.h b/deps/openssl/openssl/crypto/ripemd/rmd_locl.h
index f14b346..2bd8957 100644 (file)
--- a/deps/openssl/openssl/crypto/ripemd/rmd_locl.h
+++ b/deps/openssl/openssl/crypto/ripemd/rmd_locl.h
@@ -88,11 +88,11 @@ void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,size_t num);
 #define HASH_FINAL              RIPEMD160_Final
 #define        HASH_MAKE_STRING(c,s)   do {    \
        unsigned long ll;               \
-       ll=(c)->A; HOST_l2c(ll,(s));    \
-       ll=(c)->B; HOST_l2c(ll,(s));    \
-       ll=(c)->C; HOST_l2c(ll,(s));    \
-       ll=(c)->D; HOST_l2c(ll,(s));    \
-       ll=(c)->E; HOST_l2c(ll,(s));    \
+       ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+       ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+       ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+       ll=(c)->D; (void)HOST_l2c(ll,(s));      \
+       ll=(c)->E; (void)HOST_l2c(ll,(s));      \
        } while (0)
 #define HASH_BLOCK_DATA_ORDER   ripemd160_block_data_order
 

diff --git a/deps/openssl/openssl/crypto/rsa/Makefile b/deps/openssl/openssl/crypto/rsa/Makefile
index bb64223..f798d2f 100644 (file)
--- a/deps/openssl/openssl/crypto/rsa/Makefile
+++ b/deps/openssl/openssl/crypto/rsa/Makefile
@@ -20,11 +20,11 @@ LIB=$(TOP)/libcrypto.a
 LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
        rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
        rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \
-       rsa_pmeth.c
+       rsa_pmeth.c rsa_crpt.c
 LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
        rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
        rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o rsa_ameth.o rsa_prn.o \
-       rsa_pmeth.o
+       rsa_pmeth.o rsa_crpt.o
 
 SRC= $(LIBSRC)
 
@@ -100,11 +100,16 @@ rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
 rsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-rsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+rsa_asn1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+rsa_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+rsa_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 rsa_asn1.o: ../../include/openssl/opensslconf.h
 rsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rsa_asn1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+rsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 rsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_asn1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 rsa_asn1.o: ../cryptlib.h rsa_asn1.c
 rsa_chk.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
@@ -114,6 +119,21 @@ rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_chk.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 rsa_chk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 rsa_chk.o: rsa_chk.c
+rsa_crpt.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_crpt.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+rsa_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+rsa_crpt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_crpt.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_crpt.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+rsa_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_crpt.o: ../../include/openssl/opensslconf.h
+rsa_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+rsa_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+rsa_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_crpt.c
 rsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -205,11 +225,12 @@ rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
 rsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
 rsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
 rsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
-rsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
-rsa_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-rsa_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
-rsa_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
-rsa_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_pmeth.o: ../../include/openssl/cms.h ../../include/openssl/crypto.h
+rsa_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_pmeth.o: ../../include/openssl/objects.h
 rsa_pmeth.o: ../../include/openssl/opensslconf.h
 rsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 rsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h

diff --git a/deps/openssl/openssl/crypto/rsa/rsa.h b/deps/openssl/openssl/crypto/rsa/rsa.h
index cf74343..5f269e5 100644 (file)
--- a/deps/openssl/openssl/crypto/rsa/rsa.h
+++ b/deps/openssl/openssl/crypto/rsa/rsa.h
@@ -222,12 +222,22 @@ struct rsa_st
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \
                                pad, NULL)
 
+#define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \
+       EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \
+                               EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad)
+
 #define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
                                (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
                                EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \
                                len, NULL)
 
+#define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
+       EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
+                               (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
+                               EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \
+                               0, plen)
+
 #define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
                                EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
@@ -236,11 +246,24 @@ struct rsa_st
        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
                                EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
 
+#define         EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md)  \
+               EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG,  \
+                               EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md)
+
+#define         EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \
+               EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG,  \
+                               EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd)
+
 #define EVP_PKEY_CTRL_RSA_PADDING      (EVP_PKEY_ALG_CTRL + 1)
 #define EVP_PKEY_CTRL_RSA_PSS_SALTLEN  (EVP_PKEY_ALG_CTRL + 2)
 
 #define EVP_PKEY_CTRL_RSA_KEYGEN_BITS  (EVP_PKEY_ALG_CTRL + 3)
 #define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP        (EVP_PKEY_ALG_CTRL + 4)
+#define EVP_PKEY_CTRL_RSA_MGF1_MD      (EVP_PKEY_ALG_CTRL + 5)
+
+#define EVP_PKEY_CTRL_GET_RSA_PADDING          (EVP_PKEY_ALG_CTRL + 6)
+#define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN      (EVP_PKEY_ALG_CTRL + 7)
+#define EVP_PKEY_CTRL_GET_RSA_MGF1_MD          (EVP_PKEY_ALG_CTRL + 8)
 
 #define RSA_PKCS1_PADDING      1
 #define RSA_SSLV23_PADDING     2
@@ -257,7 +280,7 @@ struct rsa_st
 
 RSA *  RSA_new(void);
 RSA *  RSA_new_method(ENGINE *engine);
-int    RSA_size(const RSA *);
+int    RSA_size(const RSA *rsa);
 
 /* Deprecated version */
 #ifndef OPENSSL_NO_DEPRECATED
@@ -300,6 +323,16 @@ const RSA_METHOD *RSA_null_method(void);
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
 
+typedef struct rsa_pss_params_st
+       {
+       X509_ALGOR *hashAlgorithm;
+       X509_ALGOR *maskGenAlgorithm;
+       ASN1_INTEGER *saltLength;
+       ASN1_INTEGER *trailerField;
+       } RSA_PSS_PARAMS;
+
+DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
+
 #ifndef OPENSSL_NO_FP_API
 int    RSA_print_fp(FILE *fp, const RSA *r,int offset);
 #endif
@@ -380,6 +413,14 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
                        const unsigned char *mHash,
                        const EVP_MD *Hash, int sLen);
 
+int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
+                       const EVP_MD *Hash, const EVP_MD *mgf1Hash, 
+                       const unsigned char *EM, int sLen);
+
+int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+                       const unsigned char *mHash,
+                       const EVP_MD *Hash, const EVP_MD *mgf1Hash, int sLen);
+
 int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int RSA_set_ex_data(RSA *r,int idx,void *arg);
@@ -388,6 +429,25 @@ void *RSA_get_ex_data(const RSA *r, int idx);
 RSA *RSAPublicKey_dup(RSA *rsa);
 RSA *RSAPrivateKey_dup(RSA *rsa);
 
+/* If this flag is set the RSA method is FIPS compliant and can be used
+ * in FIPS mode. This is set in the validated module method. If an
+ * application sets this flag in its own methods it is its responsibility
+ * to ensure the result is compliant.
+ */
+
+#define RSA_FLAG_FIPS_METHOD                   0x0400
+
+/* If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+#define RSA_FLAG_NON_FIPS_ALLOW                        0x0400
+/* Application has decided PRNG is good enough to generate a key: don't
+ * check.
+ */
+#define RSA_FLAG_CHECKED                       0x0800
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -405,6 +465,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_PKEY_RSA_CTRL                             143
 #define RSA_F_PKEY_RSA_CTRL_STR                                 144
 #define RSA_F_PKEY_RSA_SIGN                             142
+#define RSA_F_PKEY_RSA_VERIFY                           154
 #define RSA_F_PKEY_RSA_VERIFYRECOVER                    141
 #define RSA_F_RSA_BUILTIN_KEYGEN                        129
 #define RSA_F_RSA_CHECK_KEY                             123
@@ -413,6 +474,8 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_EAY_PUBLIC_DECRYPT                    103
 #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT                    104
 #define RSA_F_RSA_GENERATE_KEY                          105
+#define RSA_F_RSA_GENERATE_KEY_EX                       155
+#define RSA_F_RSA_ITEM_VERIFY                           156
 #define RSA_F_RSA_MEMORY_LOCK                           130
 #define RSA_F_RSA_NEW_METHOD                            106
 #define RSA_F_RSA_NULL                                  124
@@ -424,6 +487,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_PADDING_ADD_NONE                      107
 #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP                121
 #define RSA_F_RSA_PADDING_ADD_PKCS1_PSS                         125
+#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1            148
 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1              108
 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2              109
 #define RSA_F_RSA_PADDING_ADD_SSLV23                    110
@@ -436,8 +500,12 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_PADDING_CHECK_X931                    128
 #define RSA_F_RSA_PRINT                                         115
 #define RSA_F_RSA_PRINT_FP                              116
+#define RSA_F_RSA_PRIVATE_DECRYPT                       150
+#define RSA_F_RSA_PRIVATE_ENCRYPT                       151
 #define RSA_F_RSA_PRIV_DECODE                           137
 #define RSA_F_RSA_PRIV_ENCODE                           138
+#define RSA_F_RSA_PUBLIC_DECRYPT                        152
+#define RSA_F_RSA_PUBLIC_ENCRYPT                        153
 #define RSA_F_RSA_PUB_DECODE                            139
 #define RSA_F_RSA_SETUP_BLINDING                        136
 #define RSA_F_RSA_SIGN                                  117
@@ -445,6 +513,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_F_RSA_VERIFY                                119
 #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING              120
 #define RSA_F_RSA_VERIFY_PKCS1_PSS                      126
+#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1                         149
 
 /* Reason codes. */
 #define RSA_R_ALGORITHM_MISMATCH                        100
@@ -470,19 +539,24 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_INVALID_HEADER                            137
 #define RSA_R_INVALID_KEYBITS                           145
 #define RSA_R_INVALID_MESSAGE_LENGTH                    131
+#define RSA_R_INVALID_MGF1_MD                           156
 #define RSA_R_INVALID_PADDING                           138
 #define RSA_R_INVALID_PADDING_MODE                      141
+#define RSA_R_INVALID_PSS_PARAMETERS                    149
 #define RSA_R_INVALID_PSS_SALTLEN                       146
+#define RSA_R_INVALID_SALT_LENGTH                       150
 #define RSA_R_INVALID_TRAILER                           139
 #define RSA_R_INVALID_X931_DIGEST                       142
 #define RSA_R_IQMP_NOT_INVERSE_OF_Q                     126
 #define RSA_R_KEY_SIZE_TOO_SMALL                        120
 #define RSA_R_LAST_OCTET_INVALID                        134
 #define RSA_R_MODULUS_TOO_LARGE                                 105
+#define RSA_R_NON_FIPS_RSA_METHOD                       157
 #define RSA_R_NO_PUBLIC_EXPONENT                        140
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING                         113
 #define RSA_R_N_DOES_NOT_EQUAL_P_Q                      127
 #define RSA_R_OAEP_DECODING_ERROR                       121
+#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE        158
 #define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE  148
 #define RSA_R_PADDING_CHECK_FAILED                      114
 #define RSA_R_P_NOT_PRIME                               128
@@ -493,7 +567,12 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_SSLV3_ROLLBACK_ATTACK                     115
 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
 #define RSA_R_UNKNOWN_ALGORITHM_TYPE                    117
+#define RSA_R_UNKNOWN_MASK_DIGEST                       151
 #define RSA_R_UNKNOWN_PADDING_TYPE                      118
+#define RSA_R_UNKNOWN_PSS_DIGEST                        152
+#define RSA_R_UNSUPPORTED_MASK_ALGORITHM                153
+#define RSA_R_UNSUPPORTED_MASK_PARAMETER                154
+#define RSA_R_UNSUPPORTED_SIGNATURE_TYPE                155
 #define RSA_R_VALUE_MISSING                             147
 #define RSA_R_WRONG_SIGNATURE_LENGTH                    119
 

diff --git a/deps/openssl/openssl/crypto/rsa/rsa_ameth.c b/deps/openssl/openssl/crypto/rsa/rsa_ameth.c
index 8c32098..2460910 100644 (file)
--- a/deps/openssl/openssl/crypto/rsa/rsa_ameth.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_ameth.c
@@ -265,6 +265,147 @@ static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
        return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
        }
 
+static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg,
+                                       X509_ALGOR **pmaskHash)
+       {
+       const unsigned char *p;
+       int plen;
+       RSA_PSS_PARAMS *pss;
+
+       *pmaskHash = NULL;
+
+       if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE)
+               return NULL;
+       p = alg->parameter->value.sequence->data;
+       plen = alg->parameter->value.sequence->length;
+       pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen);
+
+       if (!pss)
+               return NULL;
+       
+       if (pss->maskGenAlgorithm)
+               {
+               ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
+               if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1
+                       && param->type == V_ASN1_SEQUENCE)
+                       {
+                       p = param->value.sequence->data;
+                       plen = param->value.sequence->length;
+                       *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
+                       }
+               }
+
+       return pss;
+       }
+
+static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, 
+                               X509_ALGOR *maskHash, int indent)
+       {
+       int rv = 0;
+       if (!pss)
+               {
+               if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0)
+                       return 0;
+               return 1;
+               }
+       if (BIO_puts(bp, "\n") <= 0)
+               goto err;
+       if (!BIO_indent(bp, indent, 128))
+               goto err;
+       if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
+               goto err;
+
+       if (pss->hashAlgorithm)
+               {
+               if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
+                       goto err;
+               }
+       else if (BIO_puts(bp, "sha1 (default)") <= 0)
+               goto err;
+
+       if (BIO_puts(bp, "\n") <= 0)
+               goto err;
+
+       if (!BIO_indent(bp, indent, 128))
+               goto err;
+
+       if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
+                       goto err;
+       if (pss->maskGenAlgorithm)
+               {
+               if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
+                       goto err;
+               if (BIO_puts(bp, " with ") <= 0)
+                       goto err;
+               if (maskHash)
+                       {
+                       if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
+                       goto err;
+                       }
+               else if (BIO_puts(bp, "INVALID") <= 0)
+                       goto err;
+               }
+       else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0)
+               goto err;
+       BIO_puts(bp, "\n");
+
+       if (!BIO_indent(bp, indent, 128))
+               goto err;
+       if (BIO_puts(bp, "Salt Length: ") <= 0)
+                       goto err;
+       if (pss->saltLength)
+               {
+               if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
+                       goto err;
+               }
+       else if (BIO_puts(bp, "20 (default)") <= 0)
+               goto err;
+       BIO_puts(bp, "\n");
+
+       if (!BIO_indent(bp, indent, 128))
+               goto err;
+       if (BIO_puts(bp, "Trailer Field: ") <= 0)
+                       goto err;
+       if (pss->trailerField)
+               {
+               if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
+                       goto err;
+               }
+       else if (BIO_puts(bp, "0xbc (default)") <= 0)
+               goto err;
+       BIO_puts(bp, "\n");
+       
+       rv = 1;
+
+       err:
+       return rv;
+
+       }
+
+static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
+                                       const ASN1_STRING *sig,
+                                       int indent, ASN1_PCTX *pctx)
+       {
+       if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss)
+               {
+               int rv;
+               RSA_PSS_PARAMS *pss;
+               X509_ALGOR *maskHash;
+               pss = rsa_pss_decode(sigalg, &maskHash);
+               rv = rsa_pss_param_print(bp, pss, maskHash, indent);
+               if (pss)
+                       RSA_PSS_PARAMS_free(pss);
+               if (maskHash)
+                       X509_ALGOR_free(maskHash);
+               if (!rv)
+                       return 0;
+               }
+       else if (!sig && BIO_puts(bp, "\n") <= 0)
+               return 0;
+       if (sig)
+               return X509_signature_dump(bp, sig, indent);
+       return 1;
+       }
 
 static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
        {
@@ -310,6 +451,211 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 
        }
 
+/* Customised RSA item verification routine. This is called 
+ * when a signature is encountered requiring special handling. We 
+ * currently only handle PSS.
+ */
+
+
+static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                       X509_ALGOR *sigalg, ASN1_BIT_STRING *sig,
+                       EVP_PKEY *pkey)
+       {
+       int rv = -1;
+       int saltlen;
+       const EVP_MD *mgf1md = NULL, *md = NULL;
+       RSA_PSS_PARAMS *pss;
+       X509_ALGOR *maskHash;
+       EVP_PKEY_CTX *pkctx;
+       /* Sanity check: make sure it is PSS */
+       if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss)
+               {
+               RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
+               return -1;
+               }
+       /* Decode PSS parameters */
+       pss = rsa_pss_decode(sigalg, &maskHash);
+
+       if (pss == NULL)
+               {
+               RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_PSS_PARAMETERS);
+               goto err;
+               }
+       /* Check mask and lookup mask hash algorithm */
+       if (pss->maskGenAlgorithm)
+               {
+               if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1)
+                       {
+                       RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_MASK_ALGORITHM);
+                       goto err;
+                       }
+               if (!maskHash)
+                       {
+                       RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_MASK_PARAMETER);
+                       goto err;
+                       }
+               mgf1md = EVP_get_digestbyobj(maskHash->algorithm);
+               if (mgf1md == NULL)
+                       {
+                       RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_MASK_DIGEST);
+                       goto err;
+                       }
+               }
+       else
+               mgf1md = EVP_sha1();
+
+       if (pss->hashAlgorithm)
+               {
+               md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm);
+               if (md == NULL)
+                       {
+                       RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_PSS_DIGEST);
+                       goto err;
+                       }
+               }
+       else
+               md = EVP_sha1();
+
+       if (pss->saltLength)
+               {
+               saltlen = ASN1_INTEGER_get(pss->saltLength);
+
+               /* Could perform more salt length sanity checks but the main
+                * RSA routines will trap other invalid values anyway.
+                */
+               if (saltlen < 0)
+                       {
+                       RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_SALT_LENGTH);
+                       goto err;
+                       }
+               }
+       else
+               saltlen = 20;
+
+       /* low-level routines support only trailer field 0xbc (value 1)
+        * and PKCS#1 says we should reject any other value anyway.
+        */
+       if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1)
+               {
+               RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER);
+               goto err;
+               }
+
+       /* We have all parameters now set up context */
+
+       if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
+               goto err;
+
+       if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
+               goto err;
+
+       if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
+               goto err;
+
+       if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
+               goto err;
+       /* Carry on */
+       rv = 2;
+
+       err:
+       RSA_PSS_PARAMS_free(pss);
+       if (maskHash)
+               X509_ALGOR_free(maskHash);
+       return rv;
+       }
+
+static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                               X509_ALGOR *alg1, X509_ALGOR *alg2, 
+                               ASN1_BIT_STRING *sig)
+       {
+       int pad_mode;
+       EVP_PKEY_CTX *pkctx = ctx->pctx;
+       if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
+               return 0;
+       if (pad_mode == RSA_PKCS1_PADDING)
+               return 2;
+       if (pad_mode == RSA_PKCS1_PSS_PADDING)
+               {
+               const EVP_MD *sigmd, *mgf1md;
+               RSA_PSS_PARAMS *pss = NULL;
+               X509_ALGOR *mgf1alg = NULL;
+               ASN1_STRING *os1 = NULL, *os2 = NULL;
+               EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
+               int saltlen, rv = 0;
+               sigmd = EVP_MD_CTX_md(ctx);
+               if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
+                       goto err;
+               if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
+                       goto err;
+               if (saltlen == -1)
+                       saltlen = EVP_MD_size(sigmd);
+               else if (saltlen == -2)
+                       {
+                       saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
+                       if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
+                               saltlen--;
+                       }
+               pss = RSA_PSS_PARAMS_new();
+               if (!pss)
+                       goto err;
+               if (saltlen != 20)
+                       {
+                       pss->saltLength = ASN1_INTEGER_new();
+                       if (!pss->saltLength)
+                               goto err;
+                       if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
+                               goto err;
+                       }
+               if (EVP_MD_type(sigmd) != NID_sha1)
+                       {
+                       pss->hashAlgorithm = X509_ALGOR_new();
+                       if (!pss->hashAlgorithm)
+                               goto err;
+                       X509_ALGOR_set_md(pss->hashAlgorithm, sigmd);
+                       }
+               if (EVP_MD_type(mgf1md) != NID_sha1)
+                       {
+                       ASN1_STRING *stmp = NULL;
+                       /* need to embed algorithm ID inside another */
+                       mgf1alg = X509_ALGOR_new();
+                       X509_ALGOR_set_md(mgf1alg, mgf1md);
+                       if (!ASN1_item_pack(mgf1alg, ASN1_ITEM_rptr(X509_ALGOR),
+                                                                       &stmp))
+                                       goto err;
+                       pss->maskGenAlgorithm = X509_ALGOR_new();
+                       if (!pss->maskGenAlgorithm)
+                               goto err;
+                       X509_ALGOR_set0(pss->maskGenAlgorithm,
+                                       OBJ_nid2obj(NID_mgf1),
+                                       V_ASN1_SEQUENCE, stmp);
+                       }
+               /* Finally create string with pss parameter encoding. */
+               if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os1))
+                       goto err;
+               if (alg2)
+                       {
+                       os2 = ASN1_STRING_dup(os1);
+                       if (!os2)
+                               goto err;
+                       X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
+                                               V_ASN1_SEQUENCE, os2);
+                       }
+               X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
+                                       V_ASN1_SEQUENCE, os1);
+               os1 = os2 = NULL;
+               rv = 3;
+               err:
+               if (mgf1alg)
+                       X509_ALGOR_free(mgf1alg);
+               if (pss)
+                       RSA_PSS_PARAMS_free(pss);
+               if (os1)
+                       ASN1_STRING_free(os1);
+               return rv;
+               
+               }
+       return 2;
+       }
 
 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = 
        {
@@ -335,10 +681,13 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] =
 
                0,0,0,0,0,0,
 
+               rsa_sig_print,
                int_rsa_free,
                rsa_pkey_ctrl,
                old_rsa_priv_decode,
-               old_rsa_priv_encode
+               old_rsa_priv_encode,
+               rsa_item_verify,
+               rsa_item_sign
                },
 
                {

diff --git a/deps/openssl/openssl/crypto/rsa/rsa_asn1.c b/deps/openssl/openssl/crypto/rsa/rsa_asn1.c
index 4efca8c..6ed5de3 100644 (file)
--- a/deps/openssl/openssl/crypto/rsa/rsa_asn1.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_asn1.c
@@ -60,6 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
+#include <openssl/x509.h>
 #include <openssl/asn1t.h>
 
 /* Override the default free and new methods */
@@ -96,6 +97,15 @@ ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
        ASN1_SIMPLE(RSA, e, BIGNUM),
 } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
 
+ASN1_SEQUENCE(RSA_PSS_PARAMS) = {
+       ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),
+       ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),
+       ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),
+       ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3)
+} ASN1_SEQUENCE_END(RSA_PSS_PARAMS)
+
+IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
+
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey)
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey)

diff --git a/deps/openssl/openssl/crypto/rsa/rsa_eay.c b/deps/openssl/openssl/crypto/rsa/rsa_eay.c
index 2e1ddd4..88ee2cb 100644 (file)
--- a/deps/openssl/openssl/crypto/rsa/rsa_eay.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_eay.c
@@ -847,12 +847,12 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
        if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
 
        /* If p < q it is occasionally possible for the correction of
-         * adding 'p' if r0 is negative above to leave the result still
+        * adding 'p' if r0 is negative above to leave the result still
         * negative. This can break the private key operations: the following
         * second correction should *always* correct this rare occurrence.
         * This will *never* happen with OpenSSL generated keys because
-         * they ensure p > q [steve]
-         */
+        * they ensure p > q [steve]
+        */
        if (BN_is_negative(r0))
                if (!BN_add(r0,r0,rsa->p)) goto err;
        if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;

diff --git a/deps/openssl/openssl/crypto/rsa/rsa_err.c b/deps/openssl/openssl/crypto/rsa/rsa_err.c
index cf9f110..46e0bf9 100644 (file)
--- a/deps/openssl/openssl/crypto/rsa/rsa_err.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
 /* crypto/rsa/rsa_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -78,6 +78,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_FUNC(RSA_F_PKEY_RSA_CTRL),        "PKEY_RSA_CTRL"},
 {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR),    "PKEY_RSA_CTRL_STR"},
 {ERR_FUNC(RSA_F_PKEY_RSA_SIGN),        "PKEY_RSA_SIGN"},
+{ERR_FUNC(RSA_F_PKEY_RSA_VERIFY),      "PKEY_RSA_VERIFY"},
 {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER),       "PKEY_RSA_VERIFYRECOVER"},
 {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN),   "RSA_BUILTIN_KEYGEN"},
 {ERR_FUNC(RSA_F_RSA_CHECK_KEY),        "RSA_check_key"},
@@ -86,6 +87,8 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT),       "RSA_EAY_PUBLIC_DECRYPT"},
 {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT),       "RSA_EAY_PUBLIC_ENCRYPT"},
 {ERR_FUNC(RSA_F_RSA_GENERATE_KEY),     "RSA_generate_key"},
+{ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX),  "RSA_generate_key_ex"},
+{ERR_FUNC(RSA_F_RSA_ITEM_VERIFY),      "RSA_ITEM_VERIFY"},
 {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK),      "RSA_memory_lock"},
 {ERR_FUNC(RSA_F_RSA_NEW_METHOD),       "RSA_new_method"},
 {ERR_FUNC(RSA_F_RSA_NULL),     "RSA_NULL"},
@@ -97,6 +100,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),   "RSA_padding_add_PKCS1_OAEP"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS),    "RSA_padding_add_PKCS1_PSS"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1),       "RSA_padding_add_PKCS1_PSS_mgf1"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23),       "RSA_padding_add_SSLv23"},
@@ -109,8 +113,12 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931),       "RSA_padding_check_X931"},
 {ERR_FUNC(RSA_F_RSA_PRINT),    "RSA_print"},
 {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
+{ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT),  "RSA_private_decrypt"},
+{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT),  "RSA_private_encrypt"},
 {ERR_FUNC(RSA_F_RSA_PRIV_DECODE),      "RSA_PRIV_DECODE"},
 {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE),      "RSA_PRIV_ENCODE"},
+{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT),   "RSA_public_decrypt"},
+{ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT),   "RSA_public_encrypt"},
 {ERR_FUNC(RSA_F_RSA_PUB_DECODE),       "RSA_PUB_DECODE"},
 {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING),   "RSA_setup_blinding"},
 {ERR_FUNC(RSA_F_RSA_SIGN),     "RSA_sign"},
@@ -118,6 +126,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_FUNC(RSA_F_RSA_VERIFY),   "RSA_verify"},
 {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"},
 {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"},
+{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1),    "RSA_verify_PKCS1_PSS_mgf1"},
 {0,NULL}
        };
 
@@ -146,19 +155,24 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_INVALID_HEADER)        ,"invalid header"},
 {ERR_REASON(RSA_R_INVALID_KEYBITS)       ,"invalid keybits"},
 {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
+{ERR_REASON(RSA_R_INVALID_MGF1_MD)       ,"invalid mgf1 md"},
 {ERR_REASON(RSA_R_INVALID_PADDING)       ,"invalid padding"},
 {ERR_REASON(RSA_R_INVALID_PADDING_MODE)  ,"invalid padding mode"},
+{ERR_REASON(RSA_R_INVALID_PSS_PARAMETERS),"invalid pss parameters"},
 {ERR_REASON(RSA_R_INVALID_PSS_SALTLEN)   ,"invalid pss saltlen"},
+{ERR_REASON(RSA_R_INVALID_SALT_LENGTH)   ,"invalid salt length"},
 {ERR_REASON(RSA_R_INVALID_TRAILER)       ,"invalid trailer"},
 {ERR_REASON(RSA_R_INVALID_X931_DIGEST)   ,"invalid x931 digest"},
 {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
 {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
 {ERR_REASON(RSA_R_LAST_OCTET_INVALID)    ,"last octet invalid"},
 {ERR_REASON(RSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
+{ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD)   ,"non fips rsa method"},
 {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT)    ,"no public exponent"},
 {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
 {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},
 {ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
+{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
 {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
 {ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
 {ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
@@ -169,7 +183,12 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"},
 {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
 {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
+{ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST)   ,"unknown mask digest"},
 {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  ,"unknown padding type"},
+{ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST)    ,"unknown pss digest"},
+{ERR_REASON(RSA_R_UNSUPPORTED_MASK_ALGORITHM),"unsupported mask algorithm"},
+{ERR_REASON(RSA_R_UNSUPPORTED_MASK_PARAMETER),"unsupported mask parameter"},
+{ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE),"unsupported signature type"},
 {ERR_REASON(RSA_R_VALUE_MISSING)         ,"value missing"},
 {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
 {0,NULL}

diff --git a/deps/openssl/openssl/crypto/rsa/rsa_gen.c b/deps/openssl/openssl/crypto/rsa/rsa_gen.c
index 767f7ab..42290cc 100644 (file)
--- a/deps/openssl/openssl/crypto/rsa/rsa_gen.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_gen.c
@@ -67,6 +67,9 @@
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
 
@@ -77,8 +80,20 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
  * now just because key-generation is part of RSA_METHOD. */
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
        {
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+               {
+               RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
+               return 0;
+               }
+#endif
        if(rsa->meth->rsa_keygen)
                return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode())
+               return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
+#endif
        return rsa_builtin_keygen(rsa, bits, e_value, cb);
        }
 

diff --git a/deps/openssl/openssl/crypto/rsa/rsa_lib.c b/deps/openssl/openssl/crypto/rsa/rsa_lib.c
index de45088..c95ceaf 100644 (file)
--- a/deps/openssl/openssl/crypto/rsa/rsa_lib.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_lib.c
@@ -67,6 +67,10 @@
 #include <openssl/engine.h>
 #endif
 
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
+
 const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
 
 static const RSA_METHOD *default_RSA_meth=NULL;
@@ -87,12 +91,15 @@ const RSA_METHOD *RSA_get_default_method(void)
        {
        if (default_RSA_meth == NULL)
                {
+#ifdef OPENSSL_FIPS
+               if (FIPS_mode())
+                       return FIPS_rsa_pkcs1_ssleay();
+               else
+                       return RSA_PKCS1_SSLeay();
+#else
 #ifdef RSA_NULL
                default_RSA_meth=RSA_null_method();
 #else
-#if 0 /* was: #ifdef RSAref */
-               default_RSA_meth=RSA_PKCS1_RSAref();
-#else
                default_RSA_meth=RSA_PKCS1_SSLeay();
 #endif
 #endif
@@ -181,7 +188,7 @@ RSA *RSA_new_method(ENGINE *engine)
        ret->blinding=NULL;
        ret->mt_blinding=NULL;
        ret->bignum_data=NULL;
-       ret->flags=ret->meth->flags;
+       ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
                {
 #ifndef OPENSSL_NO_ENGINE
@@ -280,163 +287,6 @@ void *RSA_get_ex_data(const RSA *r, int idx)
        return(CRYPTO_get_ex_data(&r->ex_data,idx));
        }
 
-int RSA_size(const RSA *r)
-       {
-       return(BN_num_bytes(r->n));
-       }
-
-int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
-            RSA *rsa, int padding)
-       {
-       return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
-       }
-
-int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
-            RSA *rsa, int padding)
-       {
-       return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
-       }
-
-int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
-            RSA *rsa, int padding)
-       {
-       return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
-       }
-
-int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
-            RSA *rsa, int padding)
-       {
-       return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
-       }
-
-int RSA_flags(const RSA *r)
-       {
-       return((r == NULL)?0:r->meth->flags);
-       }
-
-void RSA_blinding_off(RSA *rsa)
-       {
-       if (rsa->blinding != NULL)
-               {
-               BN_BLINDING_free(rsa->blinding);
-               rsa->blinding=NULL;
-               }
-       rsa->flags &= ~RSA_FLAG_BLINDING;
-       rsa->flags |= RSA_FLAG_NO_BLINDING;
-       }
-
-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
-       {
-       int ret=0;
-
-       if (rsa->blinding != NULL)
-               RSA_blinding_off(rsa);
-
-       rsa->blinding = RSA_setup_blinding(rsa, ctx);
-       if (rsa->blinding == NULL)
-               goto err;
-
-       rsa->flags |= RSA_FLAG_BLINDING;
-       rsa->flags &= ~RSA_FLAG_NO_BLINDING;
-       ret=1;
-err:
-       return(ret);
-       }
-
-static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
-       const BIGNUM *q, BN_CTX *ctx)
-{
-       BIGNUM *ret = NULL, *r0, *r1, *r2;
-
-       if (d == NULL || p == NULL || q == NULL)
-               return NULL;
-
-       BN_CTX_start(ctx);
-       r0 = BN_CTX_get(ctx);
-       r1 = BN_CTX_get(ctx);
-       r2 = BN_CTX_get(ctx);
-       if (r2 == NULL)
-               goto err;
-
-       if (!BN_sub(r1, p, BN_value_one())) goto err;
-       if (!BN_sub(r2, q, BN_value_one())) goto err;
-       if (!BN_mul(r0, r1, r2, ctx)) goto err;
-
-       ret = BN_mod_inverse(NULL, d, r0, ctx);
-err:
-       BN_CTX_end(ctx);
-       return ret;
-}
-
-BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
-{
-       BIGNUM local_n;
-       BIGNUM *e,*n;
-       BN_CTX *ctx;
-       BN_BLINDING *ret = NULL;
-
-       if (in_ctx == NULL)
-               {
-               if ((ctx = BN_CTX_new()) == NULL) return 0;
-               }
-       else
-               ctx = in_ctx;
-
-       BN_CTX_start(ctx);
-       e  = BN_CTX_get(ctx);
-       if (e == NULL)
-               {
-               RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
-               goto err;
-               }
-
-       if (rsa->e == NULL)
-               {
-               e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
-               if (e == NULL)
-                       {
-                       RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
-                       goto err;
-                       }
-               }
-       else
-               e = rsa->e;
-
-       
-       if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
-               {
-               /* if PRNG is not properly seeded, resort to secret
-                * exponent as unpredictable seed */
-               RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
-               }
-
-       if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-               {
-               /* Set BN_FLG_CONSTTIME flag */
-               n = &local_n;
-               BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
-               }
-       else
-               n = rsa->n;
-
-       ret = BN_BLINDING_create_param(NULL, e, n, ctx,
-                       rsa->meth->bn_mod_exp, rsa->_method_mod_n);
-       if (ret == NULL)
-               {
-               RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
-               goto err;
-               }
-       CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
-err:
-       BN_CTX_end(ctx);
-       if (in_ctx == NULL)
-               BN_CTX_free(ctx);
-       if(rsa->e == NULL)
-               BN_free(e);
-
-       return ret;
-}
-
 int RSA_memory_lock(RSA *r)
        {
        int i,j,k,off;

diff --git a/deps/openssl/openssl/crypto/rsa/rsa_oaep.c b/deps/openssl/openssl/crypto/rsa/rsa_oaep.c
index 18d307e..af4d24a 100644 (file)
--- a/deps/openssl/openssl/crypto/rsa/rsa_oaep.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_oaep.c
@@ -56,7 +56,8 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
        seed = to + 1;
        db = to + SHA_DIGEST_LENGTH + 1;
 
-       EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL);
+       if (!EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL))
+               return 0;
        memset(db + SHA_DIGEST_LENGTH, 0,
                emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
        db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
@@ -145,9 +146,10 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
        for (i = 0; i < dblen; i++)
                db[i] ^= maskeddb[i];
 
-       EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
+       if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))
+               return -1;
 
-       if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+       if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
                goto decoding_err;
        else
                {

diff --git a/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c b/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c
index c6892ec..5b2ecf5 100644 (file)
--- a/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c
@@ -63,6 +63,12 @@
 #include <openssl/rsa.h>
 #include <openssl/bn.h>
 #include <openssl/evp.h>
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 #include "evp_locl.h"
 #include "rsa_locl.h"
 
@@ -79,6 +85,8 @@ typedef struct
        int pad_mode;
        /* message digest */
        const EVP_MD *md;
+       /* message digest for MGF1 */
+       const EVP_MD *mgf1md;
        /* PSS/OAEP salt length */
        int saltlen;
        /* Temp buffer */
@@ -95,6 +103,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
        rctx->pub_exp = NULL;
        rctx->pad_mode = RSA_PKCS1_PADDING;
        rctx->md = NULL;
+       rctx->mgf1md = NULL;
        rctx->tbuf = NULL;
 
        rctx->saltlen = -2;
@@ -147,6 +156,31 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
                OPENSSL_free(rctx);
                }
        }
+#ifdef OPENSSL_FIPS
+/* FIP checker. Return value indicates status of context parameters:
+ * 1  : redirect to FIPS.
+ * 0  : don't redirect to FIPS.
+ * -1 : illegal operation in FIPS mode.
+ */
+
+static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx)
+       {
+       RSA_PKEY_CTX *rctx = ctx->data;
+       RSA *rsa = ctx->pkey->pkey.rsa;
+       int rv = -1;
+       if (!FIPS_mode())
+               return 0;
+       if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
+               rv = 0;
+       if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
+               return -1;
+       if (rctx->md && !(rctx->md->flags & EVP_MD_FLAG_FIPS))
+               return rv;
+       if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS))
+               return rv;
+       return 1;
+       }
+#endif
 
 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                                        const unsigned char *tbs, size_t tbslen)
@@ -155,6 +189,15 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
        RSA_PKEY_CTX *rctx = ctx->data;
        RSA *rsa = ctx->pkey->pkey.rsa;
 
+#ifdef OPENSSL_FIPS
+       ret = pkey_fips_check_ctx(ctx);
+       if (ret < 0)
+               {
+               RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+               return -1;
+               }
+#endif
+
        if (rctx->md)
                {
                if (tbslen != (size_t)EVP_MD_size(rctx->md))
@@ -163,7 +206,36 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                                        RSA_R_INVALID_DIGEST_LENGTH);
                        return -1;
                        }
-               if (rctx->pad_mode == RSA_X931_PADDING)
+#ifdef OPENSSL_FIPS
+               if (ret > 0)
+                       {
+                       unsigned int slen;
+                       ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
+                                                       rctx->pad_mode,
+                                                       rctx->saltlen,
+                                                       rctx->mgf1md,
+                                                       sig, &slen);
+                       if (ret > 0)
+                               *siglen = slen;
+                       else
+                               *siglen = 0;
+                       return ret;
+                       }
+#endif
+
+               if (EVP_MD_type(rctx->md) == NID_mdc2)
+                       {
+                       unsigned int sltmp;
+                       if (rctx->pad_mode != RSA_PKCS1_PADDING)
+                               return -1;
+                       ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,
+                                               tbs, tbslen, sig, &sltmp, rsa);
+
+                       if (ret <= 0)
+                               return ret;
+                       ret = sltmp;
+                       }
+               else if (rctx->pad_mode == RSA_X931_PADDING)
                        {
                        if (!setup_tbuf(rctx, ctx))
                                return -1;
@@ -186,8 +258,10 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
                        {
                        if (!setup_tbuf(rctx, ctx))
                                return -1;
-                       if (!RSA_padding_add_PKCS1_PSS(rsa, rctx->tbuf, tbs,
-                                               rctx->md, rctx->saltlen))
+                       if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
+                                               rctx->tbuf, tbs,
+                                               rctx->md, rctx->mgf1md,
+                                               rctx->saltlen))
                                return -1;
                        ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
                                                sig, rsa, RSA_NO_PADDING);
@@ -269,8 +343,30 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
        RSA_PKEY_CTX *rctx = ctx->data;
        RSA *rsa = ctx->pkey->pkey.rsa;
        size_t rslen;
+#ifdef OPENSSL_FIPS
+       int rv;
+       rv = pkey_fips_check_ctx(ctx);
+       if (rv < 0)
+               {
+               RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+               return -1;
+               }
+#endif
        if (rctx->md)
                {
+#ifdef OPENSSL_FIPS
+               if (rv > 0)
+                       {
+                       return FIPS_rsa_verify_digest(rsa,
+                                                       tbs, tbslen,
+                                                       rctx->md,
+                                                       rctx->pad_mode,
+                                                       rctx->saltlen,
+                                                       rctx->mgf1md,
+                                                       sig, siglen);
+                                                       
+                       }
+#endif
                if (rctx->pad_mode == RSA_PKCS1_PADDING)
                        return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
                                        sig, siglen, rsa);
@@ -289,7 +385,8 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
                                                        rsa, RSA_NO_PADDING);
                        if (ret <= 0)
                                return 0;
-                       ret = RSA_verify_PKCS1_PSS(rsa, tbs, rctx->md,
+                       ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
+                                               rctx->md, rctx->mgf1md,
                                                rctx->tbuf, rctx->saltlen);
                        if (ret <= 0)
                                return 0;
@@ -403,15 +500,25 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                                RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
                return -2;
 
+               case EVP_PKEY_CTRL_GET_RSA_PADDING:
+               *(int *)p2 = rctx->pad_mode;
+               return 1;
+
                case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
-               if (p1 < -2)
-                       return -2;
+               case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
                if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
                        {
                        RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
                        return -2;
                        }
-               rctx->saltlen = p1;
+               if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
+                       *(int *)p2 = rctx->saltlen;
+               else
+                       {
+                       if (p1 < -2)
+                               return -2;
+                       rctx->saltlen = p1;
+                       }
                return 1;
 
                case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
@@ -435,16 +542,45 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                rctx->md = p2;
                return 1;
 
+               case EVP_PKEY_CTRL_RSA_MGF1_MD:
+               case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
+               if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
+                       {
+                       RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
+                       return -2;
+                       }
+               if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD)
+                       {
+                       if (rctx->mgf1md)
+                               *(const EVP_MD **)p2 = rctx->mgf1md;
+                       else
+                               *(const EVP_MD **)p2 = rctx->md;
+                       }
+               else
+                       rctx->mgf1md = p2;
+               return 1;
+
                case EVP_PKEY_CTRL_DIGESTINIT:
                case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
                case EVP_PKEY_CTRL_PKCS7_DECRYPT:
                case EVP_PKEY_CTRL_PKCS7_SIGN:
+               return 1;
 #ifndef OPENSSL_NO_CMS
-               case EVP_PKEY_CTRL_CMS_ENCRYPT:
                case EVP_PKEY_CTRL_CMS_DECRYPT:
+               {
+               X509_ALGOR *alg = NULL;
+               ASN1_OBJECT *encalg = NULL;
+               if (p2)
+                       CMS_RecipientInfo_ktri_get0_algs(p2, NULL, NULL, &alg);
+               if (alg)
+                       X509_ALGOR_get0(&encalg, NULL, NULL, alg);
+               if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
+                       rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
+               }
+               case EVP_PKEY_CTRL_CMS_ENCRYPT:
                case EVP_PKEY_CTRL_CMS_SIGN:
-#endif
                return 1;
+#endif
                case EVP_PKEY_CTRL_PEER_KEY:
                        RSAerr(RSA_F_PKEY_RSA_CTRL,
                        RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);

diff --git a/deps/openssl/openssl/crypto/rsa/rsa_pss.c b/deps/openssl/openssl/crypto/rsa/rsa_pss.c
index ac211e2..5f9f533 100644 (file)
--- a/deps/openssl/openssl/crypto/rsa/rsa_pss.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_pss.c
@@ -73,6 +73,13 @@ static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
 int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
                        const EVP_MD *Hash, const unsigned char *EM, int sLen)
        {
+       return RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, Hash, NULL, EM, sLen);
+       }
+
+int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
+                       const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+                       const unsigned char *EM, int sLen)
+       {
        int i;
        int ret = 0;
        int hLen, maskedDBLen, MSBits, emLen;
@@ -80,6 +87,10 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
        unsigned char *DB = NULL;
        EVP_MD_CTX ctx;
        unsigned char H_[EVP_MAX_MD_SIZE];
+       EVP_MD_CTX_init(&ctx);
+
+       if (mgf1Hash == NULL)
+               mgf1Hash = Hash;
 
        hLen = EVP_MD_size(Hash);
        if (hLen < 0)
@@ -94,7 +105,7 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
        else if (sLen == -2)    sLen = -2;
        else if (sLen < -2)
                {
-               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
                goto err;
                }
 
@@ -102,7 +113,7 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
        emLen = RSA_size(rsa);
        if (EM[0] & (0xFF << MSBits))
                {
-               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID);
+               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_FIRST_OCTET_INVALID);
                goto err;
                }
        if (MSBits == 0)
@@ -112,12 +123,12 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
                }
        if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */
                {
-               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE);
+               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
                goto err;
                }
        if (EM[emLen - 1] != 0xbc)
                {
-               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
+               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_LAST_OCTET_INVALID);
                goto err;
                }
        maskedDBLen = emLen - hLen - 1;
@@ -125,10 +136,10 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
        DB = OPENSSL_malloc(maskedDBLen);
        if (!DB)
                {
-               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
+               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, ERR_R_MALLOC_FAILURE);
                goto err;
                }
-       if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash) < 0)
+       if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0)
                goto err;
        for (i = 0; i < maskedDBLen; i++)
                DB[i] ^= EM[i];
@@ -137,25 +148,28 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
        for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ;
        if (DB[i++] != 0x1)
                {
-               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED);
+               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_RECOVERY_FAILED);
                goto err;
                }
        if (sLen >= 0 && (maskedDBLen - i) != sLen)
                {
-               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
                goto err;
                }
-       EVP_MD_CTX_init(&ctx);
-       EVP_DigestInit_ex(&ctx, Hash, NULL);
-       EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
-       EVP_DigestUpdate(&ctx, mHash, hLen);
+       if (!EVP_DigestInit_ex(&ctx, Hash, NULL)
+               || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes)
+               || !EVP_DigestUpdate(&ctx, mHash, hLen))
+               goto err;
        if (maskedDBLen - i)
-               EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i);
-       EVP_DigestFinal(&ctx, H_, NULL);
-       EVP_MD_CTX_cleanup(&ctx);
+               {
+               if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i))
+                       goto err;
+               }
+       if (!EVP_DigestFinal_ex(&ctx, H_, NULL))
+               goto err;
        if (memcmp(H_, H, hLen))
                {
-               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE);
+               RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE);
                ret = 0;
                }
        else 
@@ -164,6 +178,7 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
        err:
        if (DB)
                OPENSSL_free(DB);
+       EVP_MD_CTX_cleanup(&ctx);
 
        return ret;
 
@@ -173,12 +188,22 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
                        const unsigned char *mHash,
                        const EVP_MD *Hash, int sLen)
        {
+       return RSA_padding_add_PKCS1_PSS_mgf1(rsa, EM, mHash, Hash, NULL, sLen);
+       }
+
+int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+                       const unsigned char *mHash,
+                       const EVP_MD *Hash, const EVP_MD *mgf1Hash, int sLen)
+       {
        int i;
        int ret = 0;
        int hLen, maskedDBLen, MSBits, emLen;
        unsigned char *H, *salt = NULL, *p;
        EVP_MD_CTX ctx;
 
+       if (mgf1Hash == NULL)
+               mgf1Hash = Hash;
+
        hLen = EVP_MD_size(Hash);
        if (hLen < 0)
                goto err;
@@ -192,7 +217,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
        else if (sLen == -2)    sLen = -2;
        else if (sLen < -2)
                {
-               RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+               RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
                goto err;
                }
 
@@ -209,8 +234,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
                }
        else if (emLen < (hLen + sLen + 2))
                {
-               RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
-                  RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+               RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                goto err;
                }
        if (sLen > 0)
@@ -218,8 +242,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
                salt = OPENSSL_malloc(sLen);
                if (!salt)
                        {
-                       RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
-                               ERR_R_MALLOC_FAILURE);
+                       RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,ERR_R_MALLOC_FAILURE);
                        goto err;
                        }
                if (RAND_bytes(salt, sLen) <= 0)
@@ -228,16 +251,18 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
        maskedDBLen = emLen - hLen - 1;
        H = EM + maskedDBLen;
        EVP_MD_CTX_init(&ctx);
-       EVP_DigestInit_ex(&ctx, Hash, NULL);
-       EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
-       EVP_DigestUpdate(&ctx, mHash, hLen);
-       if (sLen)
-               EVP_DigestUpdate(&ctx, salt, sLen);
-       EVP_DigestFinal(&ctx, H, NULL);
+       if (!EVP_DigestInit_ex(&ctx, Hash, NULL)
+               || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes)
+               || !EVP_DigestUpdate(&ctx, mHash, hLen))
+               goto err;
+       if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen))
+               goto err;
+       if (!EVP_DigestFinal_ex(&ctx, H, NULL))
+               goto err;
        EVP_MD_CTX_cleanup(&ctx);
 
        /* Generate dbMask in place then perform XOR on it */
-       if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash))
+       if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
                goto err;
 
        p = EM;

diff --git a/deps/openssl/openssl/crypto/rsa/rsa_sign.c b/deps/openssl/openssl/crypto/rsa/rsa_sign.c
index 0be4ec7..b6f6037 100644 (file)
--- a/deps/openssl/openssl/crypto/rsa/rsa_sign.c
+++ b/deps/openssl/openssl/crypto/rsa/rsa_sign.c
@@ -77,6 +77,14 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
        const unsigned char *s = NULL;
        X509_ALGOR algor;
        ASN1_OCTET_STRING digest;
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+               {
+               RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD);
+               return 0;
+               }
+#endif
        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
                {
                return rsa->meth->rsa_sign(type, m, m_len,
@@ -153,6 +161,15 @@ int int_rsa_verify(int dtype, const unsigned char *m,
        unsigned char *s;
        X509_SIG *sig=NULL;
 
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+                       && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
+               {
+               RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD);
+               return 0;
+               }
+#endif
+
        if (siglen != (unsigned int)RSA_size(rsa))
                {
                RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
@@ -182,6 +199,22 @@ int int_rsa_verify(int dtype, const unsigned char *m,
        i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
 
        if (i <= 0) goto err;
+       /* Oddball MDC2 case: signature can be OCTET STRING.
+        * check for correct tag and length octets.
+        */
+       if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10)
+               {
+               if (rm)
+                       {
+                       memcpy(rm, s + 2, 16);
+                       *prm_len = 16;
+                       ret = 1;
+                       }
+               else if(memcmp(m, s + 2, 16))
+                       RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+               else
+                       ret = 1;
+               }
 
        /* Special case: SSL signature */
        if(dtype == NID_md5_sha1) {

diff --git a/deps/openssl/openssl/crypto/s390xcap.c b/deps/openssl/openssl/crypto/s390xcap.c
index ffbe023..f2e94ef 100644 (file)
--- a/deps/openssl/openssl/crypto/s390xcap.c
+++ b/deps/openssl/openssl/crypto/s390xcap.c
@@ -4,7 +4,7 @@
 #include <setjmp.h>
 #include <signal.h>
 
-extern unsigned long OPENSSL_s390xcap_P;
+extern unsigned long OPENSSL_s390xcap_P[];
 
 static sigjmp_buf ill_jmp;
 static void ill_handler (int sig) { siglongjmp(ill_jmp,sig); }
@@ -16,7 +16,9 @@ void OPENSSL_cpuid_setup(void)
        sigset_t oset;
        struct sigaction ill_act,oact;
 
-       if (OPENSSL_s390xcap_P) return;
+       if (OPENSSL_s390xcap_P[0]) return;
+
+       OPENSSL_s390xcap_P[0] = 1UL<<(8*sizeof(unsigned long)-1);
 
        memset(&ill_act,0,sizeof(ill_act));
        ill_act.sa_handler = ill_handler;
@@ -27,10 +29,8 @@ void OPENSSL_cpuid_setup(void)
        sigaction (SIGILL,&ill_act,&oact);
 
        /* protection against missing store-facility-list-extended */
-       if (sigsetjmp(ill_jmp,0) == 0)
-               OPENSSL_s390xcap_P = OPENSSL_s390x_facilities();
-       else
-               OPENSSL_s390xcap_P = 1UL<<63;
+       if (sigsetjmp(ill_jmp,1) == 0)
+               OPENSSL_s390x_facilities();
 
        sigaction (SIGILL,&oact,NULL);
        sigprocmask(SIG_SETMASK,&oset,NULL);

diff --git a/deps/openssl/openssl/crypto/s390xcpuid.S b/deps/openssl/openssl/crypto/s390xcpuid.S
index b053c6a..0681534 100644 (file)
--- a/deps/openssl/openssl/crypto/s390xcpuid.S
+++ b/deps/openssl/openssl/crypto/s390xcpuid.S
@@ -5,10 +5,14 @@
 .align 16
 OPENSSL_s390x_facilities:
        lghi    %r0,0
-       .long   0xb2b0f010      # stfle 16(%r15)
-       lg      %r2,16(%r15)
-       larl    %r1,OPENSSL_s390xcap_P
-       stg     %r2,0(%r1)
+       larl    %r2,OPENSSL_s390xcap_P
+       stg     %r0,8(%r2)
+       .long   0xb2b02000      # stfle 0(%r2)
+       brc     8,.Ldone
+       lghi    %r0,1
+       .long   0xb2b02000      # stfle 0(%r2)
+.Ldone:
+       lg      %r2,0(%r2)
        br      %r14
 .size  OPENSSL_s390x_facilities,.-OPENSSL_s390x_facilities
 
@@ -58,6 +62,9 @@ OPENSSL_wipe_cpu:
 .type  OPENSSL_cleanse,@function
 .align 16
 OPENSSL_cleanse:
+#if !defined(__s390x__) && !defined(__s390x)
+       llgfr   %r3,%r3
+#endif
        lghi    %r4,15
        lghi    %r0,0
        clgr    %r3,%r4
@@ -89,4 +96,4 @@ OPENSSL_cleanse:
 .section       .init
        brasl   %r14,OPENSSL_cpuid_setup
 
-.comm  OPENSSL_s390xcap_P,8,8
+.comm  OPENSSL_s390xcap_P,16,8

diff --git a/deps/openssl/openssl/crypto/seed/seed.c b/deps/openssl/openssl/crypto/seed/seed.c
index 2bc384a..3e675a8 100644 (file)
--- a/deps/openssl/openssl/crypto/seed/seed.c
+++ b/deps/openssl/openssl/crypto/seed/seed.c
@@ -32,9 +32,14 @@
 #include <memory.h>
 #endif
 
+#include <openssl/crypto.h>
 #include <openssl/seed.h>
 #include "seed_locl.h"
 
+#ifdef SS      /* can get defined on Solaris by inclusion of <stdlib.h> */
+#undef SS
+#endif
+
 static const seed_word SS[4][256] = {  {
        0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
        0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c, 0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
@@ -192,8 +197,14 @@ static const seed_word KC[] = {
        KC0,    KC1,    KC2,    KC3,    KC4,    KC5,    KC6,    KC7,
        KC8,    KC9,    KC10,   KC11,   KC12,   KC13,   KC14,   KC15    };
 #endif
-
 void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
+#ifdef OPENSSL_FIPS
+       {
+       fips_cipher_abort(SEED);
+       private_SEED_set_key(rawkey, ks);
+       }
+void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks)
+#endif
 {
        seed_word x1, x2, x3, x4;
        seed_word t0, t1;

diff --git a/deps/openssl/openssl/crypto/seed/seed.h b/deps/openssl/openssl/crypto/seed/seed.h
index 6ffa5f0..c50fdd3 100644 (file)
--- a/deps/openssl/openssl/crypto/seed/seed.h
+++ b/deps/openssl/openssl/crypto/seed/seed.h
@@ -116,7 +116,9 @@ typedef struct seed_key_st {
 #endif
 } SEED_KEY_SCHEDULE;
 
-
+#ifdef OPENSSL_FIPS
+void private_SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
+#endif
 void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], SEED_KEY_SCHEDULE *ks);
 
 void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], unsigned char d[SEED_BLOCK_SIZE], const SEED_KEY_SCHEDULE *ks);

diff --git a/deps/openssl/openssl/crypto/sha/Makefile b/deps/openssl/openssl/crypto/sha/Makefile
index e6eccb0..6d191d3 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/Makefile
+++ b/deps/openssl/openssl/crypto/sha/Makefile
@@ -56,8 +56,11 @@ sha256-ia64.s: asm/sha512-ia64.pl
 sha512-ia64.s: asm/sha512-ia64.pl
        (cd asm; $(PERL) sha512-ia64.pl ../$@ $(CFLAGS))
 
-sha256-armv4.s: asm/sha256-armv4.pl
-       $(PERL) $< $@
+sha256-armv4.S: asm/sha256-armv4.pl
+       $(PERL) $< $(PERLASM_SCHEME) $@
+
+sha1-alpha.s:  asm/sha1-alpha.pl
+       $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
 
 # Solaris make has to be explicitly told
 sha1-x86_64.s: asm/sha1-x86_64.pl;     $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@
@@ -71,10 +74,22 @@ sha1-ppc.s: asm/sha1-ppc.pl;        $(PERL) asm/sha1-ppc.pl $(PERLASM_SCHEME) $@
 sha256-ppc.s:  asm/sha512-ppc.pl;      $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@
 sha512-ppc.s:  asm/sha512-ppc.pl;      $(PERL) asm/sha512-ppc.pl $(PERLASM_SCHEME) $@
 
+sha1-parisc.s: asm/sha1-parisc.pl;     $(PERL) asm/sha1-parisc.pl $(PERLASM_SCHEME) $@
+sha256-parisc.s:asm/sha512-parisc.pl;  $(PERL) asm/sha512-parisc.pl $(PERLASM_SCHEME) $@
+sha512-parisc.s:asm/sha512-parisc.pl;  $(PERL) asm/sha512-parisc.pl $(PERLASM_SCHEME) $@
+
+sha1-mips.S:   asm/sha1-mips.pl;       $(PERL) asm/sha1-mips.pl $(PERLASM_SCHEME) $@
+sha256-mips.S: asm/sha512-mips.pl;     $(PERL) asm/sha512-mips.pl $(PERLASM_SCHEME) $@
+sha512-mips.S: asm/sha512-mips.pl;     $(PERL) asm/sha512-mips.pl $(PERLASM_SCHEME) $@
+
 # GNU make "catch all"
-sha1-%.s:      asm/sha1-%.pl;          $(PERL) $< $@
-sha256-%.s:    asm/sha512-%.pl;        $(PERL) $< $@
-sha512-%.s:    asm/sha512-%.pl;        $(PERL) $< $@
+sha1-%.S:      asm/sha1-%.pl;          $(PERL) $< $(PERLASM_SCHEME) $@
+sha256-%.S:    asm/sha512-%.pl;        $(PERL) $< $(PERLASM_SCHEME) $@
+sha512-%.S:    asm/sha512-%.pl;        $(PERL) $< $(PERLASM_SCHEME) $@
+
+sha1-armv4-large.o:    sha1-armv4-large.S
+sha256-armv4.o:                sha256-armv4.S
+sha512-armv4.o:                sha512-armv4.S
 
 files:
        $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -119,8 +134,11 @@ sha1_one.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 sha1_one.o: sha1_one.c
-sha1dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha1dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha1dgst.o: ../../include/openssl/opensslconf.h
+sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+sha1dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha1dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 sha1dgst.o: ../md32_common.h sha1dgst.c sha_locl.h
 sha256.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 sha256.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
@@ -135,8 +153,11 @@ sha512.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 sha512.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
 sha512.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 sha512.o: ../cryptlib.h sha512.c
-sha_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
-sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+sha_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+sha_dgst.o: ../../include/openssl/opensslconf.h
+sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+sha_dgst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+sha_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 sha_dgst.o: ../md32_common.h sha_dgst.c sha_locl.h
 sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 sha_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-586.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-586.pl
index a1f8762..1084d22 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-586.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-586.pl
@@ -12,6 +12,8 @@
 # commentary below], and in 2006 the rest was rewritten in order to
 # gain freedom to liberate licensing terms.
 
+# January, September 2004.
+#
 # It was noted that Intel IA-32 C compiler generates code which
 # performs ~30% *faster* on P4 CPU than original *hand-coded*
 # SHA1 assembler implementation. To address this problem (and
@@ -31,12 +33,92 @@
 # ----------------------------------------------------------------
 #                                      <appro@fy.chalmers.se>
 
+# August 2009.
+#
+# George Spelvin has tipped that F_40_59(b,c,d) can be rewritten as
+# '(c&d) + (b&(c^d))', which allows to accumulate partial results
+# and lighten "pressure" on scratch registers. This resulted in
+# >12% performance improvement on contemporary AMD cores (with no
+# degradation on other CPUs:-). Also, the code was revised to maximize
+# "distance" between instructions producing input to 'lea' instruction
+# and the 'lea' instruction itself, which is essential for Intel Atom
+# core and resulted in ~15% improvement.
+
+# October 2010.
+#
+# Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it
+# is to offload message schedule denoted by Wt in NIST specification,
+# or Xupdate in OpenSSL source, to SIMD unit. The idea is not novel,
+# and in SSE2 context was first explored by Dean Gaudet in 2004, see
+# http://arctic.org/~dean/crypto/sha1.html. Since then several things
+# have changed that made it interesting again:
+#
+# a) XMM units became faster and wider;
+# b) instruction set became more versatile;
+# c) an important observation was made by Max Locktykhin, which made
+#    it possible to reduce amount of instructions required to perform
+#    the operation in question, for further details see
+#    http://software.intel.com/en-us/articles/improving-the-performance-of-the-secure-hash-algorithm-1/.
+
+# April 2011.
+#
+# Add AVX code path, probably most controversial... The thing is that
+# switch to AVX alone improves performance by as little as 4% in
+# comparison to SSSE3 code path. But below result doesn't look like
+# 4% improvement... Trouble is that Sandy Bridge decodes 'ro[rl]' as
+# pair of µ-ops, and it's the additional µ-ops, two per round, that
+# make it run slower than Core2 and Westmere. But 'sh[rl]d' is decoded
+# as single µ-op by Sandy Bridge and it's replacing 'ro[rl]' with
+# equivalent 'sh[rl]d' that is responsible for the impressive 5.1
+# cycles per processed byte. But 'sh[rl]d' is not something that used
+# to be fast, nor does it appear to be fast in upcoming Bulldozer
+# [according to its optimization manual]. Which is why AVX code path
+# is guarded by *both* AVX and synthetic bit denoting Intel CPUs.
+# One can argue that it's unfair to AMD, but without 'sh[rl]d' it
+# makes no sense to keep the AVX code path. If somebody feels that
+# strongly, it's probably more appropriate to discuss possibility of
+# using vector rotate XOP on AMD...
+
+######################################################################
+# Current performance is summarized in following table. Numbers are
+# CPU clock cycles spent to process single byte (less is better).
+#
+#              x86             SSSE3           AVX
+# Pentium      15.7            -
+# PIII         11.5            -
+# P4           10.6            -
+# AMD K8       7.1             -
+# Core2                7.3             6.1/+20%        -
+# Atom         12.5            9.5(*)/+32%     -
+# Westmere     7.3             5.6/+30%        -
+# Sandy Bridge 8.8             6.2/+40%        5.1(**)/+70%
+#
+# (*)  Loop is 1056 instructions long and expected result is ~8.25.
+#      It remains mystery [to me] why ILP is limited to 1.7.
+#
+# (**) As per above comment, the result is for AVX *plus* sh[rl]d.
+
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 push(@INC,"${dir}","${dir}../../perlasm");
 require "x86asm.pl";
 
 &asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386");
 
+$xmm=$ymm=0;
+for (@ARGV) { $xmm=1 if (/-DOPENSSL_IA32_SSE2/); }
+
+$ymm=1 if ($xmm &&
+               `$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+                       =~ /GNU assembler version ([2-9]\.[0-9]+)/ &&
+               $1>=2.19);      # first version supporting AVX
+
+$ymm=1 if ($xmm && !$ymm && $ARGV[0] eq "win32n" && 
+               `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ &&
+               $1>=2.03);      # first version supporting AVX
+
+&external_label("OPENSSL_ia32cap_P") if ($xmm);
+
+
 $A="eax";
 $B="ebx";
 $C="ecx";
@@ -47,6 +129,10 @@ $tmp1="ebp";
 
 @V=($A,$B,$C,$D,$E,$T);
 
+$alt=0;        # 1 denotes alternative IALU implementation, which performs
+       # 8% *worse* on P4, same on Westmere and Atom, 2% better on
+       # Sandy Bridge...
+
 sub BODY_00_15
        {
        local($n,$a,$b,$c,$d,$e,$f)=@_;
@@ -59,16 +145,18 @@ sub BODY_00_15
        &rotl($tmp1,5);                 # tmp1=ROTATE(a,5)
         &xor($f,$d);
        &add($tmp1,$e);                 # tmp1+=e;
-        &and($f,$b);
-       &mov($e,&swtmp($n%16));         # e becomes volatile and is loaded
+        &mov($e,&swtmp($n%16));        # e becomes volatile and is loaded
                                        # with xi, also note that e becomes
                                        # f in next round...
-        &xor($f,$d);                   # f holds F_00_19(b,c,d)
+       &and($f,$b);
        &rotr($b,2);                    # b=ROTATE(b,30)
-        &lea($tmp1,&DWP(0x5a827999,$tmp1,$e)); # tmp1+=K_00_19+xi
+        &xor($f,$d);                   # f holds F_00_19(b,c,d)
+       &lea($tmp1,&DWP(0x5a827999,$tmp1,$e));  # tmp1+=K_00_19+xi
 
-       if ($n==15) { &add($f,$tmp1); } # f+=tmp1
+       if ($n==15) { &mov($e,&swtmp(($n+1)%16));# pre-fetch f for next round
+                     &add($f,$tmp1); } # f+=tmp1
        else        { &add($tmp1,$f); } # f becomes a in next round
+       &mov($tmp1,$a)                  if ($alt && $n==15);
        }
 
 sub BODY_16_19
@@ -77,22 +165,41 @@ sub BODY_16_19
 
        &comment("16_19 $n");
 
-       &mov($f,&swtmp($n%16));         # f to hold Xupdate(xi,xa,xb,xc,xd)
-        &mov($tmp1,$c);                # tmp1 to hold F_00_19(b,c,d)
-       &xor($f,&swtmp(($n+2)%16));
-        &xor($tmp1,$d);
-       &xor($f,&swtmp(($n+8)%16));
-        &and($tmp1,$b);                # tmp1 holds F_00_19(b,c,d)
-       &rotr($b,2);                    # b=ROTATE(b,30)
+if ($alt) {
+       &xor($c,$d);
+        &xor($f,&swtmp(($n+2)%16));    # f to hold Xupdate(xi,xa,xb,xc,xd)
+       &and($tmp1,$c);                 # tmp1 to hold F_00_19(b,c,d), b&=c^d
+        &xor($f,&swtmp(($n+8)%16));
+       &xor($tmp1,$d);                 # tmp1=F_00_19(b,c,d)
+        &xor($f,&swtmp(($n+13)%16));   # f holds xa^xb^xc^xd
+       &rotl($f,1);                    # f=ROTATE(f,1)
+        &add($e,$tmp1);                # e+=F_00_19(b,c,d)
+       &xor($c,$d);                    # restore $c
+        &mov($tmp1,$a);                # b in next round
+       &rotr($b,$n==16?2:7);           # b=ROTATE(b,30)
+        &mov(&swtmp($n%16),$f);        # xi=f
+       &rotl($a,5);                    # ROTATE(a,5)
+        &lea($f,&DWP(0x5a827999,$f,$e));# f+=F_00_19(b,c,d)+e
+       &mov($e,&swtmp(($n+1)%16));     # pre-fetch f for next round
+        &add($f,$a);                   # f+=ROTATE(a,5)
+} else {
+       &mov($tmp1,$c);                 # tmp1 to hold F_00_19(b,c,d)
+        &xor($f,&swtmp(($n+2)%16));    # f to hold Xupdate(xi,xa,xb,xc,xd)
+       &xor($tmp1,$d);
+        &xor($f,&swtmp(($n+8)%16));
+       &and($tmp1,$b);
         &xor($f,&swtmp(($n+13)%16));   # f holds xa^xb^xc^xd
        &rotl($f,1);                    # f=ROTATE(f,1)
         &xor($tmp1,$d);                # tmp1=F_00_19(b,c,d)
-       &mov(&swtmp($n%16),$f);         # xi=f
-       &lea($f,&DWP(0x5a827999,$f,$e));# f+=K_00_19+e
-        &mov($e,$a);                   # e becomes volatile
-       &rotl($e,5);                    # e=ROTATE(a,5)
-        &add($f,$tmp1);                # f+=F_00_19(b,c,d)
-       &add($f,$e);                    # f+=ROTATE(a,5)
+       &add($e,$tmp1);                 # e+=F_00_19(b,c,d)
+        &mov($tmp1,$a);
+       &rotr($b,2);                    # b=ROTATE(b,30)
+        &mov(&swtmp($n%16),$f);        # xi=f
+       &rotl($tmp1,5);                 # ROTATE(a,5)
+        &lea($f,&DWP(0x5a827999,$f,$e));# f+=F_00_19(b,c,d)+e
+       &mov($e,&swtmp(($n+1)%16));     # pre-fetch f for next round
+        &add($f,$tmp1);                # f+=ROTATE(a,5)
+}
        }
 
 sub BODY_20_39
@@ -102,21 +209,41 @@ sub BODY_20_39
 
        &comment("20_39 $n");
 
+if ($alt) {
+       &xor($tmp1,$c);                 # tmp1 to hold F_20_39(b,c,d), b^=c
+        &xor($f,&swtmp(($n+2)%16));    # f to hold Xupdate(xi,xa,xb,xc,xd)
+       &xor($tmp1,$d);                 # tmp1 holds F_20_39(b,c,d)
+        &xor($f,&swtmp(($n+8)%16));
+       &add($e,$tmp1);                 # e+=F_20_39(b,c,d)
+        &xor($f,&swtmp(($n+13)%16));   # f holds xa^xb^xc^xd
+       &rotl($f,1);                    # f=ROTATE(f,1)
+        &mov($tmp1,$a);                # b in next round
+       &rotr($b,7);                    # b=ROTATE(b,30)
+        &mov(&swtmp($n%16),$f)         if($n<77);# xi=f
+       &rotl($a,5);                    # ROTATE(a,5)
+        &xor($b,$c)                    if($n==39);# warm up for BODY_40_59
+       &and($tmp1,$b)                  if($n==39);
+        &lea($f,&DWP($K,$f,$e));       # f+=e+K_XX_YY
+       &mov($e,&swtmp(($n+1)%16))      if($n<79);# pre-fetch f for next round
+        &add($f,$a);                   # f+=ROTATE(a,5)
+       &rotr($a,5)                     if ($n==79);
+} else {
        &mov($tmp1,$b);                 # tmp1 to hold F_20_39(b,c,d)
-        &mov($f,&swtmp($n%16));        # f to hold Xupdate(xi,xa,xb,xc,xd)
-       &rotr($b,2);                    # b=ROTATE(b,30)
-        &xor($f,&swtmp(($n+2)%16));
+        &xor($f,&swtmp(($n+2)%16));    # f to hold Xupdate(xi,xa,xb,xc,xd)
        &xor($tmp1,$c);
         &xor($f,&swtmp(($n+8)%16));
        &xor($tmp1,$d);                 # tmp1 holds F_20_39(b,c,d)
         &xor($f,&swtmp(($n+13)%16));   # f holds xa^xb^xc^xd
        &rotl($f,1);                    # f=ROTATE(f,1)
-        &add($tmp1,$e);
-       &mov(&swtmp($n%16),$f);         # xi=f
-        &mov($e,$a);                   # e becomes volatile
-       &rotl($e,5);                    # e=ROTATE(a,5)
-        &lea($f,&DWP($K,$f,$tmp1));    # f+=K_20_39+e
-       &add($f,$e);                    # f+=ROTATE(a,5)
+        &add($e,$tmp1);                # e+=F_20_39(b,c,d)
+       &rotr($b,2);                    # b=ROTATE(b,30)
+        &mov($tmp1,$a);
+       &rotl($tmp1,5);                 # ROTATE(a,5)
+        &mov(&swtmp($n%16),$f) if($n<77);# xi=f
+       &lea($f,&DWP($K,$f,$e));        # f+=e+K_XX_YY
+        &mov($e,&swtmp(($n+1)%16)) if($n<79);# pre-fetch f for next round
+       &add($f,$tmp1);                 # f+=ROTATE(a,5)
+}
        }
 
 sub BODY_40_59
@@ -125,41 +252,86 @@ sub BODY_40_59
 
        &comment("40_59 $n");
 
-       &mov($f,&swtmp($n%16));         # f to hold Xupdate(xi,xa,xb,xc,xd)
-        &mov($tmp1,&swtmp(($n+2)%16));
-       &xor($f,$tmp1);
-        &mov($tmp1,&swtmp(($n+8)%16));
-       &xor($f,$tmp1);
-        &mov($tmp1,&swtmp(($n+13)%16));
-       &xor($f,$tmp1);                 # f holds xa^xb^xc^xd
-        &mov($tmp1,$b);                # tmp1 to hold F_40_59(b,c,d)
+if ($alt) {
+       &add($e,$tmp1);                 # e+=b&(c^d)
+        &xor($f,&swtmp(($n+2)%16));    # f to hold Xupdate(xi,xa,xb,xc,xd)
+       &mov($tmp1,$d);
+        &xor($f,&swtmp(($n+8)%16));
+       &xor($c,$d);                    # restore $c
+        &xor($f,&swtmp(($n+13)%16));   # f holds xa^xb^xc^xd
        &rotl($f,1);                    # f=ROTATE(f,1)
-        &or($tmp1,$c);
-       &mov(&swtmp($n%16),$f);         # xi=f
-        &and($tmp1,$d);
-       &lea($f,&DWP(0x8f1bbcdc,$f,$e));# f+=K_40_59+e
-        &mov($e,$b);                   # e becomes volatile and is used
-                                       # to calculate F_40_59(b,c,d)
+        &and($tmp1,$c);
+       &rotr($b,7);                    # b=ROTATE(b,30)
+        &add($e,$tmp1);                # e+=c&d
+       &mov($tmp1,$a);                 # b in next round
+        &mov(&swtmp($n%16),$f);        # xi=f
+       &rotl($a,5);                    # ROTATE(a,5)
+        &xor($b,$c)                    if ($n<59);
+       &and($tmp1,$b)                  if ($n<59);# tmp1 to hold F_40_59(b,c,d)
+        &lea($f,&DWP(0x8f1bbcdc,$f,$e));# f+=K_40_59+e+(b&(c^d))
+       &mov($e,&swtmp(($n+1)%16));     # pre-fetch f for next round
+        &add($f,$a);                   # f+=ROTATE(a,5)
+} else {
+       &mov($tmp1,$c);                 # tmp1 to hold F_40_59(b,c,d)
+        &xor($f,&swtmp(($n+2)%16));    # f to hold Xupdate(xi,xa,xb,xc,xd)
+       &xor($tmp1,$d);
+        &xor($f,&swtmp(($n+8)%16));
+       &and($tmp1,$b);
+        &xor($f,&swtmp(($n+13)%16));   # f holds xa^xb^xc^xd
+       &rotl($f,1);                    # f=ROTATE(f,1)
+        &add($tmp1,$e);                # b&(c^d)+=e
        &rotr($b,2);                    # b=ROTATE(b,30)
-        &and($e,$c);
-       &or($tmp1,$e);                  # tmp1 holds F_40_59(b,c,d)             
-        &mov($e,$a);
-       &rotl($e,5);                    # e=ROTATE(a,5)
-        &add($f,$tmp1);                # f+=tmp1;
+        &mov($e,$a);                   # e becomes volatile
+       &rotl($e,5);                    # ROTATE(a,5)
+        &mov(&swtmp($n%16),$f);        # xi=f
+       &lea($f,&DWP(0x8f1bbcdc,$f,$tmp1));# f+=K_40_59+e+(b&(c^d))
+        &mov($tmp1,$c);
        &add($f,$e);                    # f+=ROTATE(a,5)
+        &and($tmp1,$d);
+       &mov($e,&swtmp(($n+1)%16));     # pre-fetch f for next round
+        &add($f,$tmp1);                # f+=c&d
+}
        }
 
 &function_begin("sha1_block_data_order");
+if ($xmm) {
+  &static_label("ssse3_shortcut");
+  &static_label("avx_shortcut")                if ($ymm);
+  &static_label("K_XX_XX");
+
+       &call   (&label("pic_point"));  # make it PIC!
+  &set_label("pic_point");
+       &blindpop($tmp1);
+       &picmeup($T,"OPENSSL_ia32cap_P",$tmp1,&label("pic_point"));
+       &lea    ($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1));
+
+       &mov    ($A,&DWP(0,$T));
+       &mov    ($D,&DWP(4,$T));
+       &test   ($D,1<<9);              # check SSSE3 bit
+       &jz     (&label("x86"));
+       &test   ($A,1<<24);             # check FXSR bit
+       &jz     (&label("x86"));
+       if ($ymm) {
+               &and    ($D,1<<28);             # mask AVX bit
+               &and    ($A,1<<30);             # mask "Intel CPU" bit
+               &or     ($A,$D);
+               &cmp    ($A,1<<28|1<<30);
+               &je     (&label("avx_shortcut"));
+       }
+       &jmp    (&label("ssse3_shortcut"));
+  &set_label("x86",16);
+}
        &mov($tmp1,&wparam(0)); # SHA_CTX *c
        &mov($T,&wparam(1));    # const void *input
        &mov($A,&wparam(2));    # size_t num
-       &stack_push(16);        # allocate X[16]
+       &stack_push(16+3);      # allocate X[16]
        &shl($A,6);
        &add($A,$T);
        &mov(&wparam(2),$A);    # pointer beyond the end of input
        &mov($E,&DWP(16,$tmp1));# pre-load E
+       &jmp(&label("loop"));
 
-       &set_label("loop",16);
+&set_label("loop",16);
 
        # copy input chunk to X, but reversing byte order!
        for ($i=0; $i<16; $i+=4)
@@ -213,8 +385,845 @@ sub BODY_40_59
        &mov(&DWP(16,$tmp1),$C);
        &jb(&label("loop"));
 
-       &stack_pop(16);
+       &stack_pop(16+3);
 &function_end("sha1_block_data_order");
+
+if ($xmm) {
+######################################################################
+# The SSSE3 implementation.
+#
+# %xmm[0-7] are used as ring @X[] buffer containing quadruples of last
+# 32 elements of the message schedule or Xupdate outputs. First 4
+# quadruples are simply byte-swapped input, next 4 are calculated
+# according to method originally suggested by Dean Gaudet (modulo
+# being implemented in SSSE3). Once 8 quadruples or 32 elements are
+# collected, it switches to routine proposed by Max Locktyukhin.
+#
+# Calculations inevitably require temporary reqisters, and there are
+# no %xmm registers left to spare. For this reason part of the ring
+# buffer, X[2..4] to be specific, is offloaded to 3 quadriples ring
+# buffer on the stack. Keep in mind that X[2] is alias X[-6], X[3] -
+# X[-5], and X[4] - X[-4]...
+#
+# Another notable optimization is aggressive stack frame compression
+# aiming to minimize amount of 9-byte instructions...
+#
+# Yet another notable optimization is "jumping" $B variable. It means
+# that there is no register permanently allocated for $B value. This
+# allowed to eliminate one instruction from body_20_39...
+#
+my $Xi=4;                      # 4xSIMD Xupdate round, start pre-seeded
+my @X=map("xmm$_",(4..7,0..3));        # pre-seeded for $Xi=4
+my @V=($A,$B,$C,$D,$E);
+my $j=0;                       # hash round
+my @T=($T,$tmp1);
+my $inp;
+
+my $_rol=sub { &rol(@_) };
+my $_ror=sub { &ror(@_) };
+
+&function_begin("_sha1_block_data_order_ssse3");
+       &call   (&label("pic_point"));  # make it PIC!
+       &set_label("pic_point");
+       &blindpop($tmp1);
+       &lea    ($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1));
+&set_label("ssse3_shortcut");
+
+       &movdqa (@X[3],&QWP(0,$tmp1));          # K_00_19
+       &movdqa (@X[4],&QWP(16,$tmp1));         # K_20_39
+       &movdqa (@X[5],&QWP(32,$tmp1));         # K_40_59
+       &movdqa (@X[6],&QWP(48,$tmp1));         # K_60_79
+       &movdqa (@X[2],&QWP(64,$tmp1));         # pbswap mask
+
+       &mov    ($E,&wparam(0));                # load argument block
+       &mov    ($inp=@T[1],&wparam(1));
+       &mov    ($D,&wparam(2));
+       &mov    (@T[0],"esp");
+
+       # stack frame layout
+       #
+       # +0    X[0]+K  X[1]+K  X[2]+K  X[3]+K  # XMM->IALU xfer area
+       #       X[4]+K  X[5]+K  X[6]+K  X[7]+K
+       #       X[8]+K  X[9]+K  X[10]+K X[11]+K
+       #       X[12]+K X[13]+K X[14]+K X[15]+K
+       #
+       # +64   X[0]    X[1]    X[2]    X[3]    # XMM->XMM backtrace area
+       #       X[4]    X[5]    X[6]    X[7]
+       #       X[8]    X[9]    X[10]   X[11]   # even borrowed for K_00_19
+       #
+       # +112  K_20_39 K_20_39 K_20_39 K_20_39 # constants
+       #       K_40_59 K_40_59 K_40_59 K_40_59
+       #       K_60_79 K_60_79 K_60_79 K_60_79
+       #       K_00_19 K_00_19 K_00_19 K_00_19
+       #       pbswap mask
+       #
+       # +192  ctx                             # argument block
+       # +196  inp
+       # +200  end
+       # +204  esp
+       &sub    ("esp",208);
+       &and    ("esp",-64);
+
+       &movdqa (&QWP(112+0,"esp"),@X[4]);      # copy constants
+       &movdqa (&QWP(112+16,"esp"),@X[5]);
+       &movdqa (&QWP(112+32,"esp"),@X[6]);
+       &shl    ($D,6);                         # len*64
+       &movdqa (&QWP(112+48,"esp"),@X[3]);
+       &add    ($D,$inp);                      # end of input
+       &movdqa (&QWP(112+64,"esp"),@X[2]);
+       &add    ($inp,64);
+       &mov    (&DWP(192+0,"esp"),$E);         # save argument block
+       &mov    (&DWP(192+4,"esp"),$inp);
+       &mov    (&DWP(192+8,"esp"),$D);
+       &mov    (&DWP(192+12,"esp"),@T[0]);     # save original %esp
+
+       &mov    ($A,&DWP(0,$E));                # load context
+       &mov    ($B,&DWP(4,$E));
+       &mov    ($C,&DWP(8,$E));
+       &mov    ($D,&DWP(12,$E));
+       &mov    ($E,&DWP(16,$E));
+       &mov    (@T[0],$B);                     # magic seed
+
+       &movdqu (@X[-4&7],&QWP(-64,$inp));      # load input to %xmm[0-3]
+       &movdqu (@X[-3&7],&QWP(-48,$inp));
+       &movdqu (@X[-2&7],&QWP(-32,$inp));
+       &movdqu (@X[-1&7],&QWP(-16,$inp));
+       &pshufb (@X[-4&7],@X[2]);               # byte swap
+       &pshufb (@X[-3&7],@X[2]);
+       &pshufb (@X[-2&7],@X[2]);
+       &movdqa (&QWP(112-16,"esp"),@X[3]);     # borrow last backtrace slot
+       &pshufb (@X[-1&7],@X[2]);
+       &paddd  (@X[-4&7],@X[3]);               # add K_00_19
+       &paddd  (@X[-3&7],@X[3]);
+       &paddd  (@X[-2&7],@X[3]);
+       &movdqa (&QWP(0,"esp"),@X[-4&7]);       # X[]+K xfer to IALU
+       &psubd  (@X[-4&7],@X[3]);               # restore X[]
+       &movdqa (&QWP(0+16,"esp"),@X[-3&7]);
+       &psubd  (@X[-3&7],@X[3]);
+       &movdqa (&QWP(0+32,"esp"),@X[-2&7]);
+       &psubd  (@X[-2&7],@X[3]);
+       &movdqa (@X[0],@X[-3&7]);
+       &jmp    (&label("loop"));
+
+######################################################################
+# SSE instruction sequence is first broken to groups of indepentent
+# instructions, independent in respect to their inputs and shifter
+# (not all architectures have more than one). Then IALU instructions
+# are "knitted in" between the SSE groups. Distance is maintained for
+# SSE latency of 2 in hope that it fits better upcoming AMD Bulldozer
+# [which allegedly also implements SSSE3]...
+#
+# Temporary registers usage. X[2] is volatile at the entry and at the
+# end is restored from backtrace ring buffer. X[3] is expected to
+# contain current K_XX_XX constant and is used to caclulate X[-1]+K
+# from previous round, it becomes volatile the moment the value is
+# saved to stack for transfer to IALU. X[4] becomes volatile whenever
+# X[-4] is accumulated and offloaded to backtrace ring buffer, at the
+# end it is loaded with next K_XX_XX [which becomes X[3] in next
+# round]...
+#
+sub Xupdate_ssse3_16_31()              # recall that $Xi starts wtih 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 40 instructions
+  my ($a,$b,$c,$d,$e);
+
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &palignr(@X[0],@X[-4&7],8);     # compose "X[-14]" in "X[0]"
+       &movdqa (@X[2],@X[-1&7]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+         &paddd        (@X[3],@X[-1&7]);
+         &movdqa       (&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);# save X[] to backtrace buffer
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &psrldq (@X[2],4);              # "X[-3]", 3 dwords
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &pxor   (@X[0],@X[-4&7]);       # "X[0]"^="X[-16]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &pxor   (@X[2],@X[-2&7]);       # "X[-3]"^"X[-8]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &pxor   (@X[0],@X[2]);          # "X[0]"^="X[-3]"^"X[-8]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+         &movdqa       (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);   # X[]+K xfer to IALU
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &movdqa (@X[4],@X[0]);
+       &movdqa (@X[2],@X[0]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &pslldq (@X[4],12);             # "X[0]"<<96, extract one dword
+       &paddd  (@X[0],@X[0]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &psrld  (@X[2],31);
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &movdqa (@X[3],@X[4]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &psrld  (@X[4],30);
+       &por    (@X[0],@X[2]);          # "X[0]"<<<=1
+        eval(shift(@insns));
+        eval(shift(@insns));
+         &movdqa       (@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if ($Xi>5);       # restore X[] from backtrace buffer
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &pslld  (@X[3],2);
+       &pxor   (@X[0],@X[4]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+         &movdqa       (@X[4],&QWP(112-16+16*(($Xi)/5),"esp"));        # K_XX_XX
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &pxor   (@X[0],@X[3]);          # "X[0]"^=("X[0]"<<96)<<<2
+         &movdqa       (@X[1],@X[-2&7])        if ($Xi<7);
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+        foreach (@insns) { eval; }     # remaining instructions [if any]
+
+  $Xi++;       push(@X,shift(@X));     # "rotate" X[]
+}
+
+sub Xupdate_ssse3_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 32 to 48 instructions
+  my ($a,$b,$c,$d,$e);
+
+       &movdqa (@X[2],@X[-1&7])        if ($Xi==8);
+        eval(shift(@insns));           # body_20_39
+       &pxor   (@X[0],@X[-4&7]);       # "X[0]"="X[-32]"^"X[-16]"
+       &palignr(@X[2],@X[-2&7],8);     # compose "X[-6]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+
+       &pxor   (@X[0],@X[-7&7]);       # "X[0]"^="X[-28]"
+         &movdqa       (&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);       # save X[] to backtrace buffer
+        eval(shift(@insns));
+        eval(shift(@insns));
+        if ($Xi%5) {
+         &movdqa       (@X[4],@X[3]);  # "perpetuate" K_XX_XX...
+        } else {                       # ... or load next one
+         &movdqa       (@X[4],&QWP(112-16+16*($Xi/5),"esp"));
+        }
+         &paddd        (@X[3],@X[-1&7]);
+        eval(shift(@insns));           # ror
+        eval(shift(@insns));
+
+       &pxor   (@X[0],@X[2]);          # "X[0]"^="X[-6]"
+        eval(shift(@insns));           # body_20_39
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+
+       &movdqa (@X[2],@X[0]);
+         &movdqa       (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);   # X[]+K xfer to IALU
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # ror
+        eval(shift(@insns));
+
+       &pslld  (@X[0],2);
+        eval(shift(@insns));           # body_20_39
+        eval(shift(@insns));
+       &psrld  (@X[2],30);
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # ror
+        eval(shift(@insns));
+
+       &por    (@X[0],@X[2]);          # "X[0]"<<<=2
+        eval(shift(@insns));           # body_20_39
+        eval(shift(@insns));
+         &movdqa       (@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if($Xi<19);       # restore X[] from backtrace buffer
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # ror
+         &movdqa       (@X[3],@X[0])   if ($Xi<19);
+        eval(shift(@insns));
+
+        foreach (@insns) { eval; }     # remaining instructions
+
+  $Xi++;       push(@X,shift(@X));     # "rotate" X[]
+}
+
+sub Xuplast_ssse3_80()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+        eval(shift(@insns));
+         &paddd        (@X[3],@X[-1&7]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+         &movdqa       (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);   # X[]+K xfer IALU
+
+        foreach (@insns) { eval; }             # remaining instructions
+
+       &mov    ($inp=@T[1],&DWP(192+4,"esp"));
+       &cmp    ($inp,&DWP(192+8,"esp"));
+       &je     (&label("done"));
+
+       &movdqa (@X[3],&QWP(112+48,"esp"));     # K_00_19
+       &movdqa (@X[2],&QWP(112+64,"esp"));     # pbswap mask
+       &movdqu (@X[-4&7],&QWP(0,$inp));        # load input
+       &movdqu (@X[-3&7],&QWP(16,$inp));
+       &movdqu (@X[-2&7],&QWP(32,$inp));
+       &movdqu (@X[-1&7],&QWP(48,$inp));
+       &add    ($inp,64);
+       &pshufb (@X[-4&7],@X[2]);               # byte swap
+       &mov    (&DWP(192+4,"esp"),$inp);
+       &movdqa (&QWP(112-16,"esp"),@X[3]);     # borrow last backtrace slot
+
+  $Xi=0;
+}
+
+sub Xloop_ssse3()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &pshufb (@X[($Xi-3)&7],@X[2]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &paddd  (@X[($Xi-4)&7],@X[3]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &movdqa (&QWP(0+16*$Xi,"esp"),@X[($Xi-4)&7]);   # X[]+K xfer to IALU
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &psubd  (@X[($Xi-4)&7],@X[3]);
+
+       foreach (@insns) { eval; }
+  $Xi++;
+}
+
+sub Xtail_ssse3()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+       foreach (@insns) { eval; }
+}
+
+sub body_00_19 () {
+       (
+       '($a,$b,$c,$d,$e)=@V;'.
+       '&add   ($e,&DWP(4*($j&15),"esp"));',   # X[]+K xfer
+       '&xor   ($c,$d);',
+       '&mov   (@T[1],$a);',   # $b in next round
+       '&$_rol ($a,5);',
+       '&and   (@T[0],$c);',   # ($b&($c^$d))
+       '&xor   ($c,$d);',      # restore $c
+       '&xor   (@T[0],$d);',
+       '&add   ($e,$a);',
+       '&$_ror ($b,$j?7:2);',  # $b>>>2
+       '&add   ($e,@T[0]);'    .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+       );
+}
+
+sub body_20_39 () {
+       (
+       '($a,$b,$c,$d,$e)=@V;'.
+       '&add   ($e,&DWP(4*($j++&15),"esp"));', # X[]+K xfer
+       '&xor   (@T[0],$d);',   # ($b^$d)
+       '&mov   (@T[1],$a);',   # $b in next round
+       '&$_rol ($a,5);',
+       '&xor   (@T[0],$c);',   # ($b^$d^$c)
+       '&add   ($e,$a);',
+       '&$_ror ($b,7);',       # $b>>>2
+       '&add   ($e,@T[0]);'    .'unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+       );
+}
+
+sub body_40_59 () {
+       (
+       '($a,$b,$c,$d,$e)=@V;'.
+       '&mov   (@T[1],$c);',
+       '&xor   ($c,$d);',
+       '&add   ($e,&DWP(4*($j++&15),"esp"));', # X[]+K xfer
+       '&and   (@T[1],$d);',
+       '&and   (@T[0],$c);',   # ($b&($c^$d))
+       '&$_ror ($b,7);',       # $b>>>2
+       '&add   ($e,@T[1]);',
+       '&mov   (@T[1],$a);',   # $b in next round
+       '&$_rol ($a,5);',
+       '&add   ($e,@T[0]);',
+       '&xor   ($c,$d);',      # restore $c
+       '&add   ($e,$a);'       .'unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+       );
+}
+
+&set_label("loop",16);
+       &Xupdate_ssse3_16_31(\&body_00_19);
+       &Xupdate_ssse3_16_31(\&body_00_19);
+       &Xupdate_ssse3_16_31(\&body_00_19);
+       &Xupdate_ssse3_16_31(\&body_00_19);
+       &Xupdate_ssse3_32_79(\&body_00_19);
+       &Xupdate_ssse3_32_79(\&body_20_39);
+       &Xupdate_ssse3_32_79(\&body_20_39);
+       &Xupdate_ssse3_32_79(\&body_20_39);
+       &Xupdate_ssse3_32_79(\&body_20_39);
+       &Xupdate_ssse3_32_79(\&body_20_39);
+       &Xupdate_ssse3_32_79(\&body_40_59);
+       &Xupdate_ssse3_32_79(\&body_40_59);
+       &Xupdate_ssse3_32_79(\&body_40_59);
+       &Xupdate_ssse3_32_79(\&body_40_59);
+       &Xupdate_ssse3_32_79(\&body_40_59);
+       &Xupdate_ssse3_32_79(\&body_20_39);
+       &Xuplast_ssse3_80(\&body_20_39);        # can jump to "done"
+
+                               $saved_j=$j; @saved_V=@V;
+
+       &Xloop_ssse3(\&body_20_39);
+       &Xloop_ssse3(\&body_20_39);
+       &Xloop_ssse3(\&body_20_39);
+
+       &mov    (@T[1],&DWP(192,"esp"));        # update context
+       &add    ($A,&DWP(0,@T[1]));
+       &add    (@T[0],&DWP(4,@T[1]));          # $b
+       &add    ($C,&DWP(8,@T[1]));
+       &mov    (&DWP(0,@T[1]),$A);
+       &add    ($D,&DWP(12,@T[1]));
+       &mov    (&DWP(4,@T[1]),@T[0]);
+       &add    ($E,&DWP(16,@T[1]));
+       &mov    (&DWP(8,@T[1]),$C);
+       &mov    ($B,@T[0]);
+       &mov    (&DWP(12,@T[1]),$D);
+       &mov    (&DWP(16,@T[1]),$E);
+       &movdqa (@X[0],@X[-3&7]);
+
+       &jmp    (&label("loop"));
+
+&set_label("done",16);         $j=$saved_j; @V=@saved_V;
+
+       &Xtail_ssse3(\&body_20_39);
+       &Xtail_ssse3(\&body_20_39);
+       &Xtail_ssse3(\&body_20_39);
+
+       &mov    (@T[1],&DWP(192,"esp"));        # update context
+       &add    ($A,&DWP(0,@T[1]));
+       &mov    ("esp",&DWP(192+12,"esp"));     # restore %esp
+       &add    (@T[0],&DWP(4,@T[1]));          # $b
+       &add    ($C,&DWP(8,@T[1]));
+       &mov    (&DWP(0,@T[1]),$A);
+       &add    ($D,&DWP(12,@T[1]));
+       &mov    (&DWP(4,@T[1]),@T[0]);
+       &add    ($E,&DWP(16,@T[1]));
+       &mov    (&DWP(8,@T[1]),$C);
+       &mov    (&DWP(12,@T[1]),$D);
+       &mov    (&DWP(16,@T[1]),$E);
+
+&function_end("_sha1_block_data_order_ssse3");
+
+if ($ymm) {
+my $Xi=4;                      # 4xSIMD Xupdate round, start pre-seeded
+my @X=map("xmm$_",(4..7,0..3));        # pre-seeded for $Xi=4
+my @V=($A,$B,$C,$D,$E);
+my $j=0;                       # hash round
+my @T=($T,$tmp1);
+my $inp;
+
+my $_rol=sub { &shld(@_[0],@_) };
+my $_ror=sub { &shrd(@_[0],@_) };
+
+&function_begin("_sha1_block_data_order_avx");
+       &call   (&label("pic_point"));  # make it PIC!
+       &set_label("pic_point");
+       &blindpop($tmp1);
+       &lea    ($tmp1,&DWP(&label("K_XX_XX")."-".&label("pic_point"),$tmp1));
+&set_label("avx_shortcut");
+       &vzeroall();
+
+       &vmovdqa(@X[3],&QWP(0,$tmp1));          # K_00_19
+       &vmovdqa(@X[4],&QWP(16,$tmp1));         # K_20_39
+       &vmovdqa(@X[5],&QWP(32,$tmp1));         # K_40_59
+       &vmovdqa(@X[6],&QWP(48,$tmp1));         # K_60_79
+       &vmovdqa(@X[2],&QWP(64,$tmp1));         # pbswap mask
+
+       &mov    ($E,&wparam(0));                # load argument block
+       &mov    ($inp=@T[1],&wparam(1));
+       &mov    ($D,&wparam(2));
+       &mov    (@T[0],"esp");
+
+       # stack frame layout
+       #
+       # +0    X[0]+K  X[1]+K  X[2]+K  X[3]+K  # XMM->IALU xfer area
+       #       X[4]+K  X[5]+K  X[6]+K  X[7]+K
+       #       X[8]+K  X[9]+K  X[10]+K X[11]+K
+       #       X[12]+K X[13]+K X[14]+K X[15]+K
+       #
+       # +64   X[0]    X[1]    X[2]    X[3]    # XMM->XMM backtrace area
+       #       X[4]    X[5]    X[6]    X[7]
+       #       X[8]    X[9]    X[10]   X[11]   # even borrowed for K_00_19
+       #
+       # +112  K_20_39 K_20_39 K_20_39 K_20_39 # constants
+       #       K_40_59 K_40_59 K_40_59 K_40_59
+       #       K_60_79 K_60_79 K_60_79 K_60_79
+       #       K_00_19 K_00_19 K_00_19 K_00_19
+       #       pbswap mask
+       #
+       # +192  ctx                             # argument block
+       # +196  inp
+       # +200  end
+       # +204  esp
+       &sub    ("esp",208);
+       &and    ("esp",-64);
+
+       &vmovdqa(&QWP(112+0,"esp"),@X[4]);      # copy constants
+       &vmovdqa(&QWP(112+16,"esp"),@X[5]);
+       &vmovdqa(&QWP(112+32,"esp"),@X[6]);
+       &shl    ($D,6);                         # len*64
+       &vmovdqa(&QWP(112+48,"esp"),@X[3]);
+       &add    ($D,$inp);                      # end of input
+       &vmovdqa(&QWP(112+64,"esp"),@X[2]);
+       &add    ($inp,64);
+       &mov    (&DWP(192+0,"esp"),$E);         # save argument block
+       &mov    (&DWP(192+4,"esp"),$inp);
+       &mov    (&DWP(192+8,"esp"),$D);
+       &mov    (&DWP(192+12,"esp"),@T[0]);     # save original %esp
+
+       &mov    ($A,&DWP(0,$E));                # load context
+       &mov    ($B,&DWP(4,$E));
+       &mov    ($C,&DWP(8,$E));
+       &mov    ($D,&DWP(12,$E));
+       &mov    ($E,&DWP(16,$E));
+       &mov    (@T[0],$B);                     # magic seed
+
+       &vmovdqu(@X[-4&7],&QWP(-64,$inp));      # load input to %xmm[0-3]
+       &vmovdqu(@X[-3&7],&QWP(-48,$inp));
+       &vmovdqu(@X[-2&7],&QWP(-32,$inp));
+       &vmovdqu(@X[-1&7],&QWP(-16,$inp));
+       &vpshufb(@X[-4&7],@X[-4&7],@X[2]);      # byte swap
+       &vpshufb(@X[-3&7],@X[-3&7],@X[2]);
+       &vpshufb(@X[-2&7],@X[-2&7],@X[2]);
+       &vmovdqa(&QWP(112-16,"esp"),@X[3]);     # borrow last backtrace slot
+       &vpshufb(@X[-1&7],@X[-1&7],@X[2]);
+       &vpaddd (@X[0],@X[-4&7],@X[3]);         # add K_00_19
+       &vpaddd (@X[1],@X[-3&7],@X[3]);
+       &vpaddd (@X[2],@X[-2&7],@X[3]);
+       &vmovdqa(&QWP(0,"esp"),@X[0]);          # X[]+K xfer to IALU
+       &vmovdqa(&QWP(0+16,"esp"),@X[1]);
+       &vmovdqa(&QWP(0+32,"esp"),@X[2]);
+       &jmp    (&label("loop"));
+
+sub Xupdate_avx_16_31()                # recall that $Xi starts wtih 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 40 instructions
+  my ($a,$b,$c,$d,$e);
+
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &vpalignr(@X[0],@X[-3&7],@X[-4&7],8);   # compose "X[-14]" in "X[0]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+         &vpaddd       (@X[3],@X[3],@X[-1&7]);
+         &vmovdqa      (&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);# save X[] to backtrace buffer
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &vpsrldq(@X[2],@X[-1&7],4);             # "X[-3]", 3 dwords
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &vpxor  (@X[0],@X[0],@X[-4&7]);         # "X[0]"^="X[-16]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &vpxor  (@X[2],@X[2],@X[-2&7]);         # "X[-3]"^"X[-8]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+         &vmovdqa      (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);   # X[]+K xfer to IALU
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &vpxor  (@X[0],@X[0],@X[2]);            # "X[0]"^="X[-3]"^"X[-8]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &vpsrld (@X[2],@X[0],31);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &vpslldq(@X[4],@X[0],12);               # "X[0]"<<96, extract one dword
+       &vpaddd (@X[0],@X[0],@X[0]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &vpsrld (@X[3],@X[4],30);
+       &vpor   (@X[0],@X[0],@X[2]);            # "X[0]"<<<=1
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &vpslld (@X[4],@X[4],2);
+         &vmovdqa      (@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if ($Xi>5);       # restore X[] from backtrace buffer
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &vpxor  (@X[0],@X[0],@X[3]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &vpxor  (@X[0],@X[0],@X[4]);            # "X[0]"^=("X[0]"<<96)<<<2
+        eval(shift(@insns));
+        eval(shift(@insns));
+         &vmovdqa      (@X[4],&QWP(112-16+16*(($Xi)/5),"esp"));        # K_XX_XX
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+        foreach (@insns) { eval; }     # remaining instructions [if any]
+
+  $Xi++;       push(@X,shift(@X));     # "rotate" X[]
+}
+
+sub Xupdate_avx_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 32 to 48 instructions
+  my ($a,$b,$c,$d,$e);
+
+       &vpalignr(@X[2],@X[-1&7],@X[-2&7],8);   # compose "X[-6]"
+       &vpxor  (@X[0],@X[0],@X[-4&7]); # "X[0]"="X[-32]"^"X[-16]"
+        eval(shift(@insns));           # body_20_39
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+
+       &vpxor  (@X[0],@X[0],@X[-7&7]); # "X[0]"^="X[-28]"
+         &vmovdqa      (&QWP(64+16*(($Xi-4)%3),"esp"),@X[-4&7]);       # save X[] to backtrace buffer
+        eval(shift(@insns));
+        eval(shift(@insns));
+        if ($Xi%5) {
+         &vmovdqa      (@X[4],@X[3]);  # "perpetuate" K_XX_XX...
+        } else {                       # ... or load next one
+         &vmovdqa      (@X[4],&QWP(112-16+16*($Xi/5),"esp"));
+        }
+         &vpaddd       (@X[3],@X[3],@X[-1&7]);
+        eval(shift(@insns));           # ror
+        eval(shift(@insns));
+
+       &vpxor  (@X[0],@X[0],@X[2]);            # "X[0]"^="X[-6]"
+        eval(shift(@insns));           # body_20_39
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+
+       &vpsrld (@X[2],@X[0],30);
+         &vmovdqa      (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);   # X[]+K xfer to IALU
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # ror
+        eval(shift(@insns));
+
+       &vpslld (@X[0],@X[0],2);
+        eval(shift(@insns));           # body_20_39
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # ror
+        eval(shift(@insns));
+
+       &vpor   (@X[0],@X[0],@X[2]);    # "X[0]"<<<=2
+        eval(shift(@insns));           # body_20_39
+        eval(shift(@insns));
+         &vmovdqa      (@X[2],&QWP(64+16*(($Xi-6)%3),"esp")) if($Xi<19);       # restore X[] from backtrace buffer
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # ror
+        eval(shift(@insns));
+
+        foreach (@insns) { eval; }     # remaining instructions
+
+  $Xi++;       push(@X,shift(@X));     # "rotate" X[]
+}
+
+sub Xuplast_avx_80()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+        eval(shift(@insns));
+         &vpaddd       (@X[3],@X[3],@X[-1&7]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+         &vmovdqa      (&QWP(0+16*(($Xi-1)&3),"esp"),@X[3]);   # X[]+K xfer IALU
+
+        foreach (@insns) { eval; }             # remaining instructions
+
+       &mov    ($inp=@T[1],&DWP(192+4,"esp"));
+       &cmp    ($inp,&DWP(192+8,"esp"));
+       &je     (&label("done"));
+
+       &vmovdqa(@X[3],&QWP(112+48,"esp"));     # K_00_19
+       &vmovdqa(@X[2],&QWP(112+64,"esp"));     # pbswap mask
+       &vmovdqu(@X[-4&7],&QWP(0,$inp));        # load input
+       &vmovdqu(@X[-3&7],&QWP(16,$inp));
+       &vmovdqu(@X[-2&7],&QWP(32,$inp));
+       &vmovdqu(@X[-1&7],&QWP(48,$inp));
+       &add    ($inp,64);
+       &vpshufb(@X[-4&7],@X[-4&7],@X[2]);              # byte swap
+       &mov    (&DWP(192+4,"esp"),$inp);
+       &vmovdqa(&QWP(112-16,"esp"),@X[3]);     # borrow last backtrace slot
+
+  $Xi=0;
+}
+
+sub Xloop_avx()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &vpshufb        (@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &vpaddd (@X[$Xi&7],@X[($Xi-4)&7],@X[3]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &vmovdqa        (&QWP(0+16*$Xi,"esp"),@X[$Xi&7]);       # X[]+K xfer to IALU
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       foreach (@insns) { eval; }
+  $Xi++;
+}
+
+sub Xtail_avx()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+       foreach (@insns) { eval; }
+}
+
+&set_label("loop",16);
+       &Xupdate_avx_16_31(\&body_00_19);
+       &Xupdate_avx_16_31(\&body_00_19);
+       &Xupdate_avx_16_31(\&body_00_19);
+       &Xupdate_avx_16_31(\&body_00_19);
+       &Xupdate_avx_32_79(\&body_00_19);
+       &Xupdate_avx_32_79(\&body_20_39);
+       &Xupdate_avx_32_79(\&body_20_39);
+       &Xupdate_avx_32_79(\&body_20_39);
+       &Xupdate_avx_32_79(\&body_20_39);
+       &Xupdate_avx_32_79(\&body_20_39);
+       &Xupdate_avx_32_79(\&body_40_59);
+       &Xupdate_avx_32_79(\&body_40_59);
+       &Xupdate_avx_32_79(\&body_40_59);
+       &Xupdate_avx_32_79(\&body_40_59);
+       &Xupdate_avx_32_79(\&body_40_59);
+       &Xupdate_avx_32_79(\&body_20_39);
+       &Xuplast_avx_80(\&body_20_39);  # can jump to "done"
+
+                               $saved_j=$j; @saved_V=@V;
+
+       &Xloop_avx(\&body_20_39);
+       &Xloop_avx(\&body_20_39);
+       &Xloop_avx(\&body_20_39);
+
+       &mov    (@T[1],&DWP(192,"esp"));        # update context
+       &add    ($A,&DWP(0,@T[1]));
+       &add    (@T[0],&DWP(4,@T[1]));          # $b
+       &add    ($C,&DWP(8,@T[1]));
+       &mov    (&DWP(0,@T[1]),$A);
+       &add    ($D,&DWP(12,@T[1]));
+       &mov    (&DWP(4,@T[1]),@T[0]);
+       &add    ($E,&DWP(16,@T[1]));
+       &mov    (&DWP(8,@T[1]),$C);
+       &mov    ($B,@T[0]);
+       &mov    (&DWP(12,@T[1]),$D);
+       &mov    (&DWP(16,@T[1]),$E);
+
+       &jmp    (&label("loop"));
+
+&set_label("done",16);         $j=$saved_j; @V=@saved_V;
+
+       &Xtail_avx(\&body_20_39);
+       &Xtail_avx(\&body_20_39);
+       &Xtail_avx(\&body_20_39);
+
+       &vzeroall();
+
+       &mov    (@T[1],&DWP(192,"esp"));        # update context
+       &add    ($A,&DWP(0,@T[1]));
+       &mov    ("esp",&DWP(192+12,"esp"));     # restore %esp
+       &add    (@T[0],&DWP(4,@T[1]));          # $b
+       &add    ($C,&DWP(8,@T[1]));
+       &mov    (&DWP(0,@T[1]),$A);
+       &add    ($D,&DWP(12,@T[1]));
+       &mov    (&DWP(4,@T[1]),@T[0]);
+       &add    ($E,&DWP(16,@T[1]));
+       &mov    (&DWP(8,@T[1]),$C);
+       &mov    (&DWP(12,@T[1]),$D);
+       &mov    (&DWP(16,@T[1]),$E);
+&function_end("_sha1_block_data_order_avx");
+}
+&set_label("K_XX_XX",64);
+&data_word(0x5a827999,0x5a827999,0x5a827999,0x5a827999);       # K_00_19
+&data_word(0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1);       # K_20_39
+&data_word(0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc);       # K_40_59
+&data_word(0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6);       # K_60_79
+&data_word(0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f);       # pbswap mask
+}
 &asciz("SHA1 block transform for x86, CRYPTOGAMS by <appro\@openssl.org>");
 
 &asm_finish();

diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-armv4-large.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-armv4-large.pl
index 79e3f61..33da3e0 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-armv4-large.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-armv4-large.pl
@@ -47,6 +47,10 @@
 # Cortex A8 core and in absolute terms ~870 cycles per input block
 # [or 13.6 cycles per byte].
 
+# February 2011.
+#
+# Profiler-assisted and platform-specific optimization resulted in 10%
+# improvement on Cortex A8 core and 12.2 cycles per byte.
 
 while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
 open STDOUT,">$output";
@@ -76,31 +80,41 @@ $code.=<<___;
        add     $e,$K,$e,ror#2                  @ E+=K_xx_xx
        ldr     $t3,[$Xi,#2*4]
        eor     $t0,$t0,$t1
-       eor     $t2,$t2,$t3
+       eor     $t2,$t2,$t3                     @ 1 cycle stall
        eor     $t1,$c,$d                       @ F_xx_xx
        mov     $t0,$t0,ror#31
        add     $e,$e,$a,ror#27                 @ E+=ROR(A,27)
        eor     $t0,$t0,$t2,ror#31
+       str     $t0,[$Xi,#-4]!
        $opt1                                   @ F_xx_xx
        $opt2                                   @ F_xx_xx
        add     $e,$e,$t0                       @ E+=X[i]
-       str     $t0,[$Xi,#-4]!
 ___
 }
 
 sub BODY_00_15 {
 my ($a,$b,$c,$d,$e)=@_;
 $code.=<<___;
-       ldrb    $t0,[$inp],#4
-       ldrb    $t1,[$inp,#-1]
-       ldrb    $t2,[$inp,#-2]
+#if __ARM_ARCH__<7
+       ldrb    $t1,[$inp,#2]
+       ldrb    $t0,[$inp,#3]
+       ldrb    $t2,[$inp,#1]
        add     $e,$K,$e,ror#2                  @ E+=K_00_19
-       ldrb    $t3,[$inp,#-3]
+       ldrb    $t3,[$inp],#4
+       orr     $t0,$t0,$t1,lsl#8
+       eor     $t1,$c,$d                       @ F_xx_xx
+       orr     $t0,$t0,$t2,lsl#16
        add     $e,$e,$a,ror#27                 @ E+=ROR(A,27)
-       orr     $t0,$t1,$t0,lsl#24
+       orr     $t0,$t0,$t3,lsl#24
+#else
+       ldr     $t0,[$inp],#4                   @ handles unaligned
+       add     $e,$K,$e,ror#2                  @ E+=K_00_19
        eor     $t1,$c,$d                       @ F_xx_xx
-       orr     $t0,$t0,$t2,lsl#8
-       orr     $t0,$t0,$t3,lsl#16
+       add     $e,$e,$a,ror#27                 @ E+=ROR(A,27)
+#ifdef __ARMEL__
+       rev     $t0,$t0                         @ byte swap
+#endif
+#endif
        and     $t1,$b,$t1,ror#2
        add     $e,$e,$t0                       @ E+=X[i]
        eor     $t1,$t1,$d,ror#2                @ F_00_19(B,C,D)
@@ -136,6 +150,8 @@ ___
 }
 
 $code=<<___;
+#include "arm_arch.h"
+
 .text
 
 .global        sha1_block_data_order
@@ -161,7 +177,7 @@ for($i=0;$i<5;$i++) {
 $code.=<<___;
        teq     $Xi,sp
        bne     .L_00_15                @ [((11+4)*5+2)*3]
-       sub     sp,sp,#5*4
+       sub     sp,sp,#25*4
 ___
        &BODY_00_15(@V);        unshift(@V,pop(@V));
        &BODY_16_19(@V);        unshift(@V,pop(@V));
@@ -171,7 +187,6 @@ ___
 $code.=<<___;
 
        ldr     $K,.LK_20_39            @ [+15+16*4]
-       sub     sp,sp,#20*4
        cmn     sp,#0                   @ [+3], clear carry to denote 20_39
 .L_20_39_or_60_79:
 ___
@@ -210,10 +225,14 @@ $code.=<<___;
        teq     $inp,$len
        bne     .Lloop                  @ [+18], total 1307
 
+#if __ARM_ARCH__>=5
+       ldmia   sp!,{r4-r12,pc}
+#else
        ldmia   sp!,{r4-r12,lr}
        tst     lr,#1
        moveq   pc,lr                   @ be binary compatible with V4, yet
        bx      lr                      @ interoperable with Thumb ISA:-)
+#endif
 .align 2
 .LK_00_19:     .word   0x5a827999
 .LK_20_39:     .word   0x6ed9eba1

diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-ia64.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-ia64.pl
index 51c4f47..02d35d1 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-ia64.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-ia64.pl
@@ -15,7 +15,7 @@
 # is >50% better than HP C and >2x better than gcc.
 
 $code=<<___;
-.ident  \"sha1-ia64.s, version 1.2\"
+.ident  \"sha1-ia64.s, version 1.3\"
 .ident  \"IA-64 ISA artwork by Andy Polyakov <appro\@fy.chalmers.se>\"
 .explicit
 
@@ -26,14 +26,10 @@ if ($^O eq "hpux") {
     $ADDP="addp4";
     for (@ARGV) { $ADDP="add" if (/[\+DD|\-mlp]64/); }
 } else { $ADDP="add"; }
-for (@ARGV) {  $big_endian=1 if (/\-DB_ENDIAN/);
-               $big_endian=0 if (/\-DL_ENDIAN/);   }
-if (!defined($big_endian))
-           {   $big_endian=(unpack('L',pack('N',1))==1);   }
 
 #$human=1;
 if ($human) {  # useful for visual code auditing...
-       ($A,$B,$C,$D,$E,$T)   = ("A","B","C","D","E","T");
+       ($A,$B,$C,$D,$E)   = ("A","B","C","D","E");
        ($h0,$h1,$h2,$h3,$h4) = ("h0","h1","h2","h3","h4");
        ($K_00_19, $K_20_39, $K_40_59, $K_60_79) =
            (   "K_00_19","K_20_39","K_40_59","K_60_79" );
@@ -41,47 +37,50 @@ if ($human) {       # useful for visual code auditing...
                "X8", "X9","X10","X11","X12","X13","X14","X15"  );
 }
 else {
-       ($A,$B,$C,$D,$E,$T)   = ("loc0","loc1","loc2","loc3","loc4","loc5");
-       ($h0,$h1,$h2,$h3,$h4) = ("loc6","loc7","loc8","loc9","loc10");
+       ($A,$B,$C,$D,$E)   =    ("loc0","loc1","loc2","loc3","loc4");
+       ($h0,$h1,$h2,$h3,$h4) = ("loc5","loc6","loc7","loc8","loc9");
        ($K_00_19, $K_20_39, $K_40_59, $K_60_79) =
-           (   "r14", "r15", "loc11", "loc12"  );
+           (   "r14", "r15", "loc10", "loc11"  );
        @X= (   "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23",
                "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31"  );
 }
 
 sub BODY_00_15 {
 local  *code=shift;
-local  ($i,$a,$b,$c,$d,$e,$f)=@_;
+my     ($i,$a,$b,$c,$d,$e)=@_;
+my     $j=$i+1;
+my     $Xn=@X[$j%16];
 
 $code.=<<___ if ($i==0);
-{ .mmi;        ld1     $X[$i&0xf]=[inp],2          // MSB
+{ .mmi;        ld1     $X[$i]=[inp],2              // MSB
        ld1     tmp2=[tmp3],2           };;
 { .mmi;        ld1     tmp0=[inp],2
        ld1     tmp4=[tmp3],2               // LSB
-       dep     $X[$i&0xf]=$X[$i&0xf],tmp2,8,8  };;
+       dep     $X[$i]=$X[$i],tmp2,8,8  };;
 ___
 if ($i<15) {
        $code.=<<___;
-{ .mmi;        ld1     $X[($i+1)&0xf]=[inp],2      // +1
+{ .mmi;        ld1     $Xn=[inp],2                 // forward Xload
+       nop.m   0x0
        dep     tmp1=tmp0,tmp4,8,8      };;
-{ .mmi;        ld1     tmp2=[tmp3],2               // +1
+{ .mmi;        ld1     tmp2=[tmp3],2               // forward Xload
        and     tmp4=$c,$b
-       dep     $X[$i&0xf]=$X[$i&0xf],tmp1,16,16        } //;;
-{ .mmi;        andcm   tmp1=$d,$b
-       add     tmp0=$e,$K_00_19
+       dep     $X[$i]=$X[$i],tmp1,16,16} //;;
+{ .mmi;        add     $e=$e,$K_00_19              // e+=K_00_19
+       andcm   tmp1=$d,$b
        dep.z   tmp5=$a,5,27            };; // a<<5
-{ .mmi;        or      tmp4=tmp4,tmp1              // F_00_19(b,c,d)=(b&c)|(~b&d)
-       add     $f=tmp0,$X[$i&0xf]          // f=xi+e+K_00_19
+{ .mmi;        add     $e=$e,$X[$i]                // e+=Xload
+       or      tmp4=tmp4,tmp1              // F_00_19(b,c,d)=(b&c)|(~b&d)
        extr.u  tmp1=$a,27,5            };; // a>>27
-{ .mmi;        ld1     tmp0=[inp],2                // +1
-       add     $f=$f,tmp4                  // f+=F_00_19(b,c,d)
+{ .mmi;        ld1     tmp0=[inp],2                // forward Xload
+       add     $e=$e,tmp4                  // e+=F_00_19(b,c,d)
        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30)
-{ .mmi;        ld1     tmp4=[tmp3],2               // +1
+{ .mmi;        ld1     tmp4=[tmp3],2               // forward Xload
        or      tmp5=tmp1,tmp5              // ROTATE(a,5)
        mux2    tmp6=$a,0x44            };; // see b in next iteration
-{ .mii;        add     $f=$f,tmp5                  // f+=ROTATE(a,5)
-       dep     $X[($i+1)&0xf]=$X[($i+1)&0xf],tmp2,8,8  // +1
-       mux2    $X[$i&0xf]=$X[$i&0xf],0x44      } //;;
+{ .mii;        add     $e=$e,tmp5                  // e+=ROTATE(a,5)
+       dep     $Xn=$Xn,tmp2,8,8            // forward Xload
+       mux2    $X[$i]=$X[$i],0x44      } //;;
 
 ___
        }
@@ -89,24 +88,24 @@ else        {
        $code.=<<___;
 { .mii;        and     tmp3=$c,$b
        dep     tmp1=tmp0,tmp4,8,8;;
-       dep     $X[$i&0xf]=$X[$i&0xf],tmp1,16,16        } //;;
-{ .mmi;        andcm   tmp1=$d,$b
-       add     tmp0=$e,$K_00_19
+       dep     $X[$i]=$X[$i],tmp1,16,16} //;;
+{ .mmi;        add     $e=$e,$K_00_19              // e+=K_00_19
+       andcm   tmp1=$d,$b
        dep.z   tmp5=$a,5,27            };; // a<<5
-{ .mmi;        or      tmp4=tmp3,tmp1              // F_00_19(b,c,d)=(b&c)|(~b&d)
-       add     $f=tmp0,$X[$i&0xf]          // f=xi+e+K_00_19
+{ .mmi;        add     $e=$e,$X[$i]                // e+=Xupdate
+       or      tmp4=tmp3,tmp1              // F_00_19(b,c,d)=(b&c)|(~b&d)
        extr.u  tmp1=$a,27,5            }   // a>>27
-{ .mmi;        xor     tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]  // +1
-       xor     tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
+{ .mmi;        xor     $Xn=$Xn,$X[($j+2)%16]       // forward Xupdate
+       xor     tmp3=$X[($j+8)%16],$X[($j+13)%16] // forward Xupdate
        nop.i   0                       };;
-{ .mmi;        add     $f=$f,tmp4                  // f+=F_00_19(b,c,d)
-       xor     tmp2=tmp2,tmp3              // +1
+{ .mmi;        add     $e=$e,tmp4                  // e+=F_00_19(b,c,d)
+       xor     $Xn=$Xn,tmp3                // forward Xupdate
        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30)
 { .mmi; or     tmp1=tmp1,tmp5              // ROTATE(a,5)
        mux2    tmp6=$a,0x44            };; // see b in next iteration
-{ .mii;        add     $f=$f,tmp1                  // f+=ROTATE(a,5)
-       shrp    $e=tmp2,tmp2,31             // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)
-       mux2    $X[$i&0xf]=$X[$i&0xf],0x44  };;
+{ .mii;        add     $e=$e,tmp1                  // e+=ROTATE(a,5)
+       shrp    $Xn=$Xn,$Xn,31              // ROTATE(x[0]^x[2]^x[8]^x[13],1)
+       mux2    $X[$i]=$X[$i],0x44      };;
 
 ___
        }
@@ -114,27 +113,28 @@ ___
 
 sub BODY_16_19 {
 local  *code=shift;
-local  ($i,$a,$b,$c,$d,$e,$f)=@_;
+my     ($i,$a,$b,$c,$d,$e)=@_;
+my     $j=$i+1;
+my     $Xn=@X[$j%16];
 
 $code.=<<___;
-{ .mmi;        mov     $X[$i&0xf]=$f               // Xupdate
-       and     tmp0=$c,$b
+{ .mib;        add     $e=$e,$K_00_19              // e+=K_00_19
        dep.z   tmp5=$a,5,27            }   // a<<5
-{ .mmi;        andcm   tmp1=$d,$b
-       add     tmp4=$e,$K_00_19        };;
-{ .mmi;        or      tmp0=tmp0,tmp1              // F_00_19(b,c,d)=(b&c)|(~b&d)
-       add     $f=$f,tmp4                  // f+=e+K_00_19
+{ .mib;        andcm   tmp1=$d,$b
+       and     tmp0=$c,$b              };;
+{ .mmi;        add     $e=$e,$X[$i%16]             // e+=Xupdate
+       or      tmp0=tmp0,tmp1              // F_00_19(b,c,d)=(b&c)|(~b&d)
        extr.u  tmp1=$a,27,5            }   // a>>27
-{ .mmi;        xor     tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]  // +1
-       xor     tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
+{ .mmi;        xor     $Xn=$Xn,$X[($j+2)%16]       // forward Xupdate
+       xor     tmp3=$X[($j+8)%16],$X[($j+13)%16]       // forward Xupdate
        nop.i   0                       };;
-{ .mmi;        add     $f=$f,tmp0                  // f+=F_00_19(b,c,d)
-       xor     tmp2=tmp2,tmp3              // +1
+{ .mmi;        add     $e=$e,tmp0                  // f+=F_00_19(b,c,d)
+       xor     $Xn=$Xn,tmp3                // forward Xupdate
        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30)
 { .mmi;        or      tmp1=tmp1,tmp5              // ROTATE(a,5)
        mux2    tmp6=$a,0x44            };; // see b in next iteration
-{ .mii;        add     $f=$f,tmp1                  // f+=ROTATE(a,5)
-       shrp    $e=tmp2,tmp2,31             // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)
+{ .mii;        add     $e=$e,tmp1                  // e+=ROTATE(a,5)
+       shrp    $Xn=$Xn,$Xn,31              // ROTATE(x[0]^x[2]^x[8]^x[13],1)
        nop.i   0                       };;
 
 ___
@@ -142,49 +142,47 @@ ___
 
 sub BODY_20_39 {
 local  *code=shift;
-local  ($i,$a,$b,$c,$d,$e,$f,$Konst)=@_;
+my     ($i,$a,$b,$c,$d,$e,$Konst)=@_;
        $Konst = $K_20_39 if (!defined($Konst));
+my     $j=$i+1;
+my     $Xn=@X[$j%16];
 
 if ($i<79) {
 $code.=<<___;
-{ .mib;        mov     $X[$i&0xf]=$f               // Xupdate
+{ .mib;        add     $e=$e,$Konst                // e+=K_XX_XX
        dep.z   tmp5=$a,5,27            }   // a<<5
 { .mib;        xor     tmp0=$c,$b
-       add     tmp4=$e,$Konst          };;
-{ .mmi;        xor     tmp0=tmp0,$d                // F_20_39(b,c,d)=b^c^d
-       add     $f=$f,tmp4                  // f+=e+K_20_39
+       xor     $Xn=$Xn,$X[($j+2)%16]   };; // forward Xupdate
+{ .mib;        add     $e=$e,$X[$i%16]             // e+=Xupdate
        extr.u  tmp1=$a,27,5            }   // a>>27
-{ .mmi;        xor     tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]  // +1
-       xor     tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
-       nop.i   0                       };;
-{ .mmi;        add     $f=$f,tmp0                  // f+=F_20_39(b,c,d)
-       xor     tmp2=tmp2,tmp3              // +1
+{ .mib;        xor     tmp0=tmp0,$d                // F_20_39(b,c,d)=b^c^d
+       xor     $Xn=$Xn,$X[($j+8)%16]   };; // forward Xupdate
+{ .mmi;        add     $e=$e,tmp0                  // e+=F_20_39(b,c,d)
+       xor     $Xn=$Xn,$X[($j+13)%16]      // forward Xupdate
        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30)
 { .mmi;        or      tmp1=tmp1,tmp5              // ROTATE(a,5)
        mux2    tmp6=$a,0x44            };; // see b in next iteration
-{ .mii;        add     $f=$f,tmp1                  // f+=ROTATE(a,5)
-       shrp    $e=tmp2,tmp2,31             // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)
+{ .mii;        add     $e=$e,tmp1                  // e+=ROTATE(a,5)
+       shrp    $Xn=$Xn,$Xn,31              // ROTATE(x[0]^x[2]^x[8]^x[13],1)
        nop.i   0                       };;
 
 ___
 }
 else {
 $code.=<<___;
-{ .mib;        mov     $X[$i&0xf]=$f               // Xupdate
+{ .mib;        add     $e=$e,$Konst                // e+=K_60_79
        dep.z   tmp5=$a,5,27            }   // a<<5
 { .mib;        xor     tmp0=$c,$b
-       add     tmp4=$e,$Konst          };;
-{ .mib;        xor     tmp0=tmp0,$d                // F_20_39(b,c,d)=b^c^d
-       extr.u  tmp1=$a,27,5            }   // a>>27
-{ .mib;        add     $f=$f,tmp4                  // f+=e+K_20_39
        add     $h1=$h1,$a              };; // wrap up
-{ .mmi;        add     $f=$f,tmp0                  // f+=F_20_39(b,c,d)
-       shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30) ;;?
-{ .mmi;        or      tmp1=tmp1,tmp5              // ROTATE(a,5)
+{ .mib;        add     $e=$e,$X[$i%16]             // e+=Xupdate
+       extr.u  tmp1=$a,27,5            }   // a>>27
+{ .mib;        xor     tmp0=tmp0,$d                // F_20_39(b,c,d)=b^c^d
        add     $h3=$h3,$c              };; // wrap up
-{ .mib;        add     tmp3=1,inp                  // used in unaligned codepath
-       add     $f=$f,tmp1              }   // f+=ROTATE(a,5)
-{ .mib;        add     $h2=$h2,$b                  // wrap up
+{ .mmi;        add     $e=$e,tmp0                  // e+=F_20_39(b,c,d)
+       or      tmp1=tmp1,tmp5              // ROTATE(a,5)
+       shrp    $b=tmp6,tmp6,2          };; // b=ROTATE(b,30) ;;?
+{ .mmi;        add     $e=$e,tmp1                  // e+=ROTATE(a,5)
+       add     tmp3=1,inp                  // used in unaligned codepath
        add     $h4=$h4,$d              };; // wrap up
 
 ___
@@ -193,29 +191,29 @@ ___
 
 sub BODY_40_59 {
 local  *code=shift;
-local  ($i,$a,$b,$c,$d,$e,$f)=@_;
+my     ($i,$a,$b,$c,$d,$e)=@_;
+my     $j=$i+1;
+my     $Xn=@X[$j%16];
 
 $code.=<<___;
-{ .mmi;        mov     $X[$i&0xf]=$f               // Xupdate
-       and     tmp0=$c,$b
+{ .mib;        add     $e=$e,$K_40_59              // e+=K_40_59
        dep.z   tmp5=$a,5,27            }   // a<<5
-{ .mmi;        and     tmp1=$d,$b
-       add     tmp4=$e,$K_40_59        };;
-{ .mmi;        or      tmp0=tmp0,tmp1              // (b&c)|(b&d)
-       add     $f=$f,tmp4                  // f+=e+K_40_59
+{ .mib;        and     tmp1=$c,$d
+       xor     tmp0=$c,$d              };;
+{ .mmi;        add     $e=$e,$X[$i%16]             // e+=Xupdate
+       add     tmp5=tmp5,tmp1              // a<<5+(c&d)
        extr.u  tmp1=$a,27,5            }   // a>>27
-{ .mmi;        and     tmp4=$c,$d
-       xor     tmp2=$X[($i+0+1)&0xf],$X[($i+2+1)&0xf]  // +1
-       xor     tmp3=$X[($i+8+1)&0xf],$X[($i+13+1)&0xf] // +1
-       };;
-{ .mmi;        or      tmp1=tmp1,tmp5              // ROTATE(a,5)
-       xor     tmp2=tmp2,tmp3              // +1
+{ .mmi;        and     tmp0=tmp0,$b
+       xor     $Xn=$Xn,$X[($j+2)%16]       // forward Xupdate
+       xor     tmp3=$X[($j+8)%16],$X[($j+13)%16] };;   // forward Xupdate
+{ .mmi;        add     $e=$e,tmp0                  // e+=b&(c^d)
+       add     tmp5=tmp5,tmp1              // ROTATE(a,5)+(c&d)
        shrp    $b=tmp6,tmp6,2          }   // b=ROTATE(b,30)
-{ .mmi;        or      tmp0=tmp0,tmp4              // F_40_59(b,c,d)=(b&c)|(b&d)|(c&d)
+{ .mmi;        xor     $Xn=$Xn,tmp3
        mux2    tmp6=$a,0x44            };; // see b in next iteration
-{ .mii;        add     $f=$f,tmp0                  // f+=F_40_59(b,c,d)
-       shrp    $e=tmp2,tmp2,31;;           // f+1=ROTATE(x[0]^x[2]^x[8]^x[13],1)
-       add     $f=$f,tmp1              };; // f+=ROTATE(a,5)
+{ .mii;        add     $e=$e,tmp5                  // e+=ROTATE(a,5)+(c&d)
+       shrp    $Xn=$Xn,$Xn,31              // ROTATE(x[0]^x[2]^x[8]^x[13],1)
+       nop.i   0x0                     };;
 
 ___
 }
@@ -237,7 +235,7 @@ inp=r33;    // in1
 .align 32
 sha1_block_data_order:
        .prologue
-{ .mmi;        alloc   tmp1=ar.pfs,3,15,0,0
+{ .mmi;        alloc   tmp1=ar.pfs,3,14,0,0
        $ADDP   tmp0=4,ctx
        .save   ar.lc,r3
        mov     r3=ar.lc                }
@@ -245,8 +243,8 @@ sha1_block_data_order:
        $ADDP   inp=0,inp
        mov     r2=pr                   };;
 tmp4=in2;
-tmp5=loc13;
-tmp6=loc14;
+tmp5=loc12;
+tmp6=loc13;
        .body
 { .mlx;        ld4     $h0=[ctx],8
        movl    $K_00_19=0x5a827999     }
@@ -273,7 +271,8 @@ tmp6=loc14;
 
 ___
 
-{ my $i,@V=($A,$B,$C,$D,$E,$T);
+{ my $i;
+  my @V=($A,$B,$C,$D,$E);
 
        for($i=0;$i<16;$i++)    { &BODY_00_15(\$code,$i,@V); unshift(@V,pop(@V)); }
        for(;$i<20;$i++)        { &BODY_16_19(\$code,$i,@V); unshift(@V,pop(@V)); }
@@ -281,12 +280,12 @@ ___
        for(;$i<60;$i++)        { &BODY_40_59(\$code,$i,@V); unshift(@V,pop(@V)); }
        for(;$i<80;$i++)        { &BODY_60_79(\$code,$i,@V); unshift(@V,pop(@V)); }
 
-       (($V[5] eq $D) and ($V[0] eq $E)) or die;       # double-check
+       (($V[0] eq $A) and ($V[4] eq $E)) or die;       # double-check
 }
 
 $code.=<<___;
-{ .mmb;        add     $h0=$h0,$E
-       nop.m   0
+{ .mmb;        add     $h0=$h0,$A
+       add     $h2=$h2,$C
        br.ctop.dptk.many       .Ldtop  };;
 .Ldend:
 { .mmi;        add     tmp0=4,ctx

diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-ppc.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-ppc.pl
old mode 100644 (file)
new mode 100755 (executable)
index dcd0fcd..2140dd2
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-ppc.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-ppc.pl
@@ -24,12 +24,14 @@ $flavour = shift;
 
 if ($flavour =~ /64/) {
        $SIZE_T =8;
+       $LRSAVE =2*$SIZE_T;
        $UCMP   ="cmpld";
        $STU    ="stdu";
        $POP    ="ld";
        $PUSH   ="std";
 } elsif ($flavour =~ /32/) {
        $SIZE_T =4;
+       $LRSAVE =$SIZE_T;
        $UCMP   ="cmplw";
        $STU    ="stwu";
        $POP    ="lwz";
@@ -43,7 +45,8 @@ die "can't locate ppc-xlate.pl";
 
 open STDOUT,"| $^X $xlate $flavour ".shift || die "can't call $xlate: $!";
 
-$FRAME=24*$SIZE_T;
+$FRAME=24*$SIZE_T+64;
+$LOCALS=6*$SIZE_T;
 
 $K  ="r0";
 $sp ="r1";
@@ -162,9 +165,8 @@ $code=<<___;
 .globl .sha1_block_data_order
 .align 4
 .sha1_block_data_order:
+       $STU    $sp,-$FRAME($sp)
        mflr    r0
-       $STU    $sp,`-($FRAME+64)`($sp)
-       $PUSH   r0,`$FRAME-$SIZE_T*18`($sp)
        $PUSH   r15,`$FRAME-$SIZE_T*17`($sp)
        $PUSH   r16,`$FRAME-$SIZE_T*16`($sp)
        $PUSH   r17,`$FRAME-$SIZE_T*15`($sp)
@@ -182,6 +184,7 @@ $code=<<___;
        $PUSH   r29,`$FRAME-$SIZE_T*3`($sp)
        $PUSH   r30,`$FRAME-$SIZE_T*2`($sp)
        $PUSH   r31,`$FRAME-$SIZE_T*1`($sp)
+       $PUSH   r0,`$FRAME+$LRSAVE`($sp)
        lwz     $A,0($ctx)
        lwz     $B,4($ctx)
        lwz     $C,8($ctx)
@@ -192,37 +195,14 @@ $code=<<___;
 Laligned:
        mtctr   $num
        bl      Lsha1_block_private
-Ldone:
-       $POP    r0,`$FRAME-$SIZE_T*18`($sp)
-       $POP    r15,`$FRAME-$SIZE_T*17`($sp)
-       $POP    r16,`$FRAME-$SIZE_T*16`($sp)
-       $POP    r17,`$FRAME-$SIZE_T*15`($sp)
-       $POP    r18,`$FRAME-$SIZE_T*14`($sp)
-       $POP    r19,`$FRAME-$SIZE_T*13`($sp)
-       $POP    r20,`$FRAME-$SIZE_T*12`($sp)
-       $POP    r21,`$FRAME-$SIZE_T*11`($sp)
-       $POP    r22,`$FRAME-$SIZE_T*10`($sp)
-       $POP    r23,`$FRAME-$SIZE_T*9`($sp)
-       $POP    r24,`$FRAME-$SIZE_T*8`($sp)
-       $POP    r25,`$FRAME-$SIZE_T*7`($sp)
-       $POP    r26,`$FRAME-$SIZE_T*6`($sp)
-       $POP    r27,`$FRAME-$SIZE_T*5`($sp)
-       $POP    r28,`$FRAME-$SIZE_T*4`($sp)
-       $POP    r29,`$FRAME-$SIZE_T*3`($sp)
-       $POP    r30,`$FRAME-$SIZE_T*2`($sp)
-       $POP    r31,`$FRAME-$SIZE_T*1`($sp)
-       mtlr    r0
-       addi    $sp,$sp,`$FRAME+64`
-       blr
-___
+       b       Ldone
 
-# PowerPC specification allows an implementation to be ill-behaved
-# upon unaligned access which crosses page boundary. "Better safe
-# than sorry" principle makes me treat it specially. But I don't
-# look for particular offending word, but rather for 64-byte input
-# block which crosses the boundary. Once found that block is aligned
-# and hashed separately...
-$code.=<<___;
+; PowerPC specification allows an implementation to be ill-behaved
+; upon unaligned access which crosses page boundary. "Better safe
+; than sorry" principle makes me treat it specially. But I don't
+; look for particular offending word, but rather for 64-byte input
+; block which crosses the boundary. Once found that block is aligned
+; and hashed separately...
 .align 4
 Lunaligned:
        subfic  $t1,$inp,4096
@@ -237,7 +217,7 @@ Lunaligned:
 Lcross_page:
        li      $t1,16
        mtctr   $t1
-       addi    r20,$sp,$FRAME  ; spot below the frame
+       addi    r20,$sp,$LOCALS ; spot within the frame
 Lmemcpy:
        lbz     r16,0($inp)
        lbz     r17,1($inp)
@@ -251,15 +231,40 @@ Lmemcpy:
        addi    r20,r20,4
        bdnz    Lmemcpy
 
-       $PUSH   $inp,`$FRAME-$SIZE_T*19`($sp)
+       $PUSH   $inp,`$FRAME-$SIZE_T*18`($sp)
        li      $t1,1
-       addi    $inp,$sp,$FRAME
+       addi    $inp,$sp,$LOCALS
        mtctr   $t1
        bl      Lsha1_block_private
-       $POP    $inp,`$FRAME-$SIZE_T*19`($sp)
+       $POP    $inp,`$FRAME-$SIZE_T*18`($sp)
        addic.  $num,$num,-1
        bne-    Lunaligned
-       b       Ldone
+
+Ldone:
+       $POP    r0,`$FRAME+$LRSAVE`($sp)
+       $POP    r15,`$FRAME-$SIZE_T*17`($sp)
+       $POP    r16,`$FRAME-$SIZE_T*16`($sp)
+       $POP    r17,`$FRAME-$SIZE_T*15`($sp)
+       $POP    r18,`$FRAME-$SIZE_T*14`($sp)
+       $POP    r19,`$FRAME-$SIZE_T*13`($sp)
+       $POP    r20,`$FRAME-$SIZE_T*12`($sp)
+       $POP    r21,`$FRAME-$SIZE_T*11`($sp)
+       $POP    r22,`$FRAME-$SIZE_T*10`($sp)
+       $POP    r23,`$FRAME-$SIZE_T*9`($sp)
+       $POP    r24,`$FRAME-$SIZE_T*8`($sp)
+       $POP    r25,`$FRAME-$SIZE_T*7`($sp)
+       $POP    r26,`$FRAME-$SIZE_T*6`($sp)
+       $POP    r27,`$FRAME-$SIZE_T*5`($sp)
+       $POP    r28,`$FRAME-$SIZE_T*4`($sp)
+       $POP    r29,`$FRAME-$SIZE_T*3`($sp)
+       $POP    r30,`$FRAME-$SIZE_T*2`($sp)
+       $POP    r31,`$FRAME-$SIZE_T*1`($sp)
+       mtlr    r0
+       addi    $sp,$sp,$FRAME
+       blr
+       .long   0
+       .byte   0,12,4,1,0x80,18,3,0
+       .long   0
 ___
 
 # This is private block function, which uses tailored calling
@@ -309,6 +314,8 @@ $code.=<<___;
        addi    $inp,$inp,`16*4`
        bdnz-   Lsha1_block_private
        blr
+       .long   0
+       .byte   0,12,0x14,0,0,0,0,0
 ___
 $code.=<<___;
 .asciz "SHA1 block transform for PPC, CRYPTOGAMS by <appro\@fy.chalmers.se>"

diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-s390x.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-s390x.pl
index 4b17848..9193dda 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-s390x.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-s390x.pl
@@ -21,9 +21,28 @@
 # instructions to favour dual-issue z10 pipeline. On z10 hardware is
 # "only" ~2.3x faster than software.
 
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific.
+
 $kimdfunc=1;   # magic function code for kimd instruction
 
-$output=shift;
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+       $SIZE_T=4;
+       $g="";
+} else {
+       $SIZE_T=8;
+       $g="g";
+}
+
+while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
 open STDOUT,">$output";
 
 $K_00_39="%r0"; $K=$K_00_39;
@@ -42,13 +61,14 @@ $t1="%r11";
 @X=("%r12","%r13","%r14");
 $sp="%r15";
 
-$frame=160+16*4;
+$stdframe=16*$SIZE_T+4*8;
+$frame=$stdframe+16*4;
 
 sub Xupdate {
 my $i=shift;
 
 $code.=<<___ if ($i==15);
-       lg      $prefetch,160($sp)      ### Xupdate(16) warm-up
+       lg      $prefetch,$stdframe($sp)        ### Xupdate(16) warm-up
        lr      $X[0],$X[2]
 ___
 return if ($i&1);      # Xupdate is vectorized and executed every 2nd cycle
@@ -58,8 +78,8 @@ $code.=<<___ if ($i<16);
 ___
 $code.=<<___ if ($i>=16);
        xgr     $X[0],$prefetch         ### Xupdate($i)
-       lg      $prefetch,`160+4*(($i+2)%16)`($sp)
-       xg      $X[0],`160+4*(($i+8)%16)`($sp)
+       lg      $prefetch,`$stdframe+4*(($i+2)%16)`($sp)
+       xg      $X[0],`$stdframe+4*(($i+8)%16)`($sp)
        xgr     $X[0],$prefetch
        rll     $X[0],$X[0],1
        rllg    $X[1],$X[0],32
@@ -68,7 +88,7 @@ $code.=<<___ if ($i>=16);
        lr      $X[2],$X[1]             # feedback
 ___
 $code.=<<___ if ($i<=70);
-       stg     $X[0],`160+4*($i%16)`($sp)
+       stg     $X[0],`$stdframe+4*($i%16)`($sp)
 ___
 unshift(@X,pop(@X));
 }
@@ -148,9 +168,9 @@ $code.=<<___ if ($kimdfunc);
        tmhl    %r0,0x4000      # check for message-security assist
        jz      .Lsoftware
        lghi    %r0,0
-       la      %r1,16($sp)
+       la      %r1,`2*$SIZE_T`($sp)
        .long   0xb93e0002      # kimd %r0,%r2
-       lg      %r0,16($sp)
+       lg      %r0,`2*$SIZE_T`($sp)
        tmhh    %r0,`0x8000>>$kimdfunc`
        jz      .Lsoftware
        lghi    %r0,$kimdfunc
@@ -165,11 +185,11 @@ $code.=<<___ if ($kimdfunc);
 ___
 $code.=<<___;
        lghi    %r1,-$frame
-       stg     $ctx,16($sp)
-       stmg    %r6,%r15,48($sp)
+       st${g}  $ctx,`2*$SIZE_T`($sp)
+       stm${g} %r6,%r15,`6*$SIZE_T`($sp)
        lgr     %r0,$sp
        la      $sp,0(%r1,$sp)
-       stg     %r0,0($sp)
+       st${g}  %r0,0($sp)
 
        larl    $t0,Ktable
        llgf    $A,0($ctx)
@@ -199,7 +219,7 @@ ___
 for (;$i<80;$i++)      { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
 $code.=<<___;
 
-       lg      $ctx,`$frame+16`($sp)
+       l${g}   $ctx,`$frame+2*$SIZE_T`($sp)
        la      $inp,64($inp)
        al      $A,0($ctx)
        al      $B,4($ctx)
@@ -211,13 +231,13 @@ $code.=<<___;
        st      $C,8($ctx)
        st      $D,12($ctx)
        st      $E,16($ctx)
-       brct    $len,.Lloop
+       brct${g} $len,.Lloop
 
-       lmg     %r6,%r15,`$frame+48`($sp)
+       lm${g}  %r6,%r15,`$frame+6*$SIZE_T`($sp)
        br      %r14
 .size  sha1_block_data_order,.-sha1_block_data_order
 .string        "SHA1 block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
-.comm  OPENSSL_s390xcap_P,8,8
+.comm  OPENSSL_s390xcap_P,16,8
 ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;

diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9a.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9a.pl
index 85e8d68..e65291b 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9a.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-sparcv9a.pl
@@ -549,7 +549,7 @@ ___
 # programmer detect if current CPU is VIS capable at run-time.
 sub unvis {
 my ($mnemonic,$rs1,$rs2,$rd)=@_;
-my $ref,$opf;
+my ($ref,$opf);
 my %visopf = ( "fmul8ulx16"    => 0x037,
                "faligndata"    => 0x048,
                "fpadd32"       => 0x052,

diff --git a/deps/openssl/openssl/crypto/sha/asm/sha1-x86_64.pl b/deps/openssl/openssl/crypto/sha/asm/sha1-x86_64.pl
index 4edc5ea..cfdc45c 100755 (executable)
--- a/deps/openssl/openssl/crypto/sha/asm/sha1-x86_64.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha1-x86_64.pl
@@ -16,7 +16,7 @@
 # There was suggestion to mechanically translate 32-bit code, but I
 # dismissed it, reasoning that x86_64 offers enough register bank
 # capacity to fully utilize SHA-1 parallelism. Therefore this fresh
-# implementation:-) However! While 64-bit code does performs better
+# implementation:-) However! While 64-bit code does perform better
 # on Opteron, I failed to beat 32-bit assembler on EM64T core. Well,
 # x86_64 does offer larger *addressable* bank, but out-of-order core
 # reaches for even more registers through dynamic aliasing, and EM64T
@@ -29,6 +29,38 @@
 # Xeon P4      +65%            +0%             9.9
 # Core2                +60%            +10%            7.0
 
+# August 2009.
+#
+# The code was revised to minimize code size and to maximize
+# "distance" between instructions producing input to 'lea'
+# instruction and the 'lea' instruction itself, which is essential
+# for Intel Atom core.
+
+# October 2010.
+#
+# Add SSSE3, Supplemental[!] SSE3, implementation. The idea behind it
+# is to offload message schedule denoted by Wt in NIST specification,
+# or Xupdate in OpenSSL source, to SIMD unit. See sha1-586.pl module
+# for background and implementation details. The only difference from
+# 32-bit code is that 64-bit code doesn't have to spill @X[] elements
+# to free temporary registers.
+
+# April 2011.
+#
+# Add AVX code path. See sha1-586.pl for further information.
+
+######################################################################
+# Current performance is summarized in following table. Numbers are
+# CPU clock cycles spent to process single byte (less is better).
+#
+#              x86_64          SSSE3           AVX
+# P4           9.8             -
+# Opteron      6.6             -
+# Core2                6.7             6.1/+10%        -
+# Atom         11.0            9.7/+13%        -
+# Westmere     7.1             5.6/+27%        -
+# Sandy Bridge 7.9             6.3/+25%        5.2/+51%
+
 $flavour = shift;
 $output  = shift;
 if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
@@ -40,7 +72,18 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+$avx=1 if (`$ENV{CC} -Wa,-v -c -o /dev/null -x assembler /dev/null 2>&1`
+               =~ /GNU assembler version ([2-9]\.[0-9]+)/ &&
+          $1>=2.19);
+$avx=1 if (!$avx && $win64 && ($flavour =~ /nasm/ || $ENV{ASM} =~ /nasm/) &&
+          `nasm -v 2>&1` =~ /NASM version ([2-9]\.[0-9]+)/ &&
+          $1>=2.09);
+$avx=1 if (!$avx && $win64 && ($flavour =~ /masm/ || $ENV{ASM} =~ /ml64/) &&
+          `ml64 2>&1` =~ /Version ([0-9]+)\./ &&
+          $1>=10);
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 $ctx="%rdi";   # 1st arg
 $inp="%rsi";   # 2nd arg
@@ -51,196 +94,994 @@ $ctx="%r8";
 $inp="%r9";
 $num="%r10";
 
-$xi="%eax";
-$t0="%ebx";
-$t1="%ecx";
-$A="%edx";
-$B="%esi";
-$C="%edi";
-$D="%ebp";
-$E="%r11d";
-$T="%r12d";
-
-@V=($A,$B,$C,$D,$E,$T);
+$t0="%eax";
+$t1="%ebx";
+$t2="%ecx";
+@xi=("%edx","%ebp");
+$A="%esi";
+$B="%edi";
+$C="%r11d";
+$D="%r12d";
+$E="%r13d";
 
-sub PROLOGUE {
-my $func=shift;
-$code.=<<___;
-.globl $func
-.type  $func,\@function,3
-.align 16
-$func:
-       push    %rbx
-       push    %rbp
-       push    %r12
-       mov     %rsp,%r11
-       mov     %rdi,$ctx       # reassigned argument
-       sub     \$`8+16*4`,%rsp
-       mov     %rsi,$inp       # reassigned argument
-       and     \$-64,%rsp
-       mov     %rdx,$num       # reassigned argument
-       mov     %r11,`16*4`(%rsp)
-.Lprologue:
-
-       mov     0($ctx),$A
-       mov     4($ctx),$B
-       mov     8($ctx),$C
-       mov     12($ctx),$D
-       mov     16($ctx),$E
-___
-}
-
-sub EPILOGUE {
-my $func=shift;
-$code.=<<___;
-       mov     `16*4`(%rsp),%rsi
-       mov     (%rsi),%r12
-       mov     8(%rsi),%rbp
-       mov     16(%rsi),%rbx
-       lea     24(%rsi),%rsp
-.Lepilogue:
-       ret
-.size  $func,.-$func
-___
-}
+@V=($A,$B,$C,$D,$E);
 
 sub BODY_00_19 {
-my ($i,$a,$b,$c,$d,$e,$f,$host)=@_;
+my ($i,$a,$b,$c,$d,$e)=@_;
 my $j=$i+1;
 $code.=<<___ if ($i==0);
-       mov     `4*$i`($inp),$xi        
-       `"bswap $xi"    if(!defined($host))`
-       mov     $xi,`4*$i`(%rsp)
+       mov     `4*$i`($inp),$xi[0]
+       bswap   $xi[0]
+       mov     $xi[0],`4*$i`(%rsp)
 ___
 $code.=<<___ if ($i<15);
-       lea     0x5a827999($xi,$e),$f
        mov     $c,$t0
-       mov     `4*$j`($inp),$xi
-       mov     $a,$e
+       mov     `4*$j`($inp),$xi[1]
+       mov     $a,$t2
        xor     $d,$t0
-       `"bswap $xi"    if(!defined($host))`    
-       rol     \$5,$e
+       bswap   $xi[1]
+       rol     \$5,$t2
+       lea     0x5a827999($xi[0],$e),$e
        and     $b,$t0
-       mov     $xi,`4*$j`(%rsp)
-       add     $e,$f
+       mov     $xi[1],`4*$j`(%rsp)
+       add     $t2,$e
        xor     $d,$t0
        rol     \$30,$b
-       add     $t0,$f
+       add     $t0,$e
 ___
 $code.=<<___ if ($i>=15);
-       lea     0x5a827999($xi,$e),$f
-       mov     `4*($j%16)`(%rsp),$xi
+       mov     `4*($j%16)`(%rsp),$xi[1]
        mov     $c,$t0
-       mov     $a,$e
-       xor     `4*(($j+2)%16)`(%rsp),$xi
+       mov     $a,$t2
+       xor     `4*(($j+2)%16)`(%rsp),$xi[1]
        xor     $d,$t0
-       rol     \$5,$e
-       xor     `4*(($j+8)%16)`(%rsp),$xi
+       rol     \$5,$t2
+       xor     `4*(($j+8)%16)`(%rsp),$xi[1]
        and     $b,$t0
-       add     $e,$f
-       xor     `4*(($j+13)%16)`(%rsp),$xi
+       lea     0x5a827999($xi[0],$e),$e
+       xor     `4*(($j+13)%16)`(%rsp),$xi[1]
        xor     $d,$t0
+       rol     \$1,$xi[1]
+       add     $t2,$e
        rol     \$30,$b
-       add     $t0,$f
-       rol     \$1,$xi
-       mov     $xi,`4*($j%16)`(%rsp)
+       mov     $xi[1],`4*($j%16)`(%rsp)
+       add     $t0,$e
 ___
+unshift(@xi,pop(@xi));
 }
 
 sub BODY_20_39 {
-my ($i,$a,$b,$c,$d,$e,$f)=@_;
+my ($i,$a,$b,$c,$d,$e)=@_;
 my $j=$i+1;
 my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
 $code.=<<___ if ($i<79);
-       lea     $K($xi,$e),$f
-       mov     `4*($j%16)`(%rsp),$xi
+       mov     `4*($j%16)`(%rsp),$xi[1]
        mov     $c,$t0
-       mov     $a,$e
-       xor     `4*(($j+2)%16)`(%rsp),$xi
+       mov     $a,$t2
+       xor     `4*(($j+2)%16)`(%rsp),$xi[1]
        xor     $b,$t0
-       rol     \$5,$e
-       xor     `4*(($j+8)%16)`(%rsp),$xi
+       rol     \$5,$t2
+       lea     $K($xi[0],$e),$e
+       xor     `4*(($j+8)%16)`(%rsp),$xi[1]
        xor     $d,$t0
-       add     $e,$f
-       xor     `4*(($j+13)%16)`(%rsp),$xi
+       add     $t2,$e
+       xor     `4*(($j+13)%16)`(%rsp),$xi[1]
        rol     \$30,$b
-       add     $t0,$f
-       rol     \$1,$xi
+       add     $t0,$e
+       rol     \$1,$xi[1]
 ___
 $code.=<<___ if ($i<76);
-       mov     $xi,`4*($j%16)`(%rsp)
+       mov     $xi[1],`4*($j%16)`(%rsp)
 ___
 $code.=<<___ if ($i==79);
-       lea     $K($xi,$e),$f
        mov     $c,$t0
-       mov     $a,$e
+       mov     $a,$t2
        xor     $b,$t0
-       rol     \$5,$e
+       lea     $K($xi[0],$e),$e
+       rol     \$5,$t2
        xor     $d,$t0
-       add     $e,$f
+       add     $t2,$e
        rol     \$30,$b
-       add     $t0,$f
+       add     $t0,$e
 ___
+unshift(@xi,pop(@xi));
 }
 
 sub BODY_40_59 {
-my ($i,$a,$b,$c,$d,$e,$f)=@_;
+my ($i,$a,$b,$c,$d,$e)=@_;
 my $j=$i+1;
 $code.=<<___;
-       lea     0x8f1bbcdc($xi,$e),$f
-       mov     `4*($j%16)`(%rsp),$xi
-       mov     $b,$t0
-       mov     $b,$t1
-       xor     `4*(($j+2)%16)`(%rsp),$xi
-       mov     $a,$e
-       and     $c,$t0
-       xor     `4*(($j+8)%16)`(%rsp),$xi
-       or      $c,$t1
-       rol     \$5,$e
-       xor     `4*(($j+13)%16)`(%rsp),$xi
-       and     $d,$t1
-       add     $e,$f
-       rol     \$1,$xi
-       or      $t1,$t0
+       mov     `4*($j%16)`(%rsp),$xi[1]
+       mov     $c,$t0
+       mov     $c,$t1
+       xor     `4*(($j+2)%16)`(%rsp),$xi[1]
+       and     $d,$t0
+       mov     $a,$t2
+       xor     `4*(($j+8)%16)`(%rsp),$xi[1]
+       xor     $d,$t1
+       lea     0x8f1bbcdc($xi[0],$e),$e
+       rol     \$5,$t2
+       xor     `4*(($j+13)%16)`(%rsp),$xi[1]
+       add     $t0,$e
+       and     $b,$t1
+       rol     \$1,$xi[1]
+       add     $t1,$e
        rol     \$30,$b
-       mov     $xi,`4*($j%16)`(%rsp)
-       add     $t0,$f
+       mov     $xi[1],`4*($j%16)`(%rsp)
+       add     $t2,$e
 ___
+unshift(@xi,pop(@xi));
 }
 
-$code=".text\n";
+$code.=<<___;
+.text
+.extern        OPENSSL_ia32cap_P
 
-&PROLOGUE("sha1_block_data_order");
-$code.=".align 4\n.Lloop:\n";
+.globl sha1_block_data_order
+.type  sha1_block_data_order,\@function,3
+.align 16
+sha1_block_data_order:
+       mov     OPENSSL_ia32cap_P+0(%rip),%r9d
+       mov     OPENSSL_ia32cap_P+4(%rip),%r8d
+       test    \$`1<<9`,%r8d           # check SSSE3 bit
+       jz      .Lialu
+___
+$code.=<<___ if ($avx);
+       and     \$`1<<28`,%r8d          # mask AVX bit
+       and     \$`1<<30`,%r9d          # mask "Intel CPU" bit
+       or      %r9d,%r8d
+       cmp     \$`1<<28|1<<30`,%r8d
+       je      _avx_shortcut
+___
+$code.=<<___;
+       jmp     _ssse3_shortcut
+
+.align 16
+.Lialu:
+       push    %rbx
+       push    %rbp
+       push    %r12
+       push    %r13
+       mov     %rsp,%r11
+       mov     %rdi,$ctx       # reassigned argument
+       sub     \$`8+16*4`,%rsp
+       mov     %rsi,$inp       # reassigned argument
+       and     \$-64,%rsp
+       mov     %rdx,$num       # reassigned argument
+       mov     %r11,`16*4`(%rsp)
+.Lprologue:
+
+       mov     0($ctx),$A
+       mov     4($ctx),$B
+       mov     8($ctx),$C
+       mov     12($ctx),$D
+       mov     16($ctx),$E
+       jmp     .Lloop
+
+.align 16
+.Lloop:
+___
 for($i=0;$i<20;$i++)   { &BODY_00_19($i,@V); unshift(@V,pop(@V)); }
 for(;$i<40;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
 for(;$i<60;$i++)       { &BODY_40_59($i,@V); unshift(@V,pop(@V)); }
 for(;$i<80;$i++)       { &BODY_20_39($i,@V); unshift(@V,pop(@V)); }
 $code.=<<___;
-       add     0($ctx),$E
-       add     4($ctx),$T
-       add     8($ctx),$A
-       add     12($ctx),$B
-       add     16($ctx),$C
-       mov     $E,0($ctx)
-       mov     $T,4($ctx)
-       mov     $A,8($ctx)
-       mov     $B,12($ctx)
-       mov     $C,16($ctx)
-
-       xchg    $E,$A   # mov   $E,$A
-       xchg    $T,$B   # mov   $T,$B
-       xchg    $E,$C   # mov   $A,$C
-       xchg    $T,$D   # mov   $B,$D
-                       # mov   $C,$E
-       lea     `16*4`($inp),$inp
+       add     0($ctx),$A
+       add     4($ctx),$B
+       add     8($ctx),$C
+       add     12($ctx),$D
+       add     16($ctx),$E
+       mov     $A,0($ctx)
+       mov     $B,4($ctx)
+       mov     $C,8($ctx)
+       mov     $D,12($ctx)
+       mov     $E,16($ctx)
+
        sub     \$1,$num
+       lea     `16*4`($inp),$inp
        jnz     .Lloop
+
+       mov     `16*4`(%rsp),%rsi
+       mov     (%rsi),%r13
+       mov     8(%rsi),%r12
+       mov     16(%rsi),%rbp
+       mov     24(%rsi),%rbx
+       lea     32(%rsi),%rsp
+.Lepilogue:
+       ret
+.size  sha1_block_data_order,.-sha1_block_data_order
 ___
-&EPILOGUE("sha1_block_data_order");
+{{{
+my $Xi=4;
+my @X=map("%xmm$_",(4..7,0..3));
+my @Tx=map("%xmm$_",(8..10));
+my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp");   # size optimization
+my @T=("%esi","%edi");
+my $j=0;
+my $K_XX_XX="%r11";
+
+my $_rol=sub { &rol(@_) };
+my $_ror=sub { &ror(@_) };
+
+$code.=<<___;
+.type  sha1_block_data_order_ssse3,\@function,3
+.align 16
+sha1_block_data_order_ssse3:
+_ssse3_shortcut:
+       push    %rbx
+       push    %rbp
+       push    %r12
+       lea     `-64-($win64?5*16:0)`(%rsp),%rsp
+___
+$code.=<<___ if ($win64);
+       movaps  %xmm6,64+0(%rsp)
+       movaps  %xmm7,64+16(%rsp)
+       movaps  %xmm8,64+32(%rsp)
+       movaps  %xmm9,64+48(%rsp)
+       movaps  %xmm10,64+64(%rsp)
+.Lprologue_ssse3:
+___
+$code.=<<___;
+       mov     %rdi,$ctx       # reassigned argument
+       mov     %rsi,$inp       # reassigned argument
+       mov     %rdx,$num       # reassigned argument
+
+       shl     \$6,$num
+       add     $inp,$num
+       lea     K_XX_XX(%rip),$K_XX_XX
+
+       mov     0($ctx),$A              # load context
+       mov     4($ctx),$B
+       mov     8($ctx),$C
+       mov     12($ctx),$D
+       mov     $B,@T[0]                # magic seed
+       mov     16($ctx),$E
+
+       movdqa  64($K_XX_XX),@X[2]      # pbswap mask
+       movdqa  0($K_XX_XX),@Tx[1]      # K_00_19
+       movdqu  0($inp),@X[-4&7]        # load input to %xmm[0-3]
+       movdqu  16($inp),@X[-3&7]
+       movdqu  32($inp),@X[-2&7]
+       movdqu  48($inp),@X[-1&7]
+       pshufb  @X[2],@X[-4&7]          # byte swap
+       add     \$64,$inp
+       pshufb  @X[2],@X[-3&7]
+       pshufb  @X[2],@X[-2&7]
+       pshufb  @X[2],@X[-1&7]
+       paddd   @Tx[1],@X[-4&7]         # add K_00_19
+       paddd   @Tx[1],@X[-3&7]
+       paddd   @Tx[1],@X[-2&7]
+       movdqa  @X[-4&7],0(%rsp)        # X[]+K xfer to IALU
+       psubd   @Tx[1],@X[-4&7]         # restore X[]
+       movdqa  @X[-3&7],16(%rsp)
+       psubd   @Tx[1],@X[-3&7]
+       movdqa  @X[-2&7],32(%rsp)
+       psubd   @Tx[1],@X[-2&7]
+       jmp     .Loop_ssse3
+___
+
+sub AUTOLOAD()         # thunk [simplified] 32-bit style perlasm
+{ my $opcode = $AUTOLOAD; $opcode =~ s/.*:://;
+  my $arg = pop;
+    $arg = "\$$arg" if ($arg*1 eq $arg);
+    $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
+}
+
+sub Xupdate_ssse3_16_31()              # recall that $Xi starts wtih 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 40 instructions
+  my ($a,$b,$c,$d,$e);
+
+       &movdqa (@X[0],@X[-3&7]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &movdqa (@Tx[0],@X[-1&7]);
+       &palignr(@X[0],@X[-4&7],8);     # compose "X[-14]" in "X[0]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+         &paddd        (@Tx[1],@X[-1&7]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &psrldq (@Tx[0],4);             # "X[-3]", 3 dwords
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &pxor   (@X[0],@X[-4&7]);       # "X[0]"^="X[-16]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &pxor   (@Tx[0],@X[-2&7]);      # "X[-3]"^"X[-8]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &pxor   (@X[0],@Tx[0]);         # "X[0]"^="X[-3]"^"X[-8]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+         &movdqa       (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &movdqa (@Tx[2],@X[0]);
+       &movdqa (@Tx[0],@X[0]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &pslldq (@Tx[2],12);            # "X[0]"<<96, extract one dword
+       &paddd  (@X[0],@X[0]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &psrld  (@Tx[0],31);
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &movdqa (@Tx[1],@Tx[2]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &psrld  (@Tx[2],30);
+       &por    (@X[0],@Tx[0]);         # "X[0]"<<<=1
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &pslld  (@Tx[1],2);
+       &pxor   (@X[0],@Tx[2]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+         &movdqa       (@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)");       # K_XX_XX
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &pxor   (@X[0],@Tx[1]);         # "X[0]"^=("X[0]">>96)<<<2
+
+        foreach (@insns) { eval; }     # remaining instructions [if any]
+
+  $Xi++;       push(@X,shift(@X));     # "rotate" X[]
+               push(@Tx,shift(@Tx));
+}
+
+sub Xupdate_ssse3_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 32 to 48 instructions
+  my ($a,$b,$c,$d,$e);
+
+       &movdqa (@Tx[0],@X[-1&7])       if ($Xi==8);
+        eval(shift(@insns));           # body_20_39
+       &pxor   (@X[0],@X[-4&7]);       # "X[0]"="X[-32]"^"X[-16]"
+       &palignr(@Tx[0],@X[-2&7],8);    # compose "X[-6]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+
+       &pxor   (@X[0],@X[-7&7]);       # "X[0]"^="X[-28]"
+        eval(shift(@insns));
+        eval(shift(@insns))    if (@insns[0] !~ /&ro[rl]/);
+       if ($Xi%5) {
+         &movdqa       (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX...
+       } else {                        # ... or load next one
+         &movdqa       (@Tx[2],eval(16*($Xi/5))."($K_XX_XX)");
+       }
+         &paddd        (@Tx[1],@X[-1&7]);
+        eval(shift(@insns));           # ror
+        eval(shift(@insns));
+
+       &pxor   (@X[0],@Tx[0]);         # "X[0]"^="X[-6]"
+        eval(shift(@insns));           # body_20_39
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+
+       &movdqa (@Tx[0],@X[0]);
+         &movdqa       (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # ror
+        eval(shift(@insns));
+
+       &pslld  (@X[0],2);
+        eval(shift(@insns));           # body_20_39
+        eval(shift(@insns));
+       &psrld  (@Tx[0],30);
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # ror
+        eval(shift(@insns));
+
+       &por    (@X[0],@Tx[0]);         # "X[0]"<<<=2
+        eval(shift(@insns));           # body_20_39
+        eval(shift(@insns));
+         &movdqa       (@Tx[1],@X[0])  if ($Xi<19);
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+        eval(shift(@insns));
+
+        foreach (@insns) { eval; }     # remaining instructions
+
+  $Xi++;       push(@X,shift(@X));     # "rotate" X[]
+               push(@Tx,shift(@Tx));
+}
+
+sub Xuplast_ssse3_80()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+        eval(shift(@insns));
+         &paddd        (@Tx[1],@X[-1&7]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+         &movdqa       (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU
+
+        foreach (@insns) { eval; }             # remaining instructions
+
+       &cmp    ($inp,$num);
+       &je     (".Ldone_ssse3");
+
+       unshift(@Tx,pop(@Tx));
+
+       &movdqa (@X[2],"64($K_XX_XX)");         # pbswap mask
+       &movdqa (@Tx[1],"0($K_XX_XX)");         # K_00_19
+       &movdqu (@X[-4&7],"0($inp)");           # load input
+       &movdqu (@X[-3&7],"16($inp)");
+       &movdqu (@X[-2&7],"32($inp)");
+       &movdqu (@X[-1&7],"48($inp)");
+       &pshufb (@X[-4&7],@X[2]);               # byte swap
+       &add    ($inp,64);
+
+  $Xi=0;
+}
+
+sub Xloop_ssse3()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &pshufb (@X[($Xi-3)&7],@X[2]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &paddd  (@X[($Xi-4)&7],@Tx[1]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &movdqa (eval(16*$Xi)."(%rsp)",@X[($Xi-4)&7]);  # X[]+K xfer to IALU
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &psubd  (@X[($Xi-4)&7],@Tx[1]);
+
+       foreach (@insns) { eval; }
+  $Xi++;
+}
+
+sub Xtail_ssse3()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+       foreach (@insns) { eval; }
+}
+
+sub body_00_19 () {
+       (
+       '($a,$b,$c,$d,$e)=@V;'.
+       '&add   ($e,eval(4*($j&15))."(%rsp)");',        # X[]+K xfer
+       '&xor   ($c,$d);',
+       '&mov   (@T[1],$a);',   # $b in next round
+       '&$_rol ($a,5);',
+       '&and   (@T[0],$c);',   # ($b&($c^$d))
+       '&xor   ($c,$d);',      # restore $c
+       '&xor   (@T[0],$d);',
+       '&add   ($e,$a);',
+       '&$_ror ($b,$j?7:2);',  # $b>>>2
+       '&add   ($e,@T[0]);'    .'$j++; unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+       );
+}
+
+sub body_20_39 () {
+       (
+       '($a,$b,$c,$d,$e)=@V;'.
+       '&add   ($e,eval(4*($j++&15))."(%rsp)");',      # X[]+K xfer
+       '&xor   (@T[0],$d);',   # ($b^$d)
+       '&mov   (@T[1],$a);',   # $b in next round
+       '&$_rol ($a,5);',
+       '&xor   (@T[0],$c);',   # ($b^$d^$c)
+       '&add   ($e,$a);',
+       '&$_ror ($b,7);',       # $b>>>2
+       '&add   ($e,@T[0]);'    .'unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+       );
+}
+
+sub body_40_59 () {
+       (
+       '($a,$b,$c,$d,$e)=@V;'.
+       '&mov   (@T[1],$c);',
+       '&xor   ($c,$d);',
+       '&add   ($e,eval(4*($j++&15))."(%rsp)");',      # X[]+K xfer
+       '&and   (@T[1],$d);',
+       '&and   (@T[0],$c);',   # ($b&($c^$d))
+       '&$_ror ($b,7);',       # $b>>>2
+       '&add   ($e,@T[1]);',
+       '&mov   (@T[1],$a);',   # $b in next round
+       '&$_rol ($a,5);',
+       '&add   ($e,@T[0]);',
+       '&xor   ($c,$d);',      # restore $c
+       '&add   ($e,$a);'       .'unshift(@V,pop(@V)); unshift(@T,pop(@T));'
+       );
+}
 $code.=<<___;
-.asciz "SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
 .align 16
+.Loop_ssse3:
+___
+       &Xupdate_ssse3_16_31(\&body_00_19);
+       &Xupdate_ssse3_16_31(\&body_00_19);
+       &Xupdate_ssse3_16_31(\&body_00_19);
+       &Xupdate_ssse3_16_31(\&body_00_19);
+       &Xupdate_ssse3_32_79(\&body_00_19);
+       &Xupdate_ssse3_32_79(\&body_20_39);
+       &Xupdate_ssse3_32_79(\&body_20_39);
+       &Xupdate_ssse3_32_79(\&body_20_39);
+       &Xupdate_ssse3_32_79(\&body_20_39);
+       &Xupdate_ssse3_32_79(\&body_20_39);
+       &Xupdate_ssse3_32_79(\&body_40_59);
+       &Xupdate_ssse3_32_79(\&body_40_59);
+       &Xupdate_ssse3_32_79(\&body_40_59);
+       &Xupdate_ssse3_32_79(\&body_40_59);
+       &Xupdate_ssse3_32_79(\&body_40_59);
+       &Xupdate_ssse3_32_79(\&body_20_39);
+       &Xuplast_ssse3_80(\&body_20_39);        # can jump to "done"
+
+                               $saved_j=$j; @saved_V=@V;
+
+       &Xloop_ssse3(\&body_20_39);
+       &Xloop_ssse3(\&body_20_39);
+       &Xloop_ssse3(\&body_20_39);
+
+$code.=<<___;
+       add     0($ctx),$A                      # update context
+       add     4($ctx),@T[0]
+       add     8($ctx),$C
+       add     12($ctx),$D
+       mov     $A,0($ctx)
+       add     16($ctx),$E
+       mov     @T[0],4($ctx)
+       mov     @T[0],$B                        # magic seed
+       mov     $C,8($ctx)
+       mov     $D,12($ctx)
+       mov     $E,16($ctx)
+       jmp     .Loop_ssse3
+
+.align 16
+.Ldone_ssse3:
+___
+                               $j=$saved_j; @V=@saved_V;
+
+       &Xtail_ssse3(\&body_20_39);
+       &Xtail_ssse3(\&body_20_39);
+       &Xtail_ssse3(\&body_20_39);
+
+$code.=<<___;
+       add     0($ctx),$A                      # update context
+       add     4($ctx),@T[0]
+       add     8($ctx),$C
+       mov     $A,0($ctx)
+       add     12($ctx),$D
+       mov     @T[0],4($ctx)
+       add     16($ctx),$E
+       mov     $C,8($ctx)
+       mov     $D,12($ctx)
+       mov     $E,16($ctx)
+___
+$code.=<<___ if ($win64);
+       movaps  64+0(%rsp),%xmm6
+       movaps  64+16(%rsp),%xmm7
+       movaps  64+32(%rsp),%xmm8
+       movaps  64+48(%rsp),%xmm9
+       movaps  64+64(%rsp),%xmm10
+___
+$code.=<<___;
+       lea     `64+($win64?5*16:0)`(%rsp),%rsi
+       mov     0(%rsi),%r12
+       mov     8(%rsi),%rbp
+       mov     16(%rsi),%rbx
+       lea     24(%rsi),%rsp
+.Lepilogue_ssse3:
+       ret
+.size  sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
+___
+
+if ($avx) {
+my $Xi=4;
+my @X=map("%xmm$_",(4..7,0..3));
+my @Tx=map("%xmm$_",(8..10));
+my @V=($A,$B,$C,$D,$E)=("%eax","%ebx","%ecx","%edx","%ebp");   # size optimization
+my @T=("%esi","%edi");
+my $j=0;
+my $K_XX_XX="%r11";
+
+my $_rol=sub { &shld(@_[0],@_) };
+my $_ror=sub { &shrd(@_[0],@_) };
+
+$code.=<<___;
+.type  sha1_block_data_order_avx,\@function,3
+.align 16
+sha1_block_data_order_avx:
+_avx_shortcut:
+       push    %rbx
+       push    %rbp
+       push    %r12
+       lea     `-64-($win64?5*16:0)`(%rsp),%rsp
+___
+$code.=<<___ if ($win64);
+       movaps  %xmm6,64+0(%rsp)
+       movaps  %xmm7,64+16(%rsp)
+       movaps  %xmm8,64+32(%rsp)
+       movaps  %xmm9,64+48(%rsp)
+       movaps  %xmm10,64+64(%rsp)
+.Lprologue_avx:
+___
+$code.=<<___;
+       mov     %rdi,$ctx       # reassigned argument
+       mov     %rsi,$inp       # reassigned argument
+       mov     %rdx,$num       # reassigned argument
+       vzeroall
+
+       shl     \$6,$num
+       add     $inp,$num
+       lea     K_XX_XX(%rip),$K_XX_XX
+
+       mov     0($ctx),$A              # load context
+       mov     4($ctx),$B
+       mov     8($ctx),$C
+       mov     12($ctx),$D
+       mov     $B,@T[0]                # magic seed
+       mov     16($ctx),$E
+
+       vmovdqa 64($K_XX_XX),@X[2]      # pbswap mask
+       vmovdqa 0($K_XX_XX),@Tx[1]      # K_00_19
+       vmovdqu 0($inp),@X[-4&7]        # load input to %xmm[0-3]
+       vmovdqu 16($inp),@X[-3&7]
+       vmovdqu 32($inp),@X[-2&7]
+       vmovdqu 48($inp),@X[-1&7]
+       vpshufb @X[2],@X[-4&7],@X[-4&7] # byte swap
+       add     \$64,$inp
+       vpshufb @X[2],@X[-3&7],@X[-3&7]
+       vpshufb @X[2],@X[-2&7],@X[-2&7]
+       vpshufb @X[2],@X[-1&7],@X[-1&7]
+       vpaddd  @Tx[1],@X[-4&7],@X[0]   # add K_00_19
+       vpaddd  @Tx[1],@X[-3&7],@X[1]
+       vpaddd  @Tx[1],@X[-2&7],@X[2]
+       vmovdqa @X[0],0(%rsp)           # X[]+K xfer to IALU
+       vmovdqa @X[1],16(%rsp)
+       vmovdqa @X[2],32(%rsp)
+       jmp     .Loop_avx
+___
+
+sub Xupdate_avx_16_31()                # recall that $Xi starts wtih 4
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 40 instructions
+  my ($a,$b,$c,$d,$e);
+
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &vpalignr(@X[0],@X[-3&7],@X[-4&7],8);   # compose "X[-14]" in "X[0]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+         &vpaddd       (@Tx[1],@Tx[1],@X[-1&7]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &vpsrldq(@Tx[0],@X[-1&7],4);    # "X[-3]", 3 dwords
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &vpxor  (@X[0],@X[0],@X[-4&7]);         # "X[0]"^="X[-16]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &vpxor  (@Tx[0],@Tx[0],@X[-2&7]);       # "X[-3]"^"X[-8]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &vpxor  (@X[0],@X[0],@Tx[0]);           # "X[0]"^="X[-3]"^"X[-8]"
+        eval(shift(@insns));
+        eval(shift(@insns));
+         &vmovdqa      (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &vpsrld (@Tx[0],@X[0],31);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &vpslldq(@Tx[2],@X[0],12);              # "X[0]"<<96, extract one dword
+       &vpaddd (@X[0],@X[0],@X[0]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &vpsrld (@Tx[1],@Tx[2],30);
+       &vpor   (@X[0],@X[0],@Tx[0]);           # "X[0]"<<<=1
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &vpslld (@Tx[2],@Tx[2],2);
+       &vpxor  (@X[0],@X[0],@Tx[1]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       &vpxor  (@X[0],@X[0],@Tx[2]);           # "X[0]"^=("X[0]">>96)<<<2
+        eval(shift(@insns));
+        eval(shift(@insns));
+         &vmovdqa      (@Tx[2],eval(16*(($Xi)/5))."($K_XX_XX)");       # K_XX_XX
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+
+        foreach (@insns) { eval; }     # remaining instructions [if any]
+
+  $Xi++;       push(@X,shift(@X));     # "rotate" X[]
+               push(@Tx,shift(@Tx));
+}
+
+sub Xupdate_avx_32_79()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 32 to 48 instructions
+  my ($a,$b,$c,$d,$e);
+
+       &vpalignr(@Tx[0],@X[-1&7],@X[-2&7],8);  # compose "X[-6]"
+       &vpxor  (@X[0],@X[0],@X[-4&7]);         # "X[0]"="X[-32]"^"X[-16]"
+        eval(shift(@insns));           # body_20_39
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+
+       &vpxor  (@X[0],@X[0],@X[-7&7]);         # "X[0]"^="X[-28]"
+        eval(shift(@insns));
+        eval(shift(@insns))    if (@insns[0] !~ /&ro[rl]/);
+       if ($Xi%5) {
+         &vmovdqa      (@Tx[2],@Tx[1]);# "perpetuate" K_XX_XX...
+       } else {                        # ... or load next one
+         &vmovdqa      (@Tx[2],eval(16*($Xi/5))."($K_XX_XX)");
+       }
+         &vpaddd       (@Tx[1],@Tx[1],@X[-1&7]);
+        eval(shift(@insns));           # ror
+        eval(shift(@insns));
+
+       &vpxor  (@X[0],@X[0],@Tx[0]);           # "X[0]"^="X[-6]"
+        eval(shift(@insns));           # body_20_39
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+
+       &vpsrld (@Tx[0],@X[0],30);
+         &vmovdqa      (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer to IALU
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # ror
+        eval(shift(@insns));
+
+       &vpslld (@X[0],@X[0],2);
+        eval(shift(@insns));           # body_20_39
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # ror
+        eval(shift(@insns));
+
+       &vpor   (@X[0],@X[0],@Tx[0]);           # "X[0]"<<<=2
+        eval(shift(@insns));           # body_20_39
+        eval(shift(@insns));
+         &vmovdqa      (@Tx[1],@X[0])  if ($Xi<19);
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));           # rol
+        eval(shift(@insns));
+
+        foreach (@insns) { eval; }     # remaining instructions
+
+  $Xi++;       push(@X,shift(@X));     # "rotate" X[]
+               push(@Tx,shift(@Tx));
+}
+
+sub Xuplast_avx_80()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+        eval(shift(@insns));
+         &vpaddd       (@Tx[1],@Tx[1],@X[-1&7]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+         &movdqa       (eval(16*(($Xi-1)&3))."(%rsp)",@Tx[1]); # X[]+K xfer IALU
+
+        foreach (@insns) { eval; }             # remaining instructions
+
+       &cmp    ($inp,$num);
+       &je     (".Ldone_avx");
+
+       unshift(@Tx,pop(@Tx));
+
+       &vmovdqa(@X[2],"64($K_XX_XX)");         # pbswap mask
+       &vmovdqa(@Tx[1],"0($K_XX_XX)");         # K_00_19
+       &vmovdqu(@X[-4&7],"0($inp)");           # load input
+       &vmovdqu(@X[-3&7],"16($inp)");
+       &vmovdqu(@X[-2&7],"32($inp)");
+       &vmovdqu(@X[-1&7],"48($inp)");
+       &vpshufb(@X[-4&7],@X[-4&7],@X[2]);      # byte swap
+       &add    ($inp,64);
+
+  $Xi=0;
+}
+
+sub Xloop_avx()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &vpshufb(@X[($Xi-3)&7],@X[($Xi-3)&7],@X[2]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &vpaddd (@X[$Xi&7],@X[($Xi-4)&7],@Tx[1]);
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+        eval(shift(@insns));
+       &vmovdqa(eval(16*$Xi)."(%rsp)",@X[$Xi&7]);      # X[]+K xfer to IALU
+        eval(shift(@insns));
+        eval(shift(@insns));
+
+       foreach (@insns) { eval; }
+  $Xi++;
+}
+
+sub Xtail_avx()
+{ use integer;
+  my $body = shift;
+  my @insns = (&$body,&$body,&$body,&$body);   # 32 instructions
+  my ($a,$b,$c,$d,$e);
+
+       foreach (@insns) { eval; }
+}
+
+$code.=<<___;
+.align 16
+.Loop_avx:
+___
+       &Xupdate_avx_16_31(\&body_00_19);
+       &Xupdate_avx_16_31(\&body_00_19);
+       &Xupdate_avx_16_31(\&body_00_19);
+       &Xupdate_avx_16_31(\&body_00_19);
+       &Xupdate_avx_32_79(\&body_00_19);
+       &Xupdate_avx_32_79(\&body_20_39);
+       &Xupdate_avx_32_79(\&body_20_39);
+       &Xupdate_avx_32_79(\&body_20_39);
+       &Xupdate_avx_32_79(\&body_20_39);
+       &Xupdate_avx_32_79(\&body_20_39);
+       &Xupdate_avx_32_79(\&body_40_59);
+       &Xupdate_avx_32_79(\&body_40_59);
+       &Xupdate_avx_32_79(\&body_40_59);
+       &Xupdate_avx_32_79(\&body_40_59);
+       &Xupdate_avx_32_79(\&body_40_59);
+       &Xupdate_avx_32_79(\&body_20_39);
+       &Xuplast_avx_80(\&body_20_39);  # can jump to "done"
+
+                               $saved_j=$j; @saved_V=@V;
+
+       &Xloop_avx(\&body_20_39);
+       &Xloop_avx(\&body_20_39);
+       &Xloop_avx(\&body_20_39);
+
+$code.=<<___;
+       add     0($ctx),$A                      # update context
+       add     4($ctx),@T[0]
+       add     8($ctx),$C
+       add     12($ctx),$D
+       mov     $A,0($ctx)
+       add     16($ctx),$E
+       mov     @T[0],4($ctx)
+       mov     @T[0],$B                        # magic seed
+       mov     $C,8($ctx)
+       mov     $D,12($ctx)
+       mov     $E,16($ctx)
+       jmp     .Loop_avx
+
+.align 16
+.Ldone_avx:
+___
+                               $j=$saved_j; @V=@saved_V;
+
+       &Xtail_avx(\&body_20_39);
+       &Xtail_avx(\&body_20_39);
+       &Xtail_avx(\&body_20_39);
+
+$code.=<<___;
+       vzeroall
+
+       add     0($ctx),$A                      # update context
+       add     4($ctx),@T[0]
+       add     8($ctx),$C
+       mov     $A,0($ctx)
+       add     12($ctx),$D
+       mov     @T[0],4($ctx)
+       add     16($ctx),$E
+       mov     $C,8($ctx)
+       mov     $D,12($ctx)
+       mov     $E,16($ctx)
+___
+$code.=<<___ if ($win64);
+       movaps  64+0(%rsp),%xmm6
+       movaps  64+16(%rsp),%xmm7
+       movaps  64+32(%rsp),%xmm8
+       movaps  64+48(%rsp),%xmm9
+       movaps  64+64(%rsp),%xmm10
+___
+$code.=<<___;
+       lea     `64+($win64?5*16:0)`(%rsp),%rsi
+       mov     0(%rsi),%r12
+       mov     8(%rsi),%rbp
+       mov     16(%rsi),%rbx
+       lea     24(%rsi),%rsp
+.Lepilogue_avx:
+       ret
+.size  sha1_block_data_order_avx,.-sha1_block_data_order_avx
+___
+}
+$code.=<<___;
+.align 64
+K_XX_XX:
+.long  0x5a827999,0x5a827999,0x5a827999,0x5a827999     # K_00_19
+.long  0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1     # K_20_39
+.long  0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc     # K_40_59
+.long  0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6     # K_60_79
+.long  0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f     # pbswap mask
+___
+}}}
+$code.=<<___;
+.asciz "SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align 64
 ___
 
 # EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
@@ -272,25 +1113,75 @@ se_handler:
 
        lea     .Lprologue(%rip),%r10
        cmp     %r10,%rbx               # context->Rip<.Lprologue
-       jb      .Lin_prologue
+       jb      .Lcommon_seh_tail
 
        mov     152($context),%rax      # pull context->Rsp
 
        lea     .Lepilogue(%rip),%r10
        cmp     %r10,%rbx               # context->Rip>=.Lepilogue
-       jae     .Lin_prologue
+       jae     .Lcommon_seh_tail
 
        mov     `16*4`(%rax),%rax       # pull saved stack pointer
-       lea     24(%rax),%rax
+       lea     32(%rax),%rax
 
        mov     -8(%rax),%rbx
        mov     -16(%rax),%rbp
        mov     -24(%rax),%r12
+       mov     -32(%rax),%r13
        mov     %rbx,144($context)      # restore context->Rbx
        mov     %rbp,160($context)      # restore context->Rbp
        mov     %r12,216($context)      # restore context->R12
+       mov     %r13,224($context)      # restore context->R13
+
+       jmp     .Lcommon_seh_tail
+.size  se_handler,.-se_handler
 
-.Lin_prologue:
+.type  ssse3_handler,\@abi-omnipotent
+.align 16
+ssse3_handler:
+       push    %rsi
+       push    %rdi
+       push    %rbx
+       push    %rbp
+       push    %r12
+       push    %r13
+       push    %r14
+       push    %r15
+       pushfq
+       sub     \$64,%rsp
+
+       mov     120($context),%rax      # pull context->Rax
+       mov     248($context),%rbx      # pull context->Rip
+
+       mov     8($disp),%rsi           # disp->ImageBase
+       mov     56($disp),%r11          # disp->HandlerData
+
+       mov     0(%r11),%r10d           # HandlerData[0]
+       lea     (%rsi,%r10),%r10        # prologue label
+       cmp     %r10,%rbx               # context->Rip<prologue label
+       jb      .Lcommon_seh_tail
+
+       mov     152($context),%rax      # pull context->Rsp
+
+       mov     4(%r11),%r10d           # HandlerData[1]
+       lea     (%rsi,%r10),%r10        # epilogue label
+       cmp     %r10,%rbx               # context->Rip>=epilogue label
+       jae     .Lcommon_seh_tail
+
+       lea     64(%rax),%rsi
+       lea     512($context),%rdi      # &context.Xmm6
+       mov     \$10,%ecx
+       .long   0xa548f3fc              # cld; rep movsq
+       lea     `24+64+5*16`(%rax),%rax # adjust stack pointer
+
+       mov     -8(%rax),%rbx
+       mov     -16(%rax),%rbp
+       mov     -24(%rax),%r12
+       mov     %rbx,144($context)      # restore context->Rbx
+       mov     %rbp,160($context)      # restore context->Rbp
+       mov     %r12,216($context)      # restore cotnext->R12
+
+.Lcommon_seh_tail:
        mov     8(%rax),%rdi
        mov     16(%rax),%rsi
        mov     %rax,152($context)      # restore context->Rsp
@@ -328,19 +1219,38 @@ se_handler:
        pop     %rdi
        pop     %rsi
        ret
-.size  se_handler,.-se_handler
+.size  ssse3_handler,.-ssse3_handler
 
 .section       .pdata
 .align 4
        .rva    .LSEH_begin_sha1_block_data_order
        .rva    .LSEH_end_sha1_block_data_order
        .rva    .LSEH_info_sha1_block_data_order
-
+       .rva    .LSEH_begin_sha1_block_data_order_ssse3
+       .rva    .LSEH_end_sha1_block_data_order_ssse3
+       .rva    .LSEH_info_sha1_block_data_order_ssse3
+___
+$code.=<<___ if ($avx);
+       .rva    .LSEH_begin_sha1_block_data_order_avx
+       .rva    .LSEH_end_sha1_block_data_order_avx
+       .rva    .LSEH_info_sha1_block_data_order_avx
+___
+$code.=<<___;
 .section       .xdata
 .align 8
 .LSEH_info_sha1_block_data_order:
        .byte   9,0,0,0
        .rva    se_handler
+.LSEH_info_sha1_block_data_order_ssse3:
+       .byte   9,0,0,0
+       .rva    ssse3_handler
+       .rva    .Lprologue_ssse3,.Lepilogue_ssse3       # HandlerData[]
+___
+$code.=<<___ if ($avx);
+.LSEH_info_sha1_block_data_order_avx:
+       .byte   9,0,0,0
+       .rva    ssse3_handler
+       .rva    .Lprologue_avx,.Lepilogue_avx           # HandlerData[]
 ___
 }
 

diff --git a/deps/openssl/openssl/crypto/sha/asm/sha256-586.pl b/deps/openssl/openssl/crypto/sha/asm/sha256-586.pl
index ecc8b69..928ec53 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/asm/sha256-586.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha256-586.pl
@@ -14,8 +14,8 @@
 #              Pentium PIII    P4      AMD K8  Core2
 # gcc          46      36      41      27      26
 # icc          57      33      38      25      23      
-# x86 asm      40      30      35      20      20
-# x86_64 asm(*)        -       -       21      15.8    16.5
+# x86 asm      40      30      33      20      18
+# x86_64 asm(*)        -       -       21      16      16
 #
 # (*) x86_64 assembler performance is presented for reference
 #     purposes.
@@ -48,20 +48,19 @@ sub BODY_00_15() {
     my $in_16_63=shift;
 
        &mov    ("ecx",$E);
-        &add   ($T,&DWP(4*(8+15+16-9),"esp"))  if ($in_16_63); # T += X[-7]
-       &ror    ("ecx",6);
-       &mov    ("edi",$E);
-       &ror    ("edi",11);
+        &add   ($T,"edi")                      if ($in_16_63); # T += sigma1(X[-2])
+       &ror    ("ecx",25-11);
         &mov   ("esi",$Foff);
-       &xor    ("ecx","edi");
-       &ror    ("edi",25-11);
+       &xor    ("ecx",$E);
+       &ror    ("ecx",11-6);
         &mov   (&DWP(4*(8+15),"esp"),$T)       if ($in_16_63); # save X[0]
-       &xor    ("ecx","edi");  # Sigma1(e)
+       &xor    ("ecx",$E);
+       &ror    ("ecx",6);      # Sigma1(e)
         &mov   ("edi",$Goff);
        &add    ($T,"ecx");     # T += Sigma1(e)
-        &mov   ($Eoff,$E);     # modulo-scheduled
 
        &xor    ("esi","edi");
+        &mov   ($Eoff,$E);     # modulo-scheduled
         &mov   ("ecx",$A);
        &and    ("esi",$E);
         &mov   ($E,$Doff);     # e becomes d, which is e in next iteration
@@ -69,14 +68,14 @@ sub BODY_00_15() {
         &mov   ("edi",$A);
        &add    ($T,"esi");     # T += Ch(e,f,g)
 
-       &ror    ("ecx",2);
+       &ror    ("ecx",22-13);
         &add   ($T,$Hoff);     # T += h
-       &ror    ("edi",13);
+       &xor    ("ecx",$A);
+       &ror    ("ecx",13-2);
         &mov   ("esi",$Boff);
-       &xor    ("ecx","edi");
-       &ror    ("edi",22-13);
+       &xor    ("ecx",$A);
+       &ror    ("ecx",2);      # Sigma0(a)
         &add   ($E,$T);        # d += T
-       &xor    ("ecx","edi");  # Sigma0(a)
         &mov   ("edi",$Coff);
 
        &add    ($T,"ecx");     # T += Sigma0(a)
@@ -168,23 +167,22 @@ sub BODY_00_15() {
 &set_label("16_63",16);
        &mov    ("esi",$T);
         &mov   ("ecx",&DWP(4*(8+15+16-14),"esp"));
-       &shr    ($T,3);
-       &ror    ("esi",7);
-       &xor    ($T,"esi");
        &ror    ("esi",18-7);
         &mov   ("edi","ecx");
-       &xor    ($T,"esi");                     # T = sigma0(X[-15])
+       &xor    ("esi",$T);
+       &ror    ("esi",7);
+       &shr    ($T,3);
 
-       &shr    ("ecx",10);
-        &mov   ("esi",&DWP(4*(8+15+16),"esp"));
-       &ror    ("edi",17);
-       &xor    ("ecx","edi");
        &ror    ("edi",19-17);
-        &add   ($T,"esi");                     # T += X[-16]
-       &xor    ("edi","ecx")                   # sigma1(X[-2])
+        &xor   ($T,"esi");                     # T = sigma0(X[-15])
+       &xor    ("edi","ecx");
+       &ror    ("edi",17);
+       &shr    ("ecx",10);
+        &add   ($T,&DWP(4*(8+15+16),"esp"));   # T += X[-16]
+       &xor    ("edi","ecx");                  # sigma1(X[-2])
 
-       &add    ($T,"edi");                     # T += sigma1(X[-2])
-       # &add  ($T,&DWP(4*(8+15+16-9),"esp")); # T += X[-7], moved to BODY_00_15(1)
+        &add   ($T,&DWP(4*(8+15+16-9),"esp")); # T += X[-7]
+       # &add  ($T,"edi");                     # T += sigma1(X[-2])
        # &mov  (&DWP(4*(8+15),"esp"),$T);      # save X[0]
 
        &BODY_00_15(1);

diff --git a/deps/openssl/openssl/crypto/sha/asm/sha256-armv4.pl b/deps/openssl/openssl/crypto/sha/asm/sha256-armv4.pl
index 492cb62..9c84e8d 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/asm/sha256-armv4.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha256-armv4.pl
@@ -18,11 +18,16 @@
 # Rescheduling for dual-issue pipeline resulted in 22% improvement on
 # Cortex A8 core and ~20 cycles per processed byte.
 
+# February 2011.
+#
+# Profiler-assisted and platform-specific optimization resulted in 16%
+# improvement on Cortex A8 core and ~17 cycles per processed byte.
+
 while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
 open STDOUT,">$output";
 
 $ctx="r0";     $t0="r0";
-$inp="r1";
+$inp="r1";     $t3="r1";
 $len="r2";     $t1="r2";
 $T1="r3";
 $A="r4";
@@ -46,6 +51,9 @@ sub BODY_00_15 {
 my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
 
 $code.=<<___ if ($i<16);
+#if __ARM_ARCH__>=7
+       ldr     $T1,[$inp],#4
+#else
        ldrb    $T1,[$inp,#3]                   @ $i
        ldrb    $t2,[$inp,#2]
        ldrb    $t1,[$inp,#1]
@@ -53,16 +61,24 @@ $code.=<<___ if ($i<16);
        orr     $T1,$T1,$t2,lsl#8
        orr     $T1,$T1,$t1,lsl#16
        orr     $T1,$T1,$t0,lsl#24
-       `"str   $inp,[sp,#17*4]"        if ($i==15)`
+#endif
 ___
 $code.=<<___;
-       ldr     $t2,[$Ktbl],#4                  @ *K256++
        mov     $t0,$e,ror#$Sigma1[0]
-       str     $T1,[sp,#`$i%16`*4]
+       ldr     $t2,[$Ktbl],#4                  @ *K256++
        eor     $t0,$t0,$e,ror#$Sigma1[1]
        eor     $t1,$f,$g
+#if $i>=16
+       add     $T1,$T1,$t3                     @ from BODY_16_xx
+#elif __ARM_ARCH__>=7 && defined(__ARMEL__)
+       rev     $T1,$T1
+#endif
+#if $i==15
+       str     $inp,[sp,#17*4]                 @ leave room for $t3
+#endif
        eor     $t0,$t0,$e,ror#$Sigma1[2]       @ Sigma1(e)
        and     $t1,$t1,$e
+       str     $T1,[sp,#`$i%16`*4]
        add     $T1,$T1,$t0
        eor     $t1,$t1,$g                      @ Ch(e,f,g)
        add     $T1,$T1,$h
@@ -71,6 +87,9 @@ $code.=<<___;
        eor     $h,$h,$a,ror#$Sigma0[1]
        add     $T1,$T1,$t2
        eor     $h,$h,$a,ror#$Sigma0[2]         @ Sigma0(a)
+#if $i>=15
+       ldr     $t3,[sp,#`($i+2)%16`*4]         @ from BODY_16_xx
+#endif
        orr     $t0,$a,$b
        and     $t1,$a,$b
        and     $t0,$t0,$c
@@ -85,24 +104,26 @@ sub BODY_16_XX {
 my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
 
 $code.=<<___;
-       ldr     $t1,[sp,#`($i+1)%16`*4]         @ $i
+       @ ldr   $t3,[sp,#`($i+1)%16`*4]         @ $i
        ldr     $t2,[sp,#`($i+14)%16`*4]
+       mov     $t0,$t3,ror#$sigma0[0]
        ldr     $T1,[sp,#`($i+0)%16`*4]
-       mov     $t0,$t1,ror#$sigma0[0]
-       ldr     $inp,[sp,#`($i+9)%16`*4]
-       eor     $t0,$t0,$t1,ror#$sigma0[1]
-       eor     $t0,$t0,$t1,lsr#$sigma0[2]      @ sigma0(X[i+1])
-       mov     $t1,$t2,ror#$sigma1[0]
+       eor     $t0,$t0,$t3,ror#$sigma0[1]
+       ldr     $t1,[sp,#`($i+9)%16`*4]
+       eor     $t0,$t0,$t3,lsr#$sigma0[2]      @ sigma0(X[i+1])
+       mov     $t3,$t2,ror#$sigma1[0]
        add     $T1,$T1,$t0
-       eor     $t1,$t1,$t2,ror#$sigma1[1]
-       add     $T1,$T1,$inp
-       eor     $t1,$t1,$t2,lsr#$sigma1[2]      @ sigma1(X[i+14])
+       eor     $t3,$t3,$t2,ror#$sigma1[1]
        add     $T1,$T1,$t1
+       eor     $t3,$t3,$t2,lsr#$sigma1[2]      @ sigma1(X[i+14])
+       @ add   $T1,$T1,$t3
 ___
        &BODY_00_15(@_);
 }
 
 $code=<<___;
+#include "arm_arch.h"
+
 .text
 .code  32
 
@@ -132,7 +153,7 @@ K256:
 sha256_block_data_order:
        sub     r3,pc,#8                @ sha256_block_data_order
        add     $len,$inp,$len,lsl#6    @ len to point at the end of inp
-       stmdb   sp!,{$ctx,$inp,$len,r4-r12,lr}
+       stmdb   sp!,{$ctx,$inp,$len,r4-r11,lr}
        ldmia   $ctx,{$A,$B,$C,$D,$E,$F,$G,$H}
        sub     $Ktbl,r3,#256           @ K256
        sub     sp,sp,#16*4             @ alloca(X[16])
@@ -171,10 +192,14 @@ $code.=<<___;
        bne     .Loop
 
        add     sp,sp,#`16+3`*4 @ destroy frame
-       ldmia   sp!,{r4-r12,lr}
+#if __ARM_ARCH__>=5
+       ldmia   sp!,{r4-r11,pc}
+#else
+       ldmia   sp!,{r4-r11,lr}
        tst     lr,#1
        moveq   pc,lr                   @ be binary compatible with V4, yet
        bx      lr                      @ interoperable with Thumb ISA:-)
+#endif
 .size   sha256_block_data_order,.-sha256_block_data_order
 .asciz  "SHA256 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
 .align 2

diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-586.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-586.pl
index 5b9f333..7eab6a5 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/asm/sha512-586.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512-586.pl
@@ -142,9 +142,9 @@ sub BODY_00_15_x86 {
        &mov    ("edx",$Ehi);
        &mov    ("esi","ecx");
 
-       &shr    ("ecx",9)       # lo>>9
+       &shr    ("ecx",9);      # lo>>9
        &mov    ("edi","edx");
-       &shr    ("edx",9)       # hi>>9
+       &shr    ("edx",9);      # hi>>9
        &mov    ("ebx","ecx");
        &shl    ("esi",14);     # lo<<14
        &mov    ("eax","edx");
@@ -207,9 +207,9 @@ sub BODY_00_15_x86 {
        &mov    ($Dhi,"ebx");
        &mov    ("esi","ecx");
 
-       &shr    ("ecx",2)       # lo>>2
+       &shr    ("ecx",2);      # lo>>2
        &mov    ("edi","edx");
-       &shr    ("edx",2)       # hi>>2
+       &shr    ("edx",2);      # hi>>2
        &mov    ("ebx","ecx");
        &shl    ("esi",4);      # lo<<4
        &mov    ("eax","edx");
@@ -452,9 +452,9 @@ if ($sse2) {
        &mov    ("edx",&DWP(8*(9+15+16-1)+4,"esp"));
        &mov    ("esi","ecx");
 
-       &shr    ("ecx",1)       # lo>>1
+       &shr    ("ecx",1);      # lo>>1
        &mov    ("edi","edx");
-       &shr    ("edx",1)       # hi>>1
+       &shr    ("edx",1);      # hi>>1
        &mov    ("eax","ecx");
        &shl    ("esi",24);     # lo<<24
        &mov    ("ebx","edx");
@@ -488,9 +488,9 @@ if ($sse2) {
        &mov    ("edx",&DWP(8*(9+15+16-14)+4,"esp"));
        &mov    ("esi","ecx");
 
-       &shr    ("ecx",6)       # lo>>6
+       &shr    ("ecx",6);      # lo>>6
        &mov    ("edi","edx");
-       &shr    ("edx",6)       # hi>>6
+       &shr    ("edx",6);      # hi>>6
        &mov    ("eax","ecx");
        &shl    ("esi",3);      # lo<<3
        &mov    ("ebx","edx");

diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-armv4.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-armv4.pl
index 3a35861..7faf37b 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/asm/sha512-armv4.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512-armv4.pl
@@ -18,22 +18,33 @@
 # Rescheduling for dual-issue pipeline resulted in 6% improvement on
 # Cortex A8 core and ~40 cycles per processed byte.
 
+# February 2011.
+#
+# Profiler-assisted and platform-specific optimization resulted in 7%
+# improvement on Coxtex A8 core and ~38 cycles per byte.
+
+# March 2011.
+#
+# Add NEON implementation. On Cortex A8 it was measured to process
+# one byte in 25.5 cycles or 47% faster than integer-only code.
+
 # Byte order [in]dependence. =========================================
 #
-# Caller is expected to maintain specific *dword* order in h[0-7],
-# namely with most significant dword at *lower* address, which is
-# reflected in below two parameters. *Byte* order within these dwords
-# in turn is whatever *native* byte order on current platform.
-$hi=0;
-$lo=4;
+# Originally caller was expected to maintain specific *dword* order in
+# h[0-7], namely with most significant dword at *lower* address, which
+# was reflected in below two parameters as 0 and 4. Now caller is
+# expected to maintain native byte order for whole 64-bit values.
+$hi="HI";
+$lo="LO";
 # ====================================================================
 
 while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
 open STDOUT,">$output";
 
-$ctx="r0";
+$ctx="r0";     # parameter block
 $inp="r1";
 $len="r2";
+
 $Tlo="r3";
 $Thi="r4";
 $Alo="r5";
@@ -61,15 +72,17 @@ $Xoff=8*8;
 sub BODY_00_15() {
 my $magic = shift;
 $code.=<<___;
-       ldr     $t2,[sp,#$Hoff+0]       @ h.lo
-       ldr     $t3,[sp,#$Hoff+4]       @ h.hi
        @ Sigma1(x)     (ROTR((x),14) ^ ROTR((x),18)  ^ ROTR((x),41))
        @ LO            lo>>14^hi<<18 ^ lo>>18^hi<<14 ^ hi>>9^lo<<23
        @ HI            hi>>14^lo<<18 ^ hi>>18^lo<<14 ^ lo>>9^hi<<23
        mov     $t0,$Elo,lsr#14
+       str     $Tlo,[sp,#$Xoff+0]
        mov     $t1,$Ehi,lsr#14
+       str     $Thi,[sp,#$Xoff+4]
        eor     $t0,$t0,$Ehi,lsl#18
+       ldr     $t2,[sp,#$Hoff+0]       @ h.lo
        eor     $t1,$t1,$Elo,lsl#18
+       ldr     $t3,[sp,#$Hoff+4]       @ h.hi
        eor     $t0,$t0,$Elo,lsr#18
        eor     $t1,$t1,$Ehi,lsr#18
        eor     $t0,$t0,$Ehi,lsl#14
@@ -96,25 +109,24 @@ $code.=<<___;
        and     $t1,$t1,$Ehi
        str     $Ahi,[sp,#$Aoff+4]
        eor     $t0,$t0,$t2
-       ldr     $t2,[$Ktbl,#4]          @ K[i].lo
+       ldr     $t2,[$Ktbl,#$lo]        @ K[i].lo
        eor     $t1,$t1,$t3             @ Ch(e,f,g)
-       ldr     $t3,[$Ktbl,#0]          @ K[i].hi
+       ldr     $t3,[$Ktbl,#$hi]        @ K[i].hi
 
        adds    $Tlo,$Tlo,$t0
        ldr     $Elo,[sp,#$Doff+0]      @ d.lo
        adc     $Thi,$Thi,$t1           @ T += Ch(e,f,g)
        ldr     $Ehi,[sp,#$Doff+4]      @ d.hi
        adds    $Tlo,$Tlo,$t2
+       and     $t0,$t2,#0xff
        adc     $Thi,$Thi,$t3           @ T += K[i]
        adds    $Elo,$Elo,$Tlo
+       ldr     $t2,[sp,#$Boff+0]       @ b.lo
        adc     $Ehi,$Ehi,$Thi          @ d += T
-
-       and     $t0,$t2,#0xff
        teq     $t0,#$magic
-       orreq   $Ktbl,$Ktbl,#1
 
-       ldr     $t2,[sp,#$Boff+0]       @ b.lo
        ldr     $t3,[sp,#$Coff+0]       @ c.lo
+       orreq   $Ktbl,$Ktbl,#1
        @ Sigma0(x)     (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
        @ LO            lo>>28^hi<<4  ^ hi>>2^lo<<30 ^ hi>>7^lo<<25
        @ HI            hi>>28^lo<<4  ^ lo>>2^hi<<30 ^ lo>>7^hi<<25
@@ -131,80 +143,100 @@ $code.=<<___;
        eor     $t0,$t0,$Alo,lsl#25
        eor     $t1,$t1,$Ahi,lsl#25     @ Sigma0(a)
        adds    $Tlo,$Tlo,$t0
+       and     $t0,$Alo,$t2
        adc     $Thi,$Thi,$t1           @ T += Sigma0(a)
 
-       and     $t0,$Alo,$t2
-       orr     $Alo,$Alo,$t2
        ldr     $t1,[sp,#$Boff+4]       @ b.hi
+       orr     $Alo,$Alo,$t2
        ldr     $t2,[sp,#$Coff+4]       @ c.hi
        and     $Alo,$Alo,$t3
-       orr     $Alo,$Alo,$t0           @ Maj(a,b,c).lo
        and     $t3,$Ahi,$t1
        orr     $Ahi,$Ahi,$t1
+       orr     $Alo,$Alo,$t0           @ Maj(a,b,c).lo
        and     $Ahi,$Ahi,$t2
-       orr     $Ahi,$Ahi,$t3           @ Maj(a,b,c).hi
        adds    $Alo,$Alo,$Tlo
-       adc     $Ahi,$Ahi,$Thi          @ h += T
-
+       orr     $Ahi,$Ahi,$t3           @ Maj(a,b,c).hi
        sub     sp,sp,#8
+       adc     $Ahi,$Ahi,$Thi          @ h += T
+       tst     $Ktbl,#1
        add     $Ktbl,$Ktbl,#8
 ___
 }
 $code=<<___;
+#include "arm_arch.h"
+#ifdef __ARMEL__
+# define LO 0
+# define HI 4
+# define WORD64(hi0,lo0,hi1,lo1)       .word   lo0,hi0, lo1,hi1
+#else
+# define HI 0
+# define LO 4
+# define WORD64(hi0,lo0,hi1,lo1)       .word   hi0,lo0, hi1,lo1
+#endif
+
 .text
 .code  32
 .type  K512,%object
 .align 5
 K512:
-.word  0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd
-.word  0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc
-.word  0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019
-.word  0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118
-.word  0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe
-.word  0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2
-.word  0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1
-.word  0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694
-.word  0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3
-.word  0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65
-.word  0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483
-.word  0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5
-.word  0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210
-.word  0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4
-.word  0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725
-.word  0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70
-.word  0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926
-.word  0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df
-.word  0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8
-.word  0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b
-.word  0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001
-.word  0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30
-.word  0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910
-.word  0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8
-.word  0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53
-.word  0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8
-.word  0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb
-.word  0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3
-.word  0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60
-.word  0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec
-.word  0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9
-.word  0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b
-.word  0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207
-.word  0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178
-.word  0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6
-.word  0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b
-.word  0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493
-.word  0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c
-.word  0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a
-.word  0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817
+WORD64(0x428a2f98,0xd728ae22, 0x71374491,0x23ef65cd)
+WORD64(0xb5c0fbcf,0xec4d3b2f, 0xe9b5dba5,0x8189dbbc)
+WORD64(0x3956c25b,0xf348b538, 0x59f111f1,0xb605d019)
+WORD64(0x923f82a4,0xaf194f9b, 0xab1c5ed5,0xda6d8118)
+WORD64(0xd807aa98,0xa3030242, 0x12835b01,0x45706fbe)
+WORD64(0x243185be,0x4ee4b28c, 0x550c7dc3,0xd5ffb4e2)
+WORD64(0x72be5d74,0xf27b896f, 0x80deb1fe,0x3b1696b1)
+WORD64(0x9bdc06a7,0x25c71235, 0xc19bf174,0xcf692694)
+WORD64(0xe49b69c1,0x9ef14ad2, 0xefbe4786,0x384f25e3)
+WORD64(0x0fc19dc6,0x8b8cd5b5, 0x240ca1cc,0x77ac9c65)
+WORD64(0x2de92c6f,0x592b0275, 0x4a7484aa,0x6ea6e483)
+WORD64(0x5cb0a9dc,0xbd41fbd4, 0x76f988da,0x831153b5)
+WORD64(0x983e5152,0xee66dfab, 0xa831c66d,0x2db43210)
+WORD64(0xb00327c8,0x98fb213f, 0xbf597fc7,0xbeef0ee4)
+WORD64(0xc6e00bf3,0x3da88fc2, 0xd5a79147,0x930aa725)
+WORD64(0x06ca6351,0xe003826f, 0x14292967,0x0a0e6e70)
+WORD64(0x27b70a85,0x46d22ffc, 0x2e1b2138,0x5c26c926)
+WORD64(0x4d2c6dfc,0x5ac42aed, 0x53380d13,0x9d95b3df)
+WORD64(0x650a7354,0x8baf63de, 0x766a0abb,0x3c77b2a8)
+WORD64(0x81c2c92e,0x47edaee6, 0x92722c85,0x1482353b)
+WORD64(0xa2bfe8a1,0x4cf10364, 0xa81a664b,0xbc423001)
+WORD64(0xc24b8b70,0xd0f89791, 0xc76c51a3,0x0654be30)
+WORD64(0xd192e819,0xd6ef5218, 0xd6990624,0x5565a910)
+WORD64(0xf40e3585,0x5771202a, 0x106aa070,0x32bbd1b8)
+WORD64(0x19a4c116,0xb8d2d0c8, 0x1e376c08,0x5141ab53)
+WORD64(0x2748774c,0xdf8eeb99, 0x34b0bcb5,0xe19b48a8)
+WORD64(0x391c0cb3,0xc5c95a63, 0x4ed8aa4a,0xe3418acb)
+WORD64(0x5b9cca4f,0x7763e373, 0x682e6ff3,0xd6b2b8a3)
+WORD64(0x748f82ee,0x5defb2fc, 0x78a5636f,0x43172f60)
+WORD64(0x84c87814,0xa1f0ab72, 0x8cc70208,0x1a6439ec)
+WORD64(0x90befffa,0x23631e28, 0xa4506ceb,0xde82bde9)
+WORD64(0xbef9a3f7,0xb2c67915, 0xc67178f2,0xe372532b)
+WORD64(0xca273ece,0xea26619c, 0xd186b8c7,0x21c0c207)
+WORD64(0xeada7dd6,0xcde0eb1e, 0xf57d4f7f,0xee6ed178)
+WORD64(0x06f067aa,0x72176fba, 0x0a637dc5,0xa2c898a6)
+WORD64(0x113f9804,0xbef90dae, 0x1b710b35,0x131c471b)
+WORD64(0x28db77f5,0x23047d84, 0x32caab7b,0x40c72493)
+WORD64(0x3c9ebe0a,0x15c9bebc, 0x431d67c4,0x9c100d4c)
+WORD64(0x4cc5d4be,0xcb3e42b6, 0x597f299c,0xfc657e2a)
+WORD64(0x5fcb6fab,0x3ad6faec, 0x6c44198c,0x4a475817)
 .size  K512,.-K512
+.LOPENSSL_armcap:
+.word  OPENSSL_armcap_P-sha512_block_data_order
+.skip  32-4
 
 .global        sha512_block_data_order
 .type  sha512_block_data_order,%function
 sha512_block_data_order:
        sub     r3,pc,#8                @ sha512_block_data_order
        add     $len,$inp,$len,lsl#7    @ len to point at the end of inp
+#if __ARM_ARCH__>=7
+       ldr     r12,.LOPENSSL_armcap
+       ldr     r12,[r3,r12]            @ OPENSSL_armcap_P
+       tst     r12,#1
+       bne     .LNEON
+#endif
        stmdb   sp!,{r4-r12,lr}
-       sub     $Ktbl,r3,#640           @ K512
+       sub     $Ktbl,r3,#672           @ K512
        sub     sp,sp,#9*8
 
        ldr     $Elo,[$ctx,#$Eoff+$lo]
@@ -238,6 +270,7 @@ sha512_block_data_order:
        str     $Thi,[sp,#$Foff+4]
 
 .L00_15:
+#if __ARM_ARCH__<7
        ldrb    $Tlo,[$inp,#7]
        ldrb    $t0, [$inp,#6]
        ldrb    $t1, [$inp,#5]
@@ -252,26 +285,30 @@ sha512_block_data_order:
        orr     $Thi,$Thi,$t3,lsl#8
        orr     $Thi,$Thi,$t0,lsl#16
        orr     $Thi,$Thi,$t1,lsl#24
-       str     $Tlo,[sp,#$Xoff+0]
-       str     $Thi,[sp,#$Xoff+4]
+#else
+       ldr     $Tlo,[$inp,#4]
+       ldr     $Thi,[$inp],#8
+#ifdef __ARMEL__
+       rev     $Tlo,$Tlo
+       rev     $Thi,$Thi
+#endif
+#endif
 ___
        &BODY_00_15(0x94);
 $code.=<<___;
        tst     $Ktbl,#1
        beq     .L00_15
-       bic     $Ktbl,$Ktbl,#1
-
-.L16_79:
        ldr     $t0,[sp,#`$Xoff+8*(16-1)`+0]
        ldr     $t1,[sp,#`$Xoff+8*(16-1)`+4]
-       ldr     $t2,[sp,#`$Xoff+8*(16-14)`+0]
-       ldr     $t3,[sp,#`$Xoff+8*(16-14)`+4]
-
+       bic     $Ktbl,$Ktbl,#1
+.L16_79:
        @ sigma0(x)     (ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
        @ LO            lo>>1^hi<<31  ^ lo>>8^hi<<24 ^ lo>>7^hi<<25
        @ HI            hi>>1^lo<<31  ^ hi>>8^lo<<24 ^ hi>>7
        mov     $Tlo,$t0,lsr#1
+       ldr     $t2,[sp,#`$Xoff+8*(16-14)`+0]
        mov     $Thi,$t1,lsr#1
+       ldr     $t3,[sp,#`$Xoff+8*(16-14)`+4]
        eor     $Tlo,$Tlo,$t1,lsl#31
        eor     $Thi,$Thi,$t0,lsl#31
        eor     $Tlo,$Tlo,$t0,lsr#8
@@ -295,25 +332,24 @@ $code.=<<___;
        eor     $t1,$t1,$t3,lsl#3
        eor     $t0,$t0,$t2,lsr#6
        eor     $t1,$t1,$t3,lsr#6
+       ldr     $t2,[sp,#`$Xoff+8*(16-9)`+0]
        eor     $t0,$t0,$t3,lsl#26
 
-       ldr     $t2,[sp,#`$Xoff+8*(16-9)`+0]
        ldr     $t3,[sp,#`$Xoff+8*(16-9)`+4]
        adds    $Tlo,$Tlo,$t0
+       ldr     $t0,[sp,#`$Xoff+8*16`+0]
        adc     $Thi,$Thi,$t1
 
-       ldr     $t0,[sp,#`$Xoff+8*16`+0]
        ldr     $t1,[sp,#`$Xoff+8*16`+4]
        adds    $Tlo,$Tlo,$t2
        adc     $Thi,$Thi,$t3
        adds    $Tlo,$Tlo,$t0
        adc     $Thi,$Thi,$t1
-       str     $Tlo,[sp,#$Xoff+0]
-       str     $Thi,[sp,#$Xoff+4]
 ___
        &BODY_00_15(0x17);
 $code.=<<___;
-       tst     $Ktbl,#1
+       ldreq   $t0,[sp,#`$Xoff+8*(16-1)`+0]
+       ldreq   $t1,[sp,#`$Xoff+8*(16-1)`+4]
        beq     .L16_79
        bic     $Ktbl,$Ktbl,#1
 
@@ -324,12 +360,12 @@ $code.=<<___;
        ldr     $t2, [$ctx,#$Boff+$lo]
        ldr     $t3, [$ctx,#$Boff+$hi]
        adds    $t0,$Alo,$t0
-       adc     $t1,$Ahi,$t1
-       adds    $t2,$Tlo,$t2
-       adc     $t3,$Thi,$t3
        str     $t0, [$ctx,#$Aoff+$lo]
+       adc     $t1,$Ahi,$t1
        str     $t1, [$ctx,#$Aoff+$hi]
+       adds    $t2,$Tlo,$t2
        str     $t2, [$ctx,#$Boff+$lo]
+       adc     $t3,$Thi,$t3
        str     $t3, [$ctx,#$Boff+$hi]
 
        ldr     $Alo,[sp,#$Coff+0]
@@ -341,12 +377,12 @@ $code.=<<___;
        ldr     $t2, [$ctx,#$Doff+$lo]
        ldr     $t3, [$ctx,#$Doff+$hi]
        adds    $t0,$Alo,$t0
-       adc     $t1,$Ahi,$t1
-       adds    $t2,$Tlo,$t2
-       adc     $t3,$Thi,$t3
        str     $t0, [$ctx,#$Coff+$lo]
+       adc     $t1,$Ahi,$t1
        str     $t1, [$ctx,#$Coff+$hi]
+       adds    $t2,$Tlo,$t2
        str     $t2, [$ctx,#$Doff+$lo]
+       adc     $t3,$Thi,$t3
        str     $t3, [$ctx,#$Doff+$hi]
 
        ldr     $Tlo,[sp,#$Foff+0]
@@ -356,12 +392,12 @@ $code.=<<___;
        ldr     $t2, [$ctx,#$Foff+$lo]
        ldr     $t3, [$ctx,#$Foff+$hi]
        adds    $Elo,$Elo,$t0
-       adc     $Ehi,$Ehi,$t1
-       adds    $t2,$Tlo,$t2
-       adc     $t3,$Thi,$t3
        str     $Elo,[$ctx,#$Eoff+$lo]
+       adc     $Ehi,$Ehi,$t1
        str     $Ehi,[$ctx,#$Eoff+$hi]
+       adds    $t2,$Tlo,$t2
        str     $t2, [$ctx,#$Foff+$lo]
+       adc     $t3,$Thi,$t3
        str     $t3, [$ctx,#$Foff+$hi]
 
        ldr     $Alo,[sp,#$Goff+0]
@@ -373,12 +409,12 @@ $code.=<<___;
        ldr     $t2, [$ctx,#$Hoff+$lo]
        ldr     $t3, [$ctx,#$Hoff+$hi]
        adds    $t0,$Alo,$t0
-       adc     $t1,$Ahi,$t1
-       adds    $t2,$Tlo,$t2
-       adc     $t3,$Thi,$t3
        str     $t0, [$ctx,#$Goff+$lo]
+       adc     $t1,$Ahi,$t1
        str     $t1, [$ctx,#$Goff+$hi]
+       adds    $t2,$Tlo,$t2
        str     $t2, [$ctx,#$Hoff+$lo]
+       adc     $t3,$Thi,$t3
        str     $t3, [$ctx,#$Hoff+$hi]
 
        add     sp,sp,#640
@@ -388,13 +424,156 @@ $code.=<<___;
        bne     .Loop
 
        add     sp,sp,#8*9              @ destroy frame
+#if __ARM_ARCH__>=5
+       ldmia   sp!,{r4-r12,pc}
+#else
        ldmia   sp!,{r4-r12,lr}
        tst     lr,#1
        moveq   pc,lr                   @ be binary compatible with V4, yet
        bx      lr                      @ interoperable with Thumb ISA:-)
-.size   sha512_block_data_order,.-sha512_block_data_order
-.asciz  "SHA512 block transform for ARMv4, CRYPTOGAMS by <appro\@openssl.org>"
+#endif
+___
+
+{
+my @Sigma0=(28,34,39);
+my @Sigma1=(14,18,41);
+my @sigma0=(1, 8, 7);
+my @sigma1=(19,61,6);
+
+my $Ktbl="r3";
+my $cnt="r12"; # volatile register known as ip, intra-procedure-call scratch
+
+my @X=map("d$_",(0..15));
+my @V=($A,$B,$C,$D,$E,$F,$G,$H)=map("d$_",(16..23));
+
+sub NEON_00_15() {
+my $i=shift;
+my ($a,$b,$c,$d,$e,$f,$g,$h)=@_;
+my ($t0,$t1,$t2,$T1,$K,$Ch,$Maj)=map("d$_",(24..31));  # temps
+
+$code.=<<___ if ($i<16 || $i&1);
+       vshr.u64        $t0,$e,#@Sigma1[0]      @ $i
+#if $i<16
+       vld1.64         {@X[$i%16]},[$inp]!     @ handles unaligned
+#endif
+       vshr.u64        $t1,$e,#@Sigma1[1]
+       vshr.u64        $t2,$e,#@Sigma1[2]
+___
+$code.=<<___;
+       vld1.64         {$K},[$Ktbl,:64]!       @ K[i++]
+       vsli.64         $t0,$e,#`64-@Sigma1[0]`
+       vsli.64         $t1,$e,#`64-@Sigma1[1]`
+       vsli.64         $t2,$e,#`64-@Sigma1[2]`
+#if $i<16 && defined(__ARMEL__)
+       vrev64.8        @X[$i],@X[$i]
+#endif
+       vadd.i64        $T1,$K,$h
+       veor            $Ch,$f,$g
+       veor            $t0,$t1
+       vand            $Ch,$e
+       veor            $t0,$t2                 @ Sigma1(e)
+       veor            $Ch,$g                  @ Ch(e,f,g)
+       vadd.i64        $T1,$t0
+       vshr.u64        $t0,$a,#@Sigma0[0]
+       vadd.i64        $T1,$Ch
+       vshr.u64        $t1,$a,#@Sigma0[1]
+       vshr.u64        $t2,$a,#@Sigma0[2]
+       vsli.64         $t0,$a,#`64-@Sigma0[0]`
+       vsli.64         $t1,$a,#`64-@Sigma0[1]`
+       vsli.64         $t2,$a,#`64-@Sigma0[2]`
+       vadd.i64        $T1,@X[$i%16]
+       vorr            $Maj,$a,$c
+       vand            $Ch,$a,$c
+       veor            $h,$t0,$t1
+       vand            $Maj,$b
+       veor            $h,$t2                  @ Sigma0(a)
+       vorr            $Maj,$Ch                @ Maj(a,b,c)
+       vadd.i64        $h,$T1
+       vadd.i64        $d,$T1
+       vadd.i64        $h,$Maj
+___
+}
+
+sub NEON_16_79() {
+my $i=shift;
+
+if ($i&1)      { &NEON_00_15($i,@_); return; }
+
+# 2x-vectorized, therefore runs every 2nd round
+my @X=map("q$_",(0..7));                       # view @X as 128-bit vector
+my ($t0,$t1,$s0,$s1) = map("q$_",(12..15));    # temps
+my ($d0,$d1,$d2) = map("d$_",(24..26));                # temps from NEON_00_15
+my $e=@_[4];                                   # $e from NEON_00_15
+$i /= 2;
+$code.=<<___;
+       vshr.u64        $t0,@X[($i+7)%8],#@sigma1[0]
+       vshr.u64        $t1,@X[($i+7)%8],#@sigma1[1]
+       vshr.u64        $s1,@X[($i+7)%8],#@sigma1[2]
+       vsli.64         $t0,@X[($i+7)%8],#`64-@sigma1[0]`
+       vext.8          $s0,@X[$i%8],@X[($i+1)%8],#8    @ X[i+1]
+       vsli.64         $t1,@X[($i+7)%8],#`64-@sigma1[1]`
+       veor            $s1,$t0
+       vshr.u64        $t0,$s0,#@sigma0[0]
+       veor            $s1,$t1                         @ sigma1(X[i+14])
+       vshr.u64        $t1,$s0,#@sigma0[1]
+       vadd.i64        @X[$i%8],$s1
+       vshr.u64        $s1,$s0,#@sigma0[2]
+       vsli.64         $t0,$s0,#`64-@sigma0[0]`
+       vsli.64         $t1,$s0,#`64-@sigma0[1]`
+       vext.8          $s0,@X[($i+4)%8],@X[($i+5)%8],#8        @ X[i+9]
+       veor            $s1,$t0
+       vshr.u64        $d0,$e,#@Sigma1[0]              @ from NEON_00_15
+       vadd.i64        @X[$i%8],$s0
+       vshr.u64        $d1,$e,#@Sigma1[1]              @ from NEON_00_15
+       veor            $s1,$t1                         @ sigma0(X[i+1])
+       vshr.u64        $d2,$e,#@Sigma1[2]              @ from NEON_00_15
+       vadd.i64        @X[$i%8],$s1
+___
+       &NEON_00_15(2*$i,@_);
+}
+
+$code.=<<___;
+#if __ARM_ARCH__>=7
+.fpu   neon
+
+.align 4
+.LNEON:
+       dmb                             @ errata #451034 on early Cortex A8
+       vstmdb  sp!,{d8-d15}            @ ABI specification says so
+       sub     $Ktbl,r3,#672           @ K512
+       vldmia  $ctx,{$A-$H}            @ load context
+.Loop_neon:
+___
+for($i=0;$i<16;$i++)   { &NEON_00_15($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+       mov             $cnt,#4
+.L16_79_neon:
+       subs            $cnt,#1
+___
+for(;$i<32;$i++)       { &NEON_16_79($i,@V); unshift(@V,pop(@V)); }
+$code.=<<___;
+       bne             .L16_79_neon
+
+       vldmia          $ctx,{d24-d31}  @ load context to temp
+       vadd.i64        q8,q12          @ vectorized accumulate
+       vadd.i64        q9,q13
+       vadd.i64        q10,q14
+       vadd.i64        q11,q15
+       vstmia          $ctx,{$A-$H}    @ save context
+       teq             $inp,$len
+       sub             $Ktbl,#640      @ rewind K512
+       bne             .Loop_neon
+
+       vldmia  sp!,{d8-d15}            @ epilogue
+       bx      lr
+#endif
+___
+}
+$code.=<<___;
+.size  sha512_block_data_order,.-sha512_block_data_order
+.asciz "SHA512 block transform for ARMv4/NEON, CRYPTOGAMS by <appro\@openssl.org>"
 .align 2
+.comm  OPENSSL_armcap_P,4,4
 ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;

diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-ppc.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-ppc.pl
old mode 100644 (file)
new mode 100755 (executable)
index 768a6a6..6b44a68
--- a/deps/openssl/openssl/crypto/sha/asm/sha512-ppc.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512-ppc.pl
@@ -40,6 +40,7 @@ $output =shift;
 
 if ($flavour =~ /64/) {
        $SIZE_T=8;
+       $LRSAVE=2*$SIZE_T;
        $STU="stdu";
        $UCMP="cmpld";
        $SHL="sldi";
@@ -47,6 +48,7 @@ if ($flavour =~ /64/) {
        $PUSH="std";
 } elsif ($flavour =~ /32/) {
        $SIZE_T=4;
+       $LRSAVE=$SIZE_T;
        $STU="stwu";
        $UCMP="cmplw";
        $SHL="slwi";
@@ -87,7 +89,8 @@ if ($output =~ /512/) {
        $SHR="srwi";
 }
 
-$FRAME=32*$SIZE_T;
+$FRAME=32*$SIZE_T+16*$SZ;
+$LOCALS=6*$SIZE_T;
 
 $sp ="r1";
 $toc="r2";
@@ -179,13 +182,12 @@ $code=<<___;
 .globl $func
 .align 6
 $func:
+       $STU    $sp,-$FRAME($sp)
        mflr    r0
-       $STU    $sp,`-($FRAME+16*$SZ)`($sp)
        $SHL    $num,$num,`log(16*$SZ)/log(2)`
 
        $PUSH   $ctx,`$FRAME-$SIZE_T*22`($sp)
 
-       $PUSH   r0,`$FRAME-$SIZE_T*21`($sp)
        $PUSH   $toc,`$FRAME-$SIZE_T*20`($sp)
        $PUSH   r13,`$FRAME-$SIZE_T*19`($sp)
        $PUSH   r14,`$FRAME-$SIZE_T*18`($sp)
@@ -206,6 +208,7 @@ $func:
        $PUSH   r29,`$FRAME-$SIZE_T*3`($sp)
        $PUSH   r30,`$FRAME-$SIZE_T*2`($sp)
        $PUSH   r31,`$FRAME-$SIZE_T*1`($sp)
+       $PUSH   r0,`$FRAME+$LRSAVE`($sp)
 
        $LD     $A,`0*$SZ`($ctx)
        mr      $inp,r4                         ; incarnate $inp
@@ -217,7 +220,7 @@ $func:
        $LD     $G,`6*$SZ`($ctx)
        $LD     $H,`7*$SZ`($ctx)
 
-       b       LPICmeup
+       bl      LPICmeup
 LPICedup:
        andi.   r0,$inp,3
        bne     Lunaligned
@@ -226,40 +229,14 @@ Laligned:
        $PUSH   $num,`$FRAME-$SIZE_T*24`($sp)   ; end pointer
        $PUSH   $inp,`$FRAME-$SIZE_T*23`($sp)   ; inp pointer
        bl      Lsha2_block_private
-Ldone:
-       $POP    r0,`$FRAME-$SIZE_T*21`($sp)
-       $POP    $toc,`$FRAME-$SIZE_T*20`($sp)
-       $POP    r13,`$FRAME-$SIZE_T*19`($sp)
-       $POP    r14,`$FRAME-$SIZE_T*18`($sp)
-       $POP    r15,`$FRAME-$SIZE_T*17`($sp)
-       $POP    r16,`$FRAME-$SIZE_T*16`($sp)
-       $POP    r17,`$FRAME-$SIZE_T*15`($sp)
-       $POP    r18,`$FRAME-$SIZE_T*14`($sp)
-       $POP    r19,`$FRAME-$SIZE_T*13`($sp)
-       $POP    r20,`$FRAME-$SIZE_T*12`($sp)
-       $POP    r21,`$FRAME-$SIZE_T*11`($sp)
-       $POP    r22,`$FRAME-$SIZE_T*10`($sp)
-       $POP    r23,`$FRAME-$SIZE_T*9`($sp)
-       $POP    r24,`$FRAME-$SIZE_T*8`($sp)
-       $POP    r25,`$FRAME-$SIZE_T*7`($sp)
-       $POP    r26,`$FRAME-$SIZE_T*6`($sp)
-       $POP    r27,`$FRAME-$SIZE_T*5`($sp)
-       $POP    r28,`$FRAME-$SIZE_T*4`($sp)
-       $POP    r29,`$FRAME-$SIZE_T*3`($sp)
-       $POP    r30,`$FRAME-$SIZE_T*2`($sp)
-       $POP    r31,`$FRAME-$SIZE_T*1`($sp)
-       mtlr    r0
-       addi    $sp,$sp,`$FRAME+16*$SZ`
-       blr
-___
+       b       Ldone
 
-# PowerPC specification allows an implementation to be ill-behaved
-# upon unaligned access which crosses page boundary. "Better safe
-# than sorry" principle makes me treat it specially. But I don't
-# look for particular offending word, but rather for the input
-# block which crosses the boundary. Once found that block is aligned
-# and hashed separately...
-$code.=<<___;
+; PowerPC specification allows an implementation to be ill-behaved
+; upon unaligned access which crosses page boundary. "Better safe
+; than sorry" principle makes me treat it specially. But I don't
+; look for particular offending word, but rather for the input
+; block which crosses the boundary. Once found that block is aligned
+; and hashed separately...
 .align 4
 Lunaligned:
        subfic  $t1,$inp,4096
@@ -278,7 +255,7 @@ Lunaligned:
 Lcross_page:
        li      $t1,`16*$SZ/4`
        mtctr   $t1
-       addi    r20,$sp,$FRAME                  ; aligned spot below the frame
+       addi    r20,$sp,$LOCALS                 ; aligned spot below the frame
 Lmemcpy:
        lbz     r16,0($inp)
        lbz     r17,1($inp)
@@ -293,8 +270,8 @@ Lmemcpy:
        bdnz    Lmemcpy
 
        $PUSH   $inp,`$FRAME-$SIZE_T*26`($sp)   ; save real inp
-       addi    $t1,$sp,`$FRAME+16*$SZ`         ; fictitious end pointer
-       addi    $inp,$sp,$FRAME                 ; fictitious inp pointer
+       addi    $t1,$sp,`$LOCALS+16*$SZ`        ; fictitious end pointer
+       addi    $inp,$sp,$LOCALS                ; fictitious inp pointer
        $PUSH   $num,`$FRAME-$SIZE_T*25`($sp)   ; save real num
        $PUSH   $t1,`$FRAME-$SIZE_T*24`($sp)    ; end pointer
        $PUSH   $inp,`$FRAME-$SIZE_T*23`($sp)   ; inp pointer
@@ -303,10 +280,36 @@ Lmemcpy:
        $POP    $num,`$FRAME-$SIZE_T*25`($sp)   ; restore real num
        addic.  $num,$num,`-16*$SZ`             ; num--
        bne-    Lunaligned
-       b       Ldone
-___
 
-$code.=<<___;
+Ldone:
+       $POP    r0,`$FRAME+$LRSAVE`($sp)
+       $POP    $toc,`$FRAME-$SIZE_T*20`($sp)
+       $POP    r13,`$FRAME-$SIZE_T*19`($sp)
+       $POP    r14,`$FRAME-$SIZE_T*18`($sp)
+       $POP    r15,`$FRAME-$SIZE_T*17`($sp)
+       $POP    r16,`$FRAME-$SIZE_T*16`($sp)
+       $POP    r17,`$FRAME-$SIZE_T*15`($sp)
+       $POP    r18,`$FRAME-$SIZE_T*14`($sp)
+       $POP    r19,`$FRAME-$SIZE_T*13`($sp)
+       $POP    r20,`$FRAME-$SIZE_T*12`($sp)
+       $POP    r21,`$FRAME-$SIZE_T*11`($sp)
+       $POP    r22,`$FRAME-$SIZE_T*10`($sp)
+       $POP    r23,`$FRAME-$SIZE_T*9`($sp)
+       $POP    r24,`$FRAME-$SIZE_T*8`($sp)
+       $POP    r25,`$FRAME-$SIZE_T*7`($sp)
+       $POP    r26,`$FRAME-$SIZE_T*6`($sp)
+       $POP    r27,`$FRAME-$SIZE_T*5`($sp)
+       $POP    r28,`$FRAME-$SIZE_T*4`($sp)
+       $POP    r29,`$FRAME-$SIZE_T*3`($sp)
+       $POP    r30,`$FRAME-$SIZE_T*2`($sp)
+       $POP    r31,`$FRAME-$SIZE_T*1`($sp)
+       mtlr    r0
+       addi    $sp,$sp,$FRAME
+       blr
+       .long   0
+       .byte   0,12,4,1,0x80,18,3,0
+       .long   0
+
 .align 4
 Lsha2_block_private:
 ___
@@ -372,6 +375,8 @@ $code.=<<___;
        $ST     $H,`7*$SZ`($ctx)
        bne     Lsha2_block_private
        blr
+       .long   0
+       .byte   0,12,0x14,0,0,0,0,0
 ___
 
 # Ugly hack here, because PPC assembler syntax seem to vary too
@@ -379,22 +384,15 @@ ___
 $code.=<<___;
 .align 6
 LPICmeup:
-       bl      LPIC
-       addi    $Tbl,$Tbl,`64-4`        ; "distance" between . and last nop
-       b       LPICedup
-       nop
-       nop
-       nop
-       nop
-       nop
-LPIC:  mflr    $Tbl
+       mflr    r0
+       bcl     20,31,\$+4
+       mflr    $Tbl    ; vvvvvv "distance" between . and 1st data entry
+       addi    $Tbl,$Tbl,`64-8`
+       mtlr    r0
        blr
-       nop
-       nop
-       nop
-       nop
-       nop
-       nop
+       .long   0
+       .byte   0,12,0x14,0,0,0,0,0
+       .space  `64-9*4`
 ___
 $code.=<<___ if ($SZ==8);
        .long   0x428a2f98,0xd728ae22,0x71374491,0x23ef65cd

diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-s390x.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-s390x.pl
index e7ef2d5..079a3fc 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/asm/sha512-s390x.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512-s390x.pl
@@ -26,6 +26,26 @@
 # favour dual-issue z10 pipeline. Hardware SHA256/512 is ~4.7x faster
 # than software.
 
+# November 2010.
+#
+# Adapt for -m31 build. If kernel supports what's called "highgprs"
+# feature on Linux [see /proc/cpuinfo], it's possible to use 64-bit
+# instructions and achieve "64-bit" performance even in 31-bit legacy
+# application context. The feature is not specific to any particular
+# processor, as long as it's "z-CPU". Latter implies that the code
+# remains z/Architecture specific. On z900 SHA256 was measured to
+# perform 2.4x and SHA512 - 13x better than code generated by gcc 4.3.
+
+$flavour = shift;
+
+if ($flavour =~ /3[12]/) {
+       $SIZE_T=4;
+       $g="";
+} else {
+       $SIZE_T=8;
+       $g="g";
+}
+
 $t0="%r0";
 $t1="%r1";
 $ctx="%r2";    $t2="%r2";
@@ -44,7 +64,7 @@ $tbl="%r13";
 $T1="%r14";
 $sp="%r15";
 
-$output=shift;
+while (($output=shift) && ($output!~/^\w[\w\-]*\.\w+$/)) {}
 open STDOUT,">$output";
 
 if ($output =~ /512/) {
@@ -78,7 +98,8 @@ if ($output =~ /512/) {
 }
 $Func="sha${label}_block_data_order";
 $Table="K${label}";
-$frame=160+16*$SZ;
+$stdframe=16*$SIZE_T+4*8;
+$frame=$stdframe+16*$SZ;
 
 sub BODY_00_15 {
 my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
@@ -93,9 +114,9 @@ $code.=<<___;
        xgr     $t0,$t1
        $ROT    $t1,$t1,`$Sigma1[2]-$Sigma1[1]`
         xgr    $t2,$g
-       $ST     $T1,`160+$SZ*($i%16)`($sp)
+       $ST     $T1,`$stdframe+$SZ*($i%16)`($sp)
        xgr     $t0,$t1                 # Sigma1(e)
-       la      $T1,0($T1,$h)           # T1+=h
+       algr    $T1,$h                  # T1+=h
         ngr    $t2,$e
         lgr    $t1,$a
        algr    $T1,$t0                 # T1+=Sigma1(e)
@@ -113,7 +134,7 @@ $code.=<<___;
         ngr    $t2,$b
        algr    $h,$T1                  # h+=T1
         ogr    $t2,$t1                 # Maj(a,b,c)
-       la      $d,0($d,$T1)            # d+=T1
+       algr    $d,$T1                  # d+=T1
        algr    $h,$t2                  # h+=Maj(a,b,c)
 ___
 }
@@ -122,19 +143,19 @@ sub BODY_16_XX {
 my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
 
 $code.=<<___;
-       $LD     $T1,`160+$SZ*(($i+1)%16)`($sp)  ### $i
-       $LD     $t1,`160+$SZ*(($i+14)%16)`($sp)
+       $LD     $T1,`$stdframe+$SZ*(($i+1)%16)`($sp)    ### $i
+       $LD     $t1,`$stdframe+$SZ*(($i+14)%16)`($sp)
        $ROT    $t0,$T1,$sigma0[0]
        $SHR    $T1,$sigma0[2]
        $ROT    $t2,$t0,`$sigma0[1]-$sigma0[0]`
        xgr     $T1,$t0
        $ROT    $t0,$t1,$sigma1[0]
-       xgr     $T1,$t2                         # sigma0(X[i+1])
+       xgr     $T1,$t2                                 # sigma0(X[i+1])
        $SHR    $t1,$sigma1[2]
-       $ADD    $T1,`160+$SZ*($i%16)`($sp)      # +=X[i]
+       $ADD    $T1,`$stdframe+$SZ*($i%16)`($sp)        # +=X[i]
        xgr     $t1,$t0
        $ROT    $t0,$t0,`$sigma1[1]-$sigma1[0]`
-       $ADD    $T1,`160+$SZ*(($i+9)%16)`($sp)  # +=X[i+9]
+       $ADD    $T1,`$stdframe+$SZ*(($i+9)%16)`($sp)    # +=X[i+9]
        xgr     $t1,$t0                         # sigma1(X[i+14])
        algr    $T1,$t1                         # +=sigma1(X[i+14])
 ___
@@ -212,6 +233,7 @@ $code.=<<___;
 .globl $Func
 .type  $Func,\@function
 $Func:
+       sllg    $len,$len,`log(16*$SZ)/log(2)`
 ___
 $code.=<<___ if ($kimdfunc);
        larl    %r1,OPENSSL_s390xcap_P
@@ -219,15 +241,15 @@ $code.=<<___ if ($kimdfunc);
        tmhl    %r0,0x4000      # check for message-security assist
        jz      .Lsoftware
        lghi    %r0,0
-       la      %r1,16($sp)
+       la      %r1,`2*$SIZE_T`($sp)
        .long   0xb93e0002      # kimd %r0,%r2
-       lg      %r0,16($sp)
+       lg      %r0,`2*$SIZE_T`($sp)
        tmhh    %r0,`0x8000>>$kimdfunc`
        jz      .Lsoftware
        lghi    %r0,$kimdfunc
        lgr     %r1,$ctx
        lgr     %r2,$inp
-       sllg    %r3,$len,`log(16*$SZ)/log(2)`
+       lgr     %r3,$len
        .long   0xb93e0002      # kimd %r0,%r2
        brc     1,.-4           # pay attention to "partial completion"
        br      %r14
@@ -235,13 +257,12 @@ $code.=<<___ if ($kimdfunc);
 .Lsoftware:
 ___
 $code.=<<___;
-       sllg    $len,$len,`log(16*$SZ)/log(2)`
        lghi    %r1,-$frame
-       agr     $len,$inp
-       stmg    $ctx,%r15,16($sp)
+       la      $len,0($len,$inp)
+       stm${g} $ctx,%r15,`2*$SIZE_T`($sp)
        lgr     %r0,$sp
        la      $sp,0(%r1,$sp)
-       stg     %r0,0($sp)
+       st${g}  %r0,0($sp)
 
        larl    $tbl,$Table
        $LD     $A,`0*$SZ`($ctx)
@@ -265,7 +286,7 @@ $code.=<<___;
        clgr    $len,$t0
        jne     .Lrounds_16_xx
 
-       lg      $ctx,`$frame+16`($sp)
+       l${g}   $ctx,`$frame+2*$SIZE_T`($sp)
        la      $inp,`16*$SZ`($inp)
        $ADD    $A,`0*$SZ`($ctx)
        $ADD    $B,`1*$SZ`($ctx)
@@ -283,14 +304,14 @@ $code.=<<___;
        $ST     $F,`5*$SZ`($ctx)
        $ST     $G,`6*$SZ`($ctx)
        $ST     $H,`7*$SZ`($ctx)
-       clg     $inp,`$frame+32`($sp)
+       cl${g}  $inp,`$frame+4*$SIZE_T`($sp)
        jne     .Lloop
 
-       lmg     %r6,%r15,`$frame+48`($sp)       
+       lm${g}  %r6,%r15,`$frame+6*$SIZE_T`($sp)        
        br      %r14
 .size  $Func,.-$Func
 .string        "SHA${label} block transform for s390x, CRYPTOGAMS by <appro\@openssl.org>"
-.comm  OPENSSL_s390xcap_P,8,8
+.comm  OPENSSL_s390xcap_P,16,8
 ___
 
 $code =~ s/\`([^\`]*)\`/eval $1/gem;

diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-sparcv9.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-sparcv9.pl
index ec5d781..5857407 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/asm/sha512-sparcv9.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512-sparcv9.pl
@@ -305,9 +305,9 @@ $code.=<<___;
        srlx    @X[(($i+9)/2)%8],32,$tmp1       ! X[i+9]
        xor     $tmp0,$tmp2,$tmp2               ! sigma1(X[i+14])
        srl     @X[($i/2)%8],0,$tmp0
+       add     $tmp2,$tmp1,$tmp1
        add     $xi,$T1,$T1                     ! +=X[i]
        xor     $tmp0,@X[($i/2)%8],@X[($i/2)%8]
-       add     $tmp2,$T1,$T1
        add     $tmp1,$T1,$T1
 
        srl     $T1,0,$T1
@@ -318,9 +318,9 @@ ___
 $code.=<<___;
        srlx    @X[($i/2)%8],32,$tmp1           ! X[i]
        xor     $tmp0,$tmp2,$tmp2               ! sigma1(X[i+14])
-       srl     @X[($i/2)%8],0,@X[($i/2)%8]
        add     $xi,$T1,$T1                     ! +=X[i+9]
-       add     $tmp2,$T1,$T1
+       add     $tmp2,$tmp1,$tmp1
+       srl     @X[($i/2)%8],0,@X[($i/2)%8]
        add     $tmp1,$T1,$T1
 
        sllx    $T1,32,$tmp0

diff --git a/deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl b/deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl
index e6643f8..8d51678 100755 (executable)
--- a/deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl
+++ b/deps/openssl/openssl/crypto/sha/asm/sha512-x86_64.pl
@@ -51,7 +51,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 if ($output =~ /512/) {
        $func="sha512_block_data_order";
@@ -95,50 +96,44 @@ sub ROUND_00_15()
 { my ($i,$a,$b,$c,$d,$e,$f,$g,$h) = @_;
 
 $code.=<<___;
-       mov     $e,$a0
-       mov     $e,$a1
+       ror     \$`$Sigma1[2]-$Sigma1[1]`,$a0
        mov     $f,$a2
+       mov     $T1,`$SZ*($i&0xf)`(%rsp)
 
-       ror     \$$Sigma1[0],$a0
-       ror     \$$Sigma1[1],$a1
+       ror     \$`$Sigma0[2]-$Sigma0[1]`,$a1
+       xor     $e,$a0
        xor     $g,$a2                  # f^g
 
-       xor     $a1,$a0
-       ror     \$`$Sigma1[2]-$Sigma1[1]`,$a1
+       ror     \$`$Sigma1[1]-$Sigma1[0]`,$a0
+       add     $h,$T1                  # T1+=h
+       xor     $a,$a1
+
+       add     ($Tbl,$round,$SZ),$T1   # T1+=K[round]
        and     $e,$a2                  # (f^g)&e
-       mov     $T1,`$SZ*($i&0xf)`(%rsp)
+       mov     $b,$h
 
-       xor     $a1,$a0                 # Sigma1(e)
+       ror     \$`$Sigma0[1]-$Sigma0[0]`,$a1
+       xor     $e,$a0
        xor     $g,$a2                  # Ch(e,f,g)=((f^g)&e)^g
-       add     $h,$T1                  # T1+=h
-
-       mov     $a,$h
-       add     $a0,$T1                 # T1+=Sigma1(e)
 
+       xor     $c,$h                   # b^c
+       xor     $a,$a1
        add     $a2,$T1                 # T1+=Ch(e,f,g)
-       mov     $a,$a0
-       mov     $a,$a1
+       mov     $b,$a2
 
-       ror     \$$Sigma0[0],$h
-       ror     \$$Sigma0[1],$a0
-       mov     $a,$a2
-       add     ($Tbl,$round,$SZ),$T1   # T1+=K[round]
+       ror     \$$Sigma1[0],$a0        # Sigma1(e)
+       and     $a,$h                   # h=(b^c)&a
+       and     $c,$a2                  # b&c
 
-       xor     $a0,$h
-       ror     \$`$Sigma0[2]-$Sigma0[1]`,$a0
-       or      $c,$a1                  # a|c
+       ror     \$$Sigma0[0],$a1        # Sigma0(a)
+       add     $a0,$T1                 # T1+=Sigma1(e)
+       add     $a2,$h                  # h+=b&c (completes +=Maj(a,b,c)
 
-       xor     $a0,$h                  # h=Sigma0(a)
-       and     $c,$a2                  # a&c
        add     $T1,$d                  # d+=T1
-
-       and     $b,$a1                  # (a|c)&b
        add     $T1,$h                  # h+=T1
-
-       or      $a2,$a1                 # Maj(a,b,c)=((a|c)&b)|(a&c)
        lea     1($round),$round        # round++
+       add     $a1,$h                  # h+=Sigma0(a)
 
-       add     $a1,$h                  # h+=Maj(a,b,c)
 ___
 }
 
@@ -147,32 +142,30 @@ sub ROUND_16_XX()
 
 $code.=<<___;
        mov     `$SZ*(($i+1)&0xf)`(%rsp),$a0
-       mov     `$SZ*(($i+14)&0xf)`(%rsp),$T1
-
-       mov     $a0,$a2
+       mov     `$SZ*(($i+14)&0xf)`(%rsp),$a1
+       mov     $a0,$T1
+       mov     $a1,$a2
 
+       ror     \$`$sigma0[1]-$sigma0[0]`,$T1
+       xor     $a0,$T1
        shr     \$$sigma0[2],$a0
-       ror     \$$sigma0[0],$a2
-
-       xor     $a2,$a0
-       ror     \$`$sigma0[1]-$sigma0[0]`,$a2
 
-       xor     $a2,$a0                 # sigma0(X[(i+1)&0xf])
-       mov     $T1,$a1
+       ror     \$$sigma0[0],$T1
+       xor     $T1,$a0                 # sigma0(X[(i+1)&0xf])
+       mov     `$SZ*(($i+9)&0xf)`(%rsp),$T1
 
-       shr     \$$sigma1[2],$T1
-       ror     \$$sigma1[0],$a1
-
-       xor     $a1,$T1
-       ror     \$`$sigma1[1]-$sigma1[0]`,$a1
-
-       xor     $a1,$T1                 # sigma1(X[(i+14)&0xf])
+       ror     \$`$sigma1[1]-$sigma1[0]`,$a2
+       xor     $a1,$a2
+       shr     \$$sigma1[2],$a1
 
+       ror     \$$sigma1[0],$a2
        add     $a0,$T1
-
-       add     `$SZ*(($i+9)&0xf)`(%rsp),$T1
+       xor     $a2,$a1                 # sigma1(X[(i+14)&0xf])
 
        add     `$SZ*($i&0xf)`(%rsp),$T1
+       mov     $e,$a0
+       add     $a1,$T1
+       mov     $a,$a1
 ___
        &ROUND_00_15(@_);
 }
@@ -219,6 +212,8 @@ $func:
 ___
        for($i=0;$i<16;$i++) {
                $code.="        mov     $SZ*$i($inp),$T1\n";
+               $code.="        mov     @ROT[4],$a0\n";
+               $code.="        mov     @ROT[0],$a1\n";
                $code.="        bswap   $T1\n";
                &ROUND_00_15($i,@ROT);
                unshift(@ROT,pop(@ROT));

diff --git a/deps/openssl/openssl/crypto/sha/sha.h b/deps/openssl/openssl/crypto/sha/sha.h
index 16cacf9..8a6bf4b 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/sha.h
+++ b/deps/openssl/openssl/crypto/sha/sha.h
@@ -106,6 +106,9 @@ typedef struct SHAstate_st
        } SHA_CTX;
 
 #ifndef OPENSSL_NO_SHA0
+#ifdef OPENSSL_FIPS
+int private_SHA_Init(SHA_CTX *c);
+#endif
 int SHA_Init(SHA_CTX *c);
 int SHA_Update(SHA_CTX *c, const void *data, size_t len);
 int SHA_Final(unsigned char *md, SHA_CTX *c);
@@ -113,6 +116,9 @@ unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md);
 void SHA_Transform(SHA_CTX *c, const unsigned char *data);
 #endif
 #ifndef OPENSSL_NO_SHA1
+#ifdef OPENSSL_FIPS
+int private_SHA1_Init(SHA_CTX *c);
+#endif
 int SHA1_Init(SHA_CTX *c);
 int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
 int SHA1_Final(unsigned char *md, SHA_CTX *c);
@@ -135,6 +141,10 @@ typedef struct SHA256state_st
        } SHA256_CTX;
 
 #ifndef OPENSSL_NO_SHA256
+#ifdef OPENSSL_FIPS
+int private_SHA224_Init(SHA256_CTX *c);
+int private_SHA256_Init(SHA256_CTX *c);
+#endif
 int SHA224_Init(SHA256_CTX *c);
 int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
 int SHA224_Final(unsigned char *md, SHA256_CTX *c);
@@ -182,6 +192,10 @@ typedef struct SHA512state_st
 #endif
 
 #ifndef OPENSSL_NO_SHA512
+#ifdef OPENSSL_FIPS
+int private_SHA384_Init(SHA512_CTX *c);
+int private_SHA512_Init(SHA512_CTX *c);
+#endif
 int SHA384_Init(SHA512_CTX *c);
 int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
 int SHA384_Final(unsigned char *md, SHA512_CTX *c);

diff --git a/deps/openssl/openssl/crypto/sha/sha1_one.c b/deps/openssl/openssl/crypto/sha/sha1_one.c
index 7c65b60..c56ec94 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/sha1_one.c
+++ b/deps/openssl/openssl/crypto/sha/sha1_one.c
@@ -58,8 +58,8 @@
 
 #include <stdio.h>
 #include <string.h>
-#include <openssl/sha.h>
 #include <openssl/crypto.h>
+#include <openssl/sha.h>
 
 #ifndef OPENSSL_NO_SHA1
 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)

diff --git a/deps/openssl/openssl/crypto/sha/sha1dgst.c b/deps/openssl/openssl/crypto/sha/sha1dgst.c
index 50d1925..a986902 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/sha1dgst.c
+++ b/deps/openssl/openssl/crypto/sha/sha1dgst.c
@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/crypto.h>
 #include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
 

diff --git a/deps/openssl/openssl/crypto/sha/sha256.c b/deps/openssl/openssl/crypto/sha/sha256.c
index 8952d87..4eae074 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/sha256.c
+++ b/deps/openssl/openssl/crypto/sha/sha256.c
@@ -16,7 +16,7 @@
 
 const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
 
-int SHA224_Init (SHA256_CTX *c)
+fips_md_init_ctx(SHA224, SHA256)
        {
        memset (c,0,sizeof(*c));
        c->h[0]=0xc1059ed8UL;   c->h[1]=0x367cd507UL;
@@ -27,7 +27,7 @@ int SHA224_Init (SHA256_CTX *c)
        return 1;
        }
 
-int SHA256_Init (SHA256_CTX *c)
+fips_md_init(SHA256)
        {
        memset (c,0,sizeof(*c));
        c->h[0]=0x6a09e667UL;   c->h[1]=0xbb67ae85UL;
@@ -88,17 +88,17 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c)
        switch ((c)->md_len)            \
        {   case SHA224_DIGEST_LENGTH:  \
                for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++)       \
-               {   ll=(c)->h[nn]; HOST_l2c(ll,(s));   }        \
+               {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
                break;                  \
            case SHA256_DIGEST_LENGTH:  \
                for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++)       \
-               {   ll=(c)->h[nn]; HOST_l2c(ll,(s));   }        \
+               {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
                break;                  \
            default:                    \
                if ((c)->md_len > SHA256_DIGEST_LENGTH) \
                    return 0;                           \
                for (nn=0;nn<(c)->md_len/4;nn++)                \
-               {   ll=(c)->h[nn]; HOST_l2c(ll,(s));   }        \
+               {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
                break;                  \
        }                               \
        } while (0)

diff --git a/deps/openssl/openssl/crypto/sha/sha512.c b/deps/openssl/openssl/crypto/sha/sha512.c
index cbc0e58..50dd7dc 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/sha512.c
+++ b/deps/openssl/openssl/crypto/sha/sha512.c
@@ -59,21 +59,8 @@ const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
 #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
 #endif
 
-int SHA384_Init (SHA512_CTX *c)
+fips_md_init_ctx(SHA384, SHA512)
        {
-#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
-       /* maintain dword order required by assembler module */
-       unsigned int *h = (unsigned int *)c->h;
-
-       h[0]  = 0xcbbb9d5d; h[1]  = 0xc1059ed8;
-       h[2]  = 0x629a292a; h[3]  = 0x367cd507;
-       h[4]  = 0x9159015a; h[5]  = 0x3070dd17;
-       h[6]  = 0x152fecd8; h[7]  = 0xf70e5939;
-       h[8]  = 0x67332667; h[9]  = 0xffc00b31;
-       h[10] = 0x8eb44a87; h[11] = 0x68581511;
-       h[12] = 0xdb0c2e0d; h[13] = 0x64f98fa7;
-       h[14] = 0x47b5481d; h[15] = 0xbefa4fa4;
-#else
        c->h[0]=U64(0xcbbb9d5dc1059ed8);
        c->h[1]=U64(0x629a292a367cd507);
        c->h[2]=U64(0x9159015a3070dd17);
@@ -82,27 +69,14 @@ int SHA384_Init (SHA512_CTX *c)
        c->h[5]=U64(0x8eb44a8768581511);
        c->h[6]=U64(0xdb0c2e0d64f98fa7);
        c->h[7]=U64(0x47b5481dbefa4fa4);
-#endif
+
         c->Nl=0;        c->Nh=0;
         c->num=0;       c->md_len=SHA384_DIGEST_LENGTH;
         return 1;
        }
 
-int SHA512_Init (SHA512_CTX *c)
+fips_md_init(SHA512)
        {
-#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
-       /* maintain dword order required by assembler module */
-       unsigned int *h = (unsigned int *)c->h;
-
-       h[0]  = 0x6a09e667; h[1]  = 0xf3bcc908;
-       h[2]  = 0xbb67ae85; h[3]  = 0x84caa73b;
-       h[4]  = 0x3c6ef372; h[5]  = 0xfe94f82b;
-       h[6]  = 0xa54ff53a; h[7]  = 0x5f1d36f1;
-       h[8]  = 0x510e527f; h[9]  = 0xade682d1;
-       h[10] = 0x9b05688c; h[11] = 0x2b3e6c1f;
-       h[12] = 0x1f83d9ab; h[13] = 0xfb41bd6b;
-       h[14] = 0x5be0cd19; h[15] = 0x137e2179;
-#else
        c->h[0]=U64(0x6a09e667f3bcc908);
        c->h[1]=U64(0xbb67ae8584caa73b);
        c->h[2]=U64(0x3c6ef372fe94f82b);
@@ -111,7 +85,7 @@ int SHA512_Init (SHA512_CTX *c)
        c->h[5]=U64(0x9b05688c2b3e6c1f);
        c->h[6]=U64(0x1f83d9abfb41bd6b);
        c->h[7]=U64(0x5be0cd19137e2179);
-#endif
+
         c->Nl=0;        c->Nh=0;
         c->num=0;       c->md_len=SHA512_DIGEST_LENGTH;
         return 1;
@@ -160,24 +134,6 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c)
 
        if (md==0) return 0;
 
-#if defined(SHA512_ASM) && (defined(__arm__) || defined(__arm))
-       /* recall assembler dword order... */
-       n = c->md_len;
-       if (n == SHA384_DIGEST_LENGTH || n == SHA512_DIGEST_LENGTH)
-               {
-               unsigned int *h = (unsigned int *)c->h, t;
-
-               for (n/=4;n;n--)
-                       {
-                       t = *(h++);
-                       *(md++) = (unsigned char)(t>>24);
-                       *(md++) = (unsigned char)(t>>16);
-                       *(md++) = (unsigned char)(t>>8);
-                       *(md++) = (unsigned char)(t);
-                       }
-               }
-       else    return 0;
-#else
        switch (c->md_len)
                {
                /* Let compiler decide if it's appropriate to unroll... */
@@ -214,7 +170,7 @@ int SHA512_Final (unsigned char *md, SHA512_CTX *c)
                /* ... as well as make sure md_len is not abused. */
                default:        return 0;
                }
-#endif
+
        return 1;
        }
 

diff --git a/deps/openssl/openssl/crypto/sha/sha_dgst.c b/deps/openssl/openssl/crypto/sha/sha_dgst.c
index 70eb560..fb63b17 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/sha_dgst.c
+++ b/deps/openssl/openssl/crypto/sha/sha_dgst.c
@@ -56,6 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
+#include <openssl/crypto.h>
 #include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
 

diff --git a/deps/openssl/openssl/crypto/sha/sha_locl.h b/deps/openssl/openssl/crypto/sha/sha_locl.h
index 672c26e..d673255 100644 (file)
--- a/deps/openssl/openssl/crypto/sha/sha_locl.h
+++ b/deps/openssl/openssl/crypto/sha/sha_locl.h
@@ -69,11 +69,11 @@
 #define HASH_CBLOCK             SHA_CBLOCK
 #define HASH_MAKE_STRING(c,s)   do {   \
        unsigned long ll;               \
-       ll=(c)->h0; HOST_l2c(ll,(s));   \
-       ll=(c)->h1; HOST_l2c(ll,(s));   \
-       ll=(c)->h2; HOST_l2c(ll,(s));   \
-       ll=(c)->h3; HOST_l2c(ll,(s));   \
-       ll=(c)->h4; HOST_l2c(ll,(s));   \
+       ll=(c)->h0; (void)HOST_l2c(ll,(s));     \
+       ll=(c)->h1; (void)HOST_l2c(ll,(s));     \
+       ll=(c)->h2; (void)HOST_l2c(ll,(s));     \
+       ll=(c)->h3; (void)HOST_l2c(ll,(s));     \
+       ll=(c)->h4; (void)HOST_l2c(ll,(s));     \
        } while (0)
 
 #if defined(SHA_0)
@@ -122,7 +122,11 @@ void sha1_block_data_order (SHA_CTX *c, const void *p,size_t num);
 #define INIT_DATA_h3 0x10325476UL
 #define INIT_DATA_h4 0xc3d2e1f0UL
 
-int HASH_INIT (SHA_CTX *c)
+#ifdef SHA_0
+fips_md_init(SHA)
+#else
+fips_md_init_ctx(SHA1, SHA)
+#endif
        {
        memset (c,0,sizeof(*c));
        c->h0=INIT_DATA_h0;
@@ -252,21 +256,21 @@ static void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, size_t num)
                }
        else
                {
-               HOST_c2l(data,l); X( 0)=l;              HOST_c2l(data,l); X( 1)=l;
-               BODY_00_15( 0,A,B,C,D,E,T,X( 0));       HOST_c2l(data,l); X( 2)=l;
-               BODY_00_15( 1,T,A,B,C,D,E,X( 1));       HOST_c2l(data,l); X( 3)=l;
-               BODY_00_15( 2,E,T,A,B,C,D,X( 2));       HOST_c2l(data,l); X( 4)=l;
-               BODY_00_15( 3,D,E,T,A,B,C,X( 3));       HOST_c2l(data,l); X( 5)=l;
-               BODY_00_15( 4,C,D,E,T,A,B,X( 4));       HOST_c2l(data,l); X( 6)=l;
-               BODY_00_15( 5,B,C,D,E,T,A,X( 5));       HOST_c2l(data,l); X( 7)=l;
-               BODY_00_15( 6,A,B,C,D,E,T,X( 6));       HOST_c2l(data,l); X( 8)=l;
-               BODY_00_15( 7,T,A,B,C,D,E,X( 7));       HOST_c2l(data,l); X( 9)=l;
-               BODY_00_15( 8,E,T,A,B,C,D,X( 8));       HOST_c2l(data,l); X(10)=l;
-               BODY_00_15( 9,D,E,T,A,B,C,X( 9));       HOST_c2l(data,l); X(11)=l;
-               BODY_00_15(10,C,D,E,T,A,B,X(10));       HOST_c2l(data,l); X(12)=l;
-               BODY_00_15(11,B,C,D,E,T,A,X(11));       HOST_c2l(data,l); X(13)=l;
-               BODY_00_15(12,A,B,C,D,E,T,X(12));       HOST_c2l(data,l); X(14)=l;
-               BODY_00_15(13,T,A,B,C,D,E,X(13));       HOST_c2l(data,l); X(15)=l;
+               (void)HOST_c2l(data,l); X( 0)=l;        (void)HOST_c2l(data,l); X( 1)=l;
+               BODY_00_15( 0,A,B,C,D,E,T,X( 0));       (void)HOST_c2l(data,l); X( 2)=l;
+               BODY_00_15( 1,T,A,B,C,D,E,X( 1));       (void)HOST_c2l(data,l); X( 3)=l;
+               BODY_00_15( 2,E,T,A,B,C,D,X( 2));       (void)HOST_c2l(data,l); X( 4)=l;
+               BODY_00_15( 3,D,E,T,A,B,C,X( 3));       (void)HOST_c2l(data,l); X( 5)=l;
+               BODY_00_15( 4,C,D,E,T,A,B,X( 4));       (void)HOST_c2l(data,l); X( 6)=l;
+               BODY_00_15( 5,B,C,D,E,T,A,X( 5));       (void)HOST_c2l(data,l); X( 7)=l;
+               BODY_00_15( 6,A,B,C,D,E,T,X( 6));       (void)HOST_c2l(data,l); X( 8)=l;
+               BODY_00_15( 7,T,A,B,C,D,E,X( 7));       (void)HOST_c2l(data,l); X( 9)=l;
+               BODY_00_15( 8,E,T,A,B,C,D,X( 8));       (void)HOST_c2l(data,l); X(10)=l;
+               BODY_00_15( 9,D,E,T,A,B,C,X( 9));       (void)HOST_c2l(data,l); X(11)=l;
+               BODY_00_15(10,C,D,E,T,A,B,X(10));       (void)HOST_c2l(data,l); X(12)=l;
+               BODY_00_15(11,B,C,D,E,T,A,X(11));       (void)HOST_c2l(data,l); X(13)=l;
+               BODY_00_15(12,A,B,C,D,E,T,X(12));       (void)HOST_c2l(data,l); X(14)=l;
+               BODY_00_15(13,T,A,B,C,D,E,X(13));       (void)HOST_c2l(data,l); X(15)=l;
                BODY_00_15(14,E,T,A,B,C,D,X(14));
                BODY_00_15(15,D,E,T,A,B,C,X(15));
                }

diff --git a/deps/openssl/openssl/crypto/sparccpuid.S b/deps/openssl/openssl/crypto/sparccpuid.S
index ae61f7f..0cc247e 100644 (file)
--- a/deps/openssl/openssl/crypto/sparccpuid.S
+++ b/deps/openssl/openssl/crypto/sparccpuid.S
@@ -235,10 +235,10 @@ _sparcv9_rdtick:
 .global        _sparcv9_vis1_probe
 .align 8
 _sparcv9_vis1_probe:
-       .word   0x81b00d80      !fxor   %f0,%f0,%f0
        add     %sp,BIAS+2,%o1
-       retl
        .word   0xc19a5a40      !ldda   [%o1]ASI_FP16_P,%f0
+       retl
+       .word   0x81b00d80      !fxor   %f0,%f0,%f0
 .type  _sparcv9_vis1_probe,#function
 .size  _sparcv9_vis1_probe,.-_sparcv9_vis1_probe
 

diff --git a/deps/openssl/openssl/crypto/sparcv9cap.c b/deps/openssl/openssl/crypto/sparcv9cap.c
index ed195ab..43b3ac6 100644 (file)
--- a/deps/openssl/openssl/crypto/sparcv9cap.c
+++ b/deps/openssl/openssl/crypto/sparcv9cap.c
@@ -19,7 +19,8 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_U
        int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
        int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG *np,const BN_ULONG *n0, int num);
 
-       if ((OPENSSL_sparcv9cap_P&(SPARCV9_PREFER_FPU|SPARCV9_VIS1)) ==
+       if (num>=8 && !(num&1) &&
+           (OPENSSL_sparcv9cap_P&(SPARCV9_PREFER_FPU|SPARCV9_VIS1)) ==
                (SPARCV9_PREFER_FPU|SPARCV9_VIS1))
                return bn_mul_mont_fpu(rp,ap,bp,np,n0,num);
        else
@@ -169,7 +170,6 @@ void OPENSSL_cpuid_setup(void)
        char *e;
        struct sigaction        common_act,ill_oact,bus_oact;
        sigset_t                all_masked,oset;
-       int                     sig;
        static int trigger=0;
 
        if (trigger) return;

diff --git a/deps/openssl/openssl/crypto/stack/safestack.h b/deps/openssl/openssl/crypto/stack/safestack.h
index 3e76aa5..ea3aa0d 100644 (file)
--- a/deps/openssl/openssl/crypto/stack/safestack.h
+++ b/deps/openssl/openssl/crypto/stack/safestack.h
@@ -1459,6 +1459,94 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define sk_POLICY_MAPPING_sort(st) SKM_sk_sort(POLICY_MAPPING, (st))
 #define sk_POLICY_MAPPING_is_sorted(st) SKM_sk_is_sorted(POLICY_MAPPING, (st))
 
+#define sk_SRP_gN_new(cmp) SKM_sk_new(SRP_gN, (cmp))
+#define sk_SRP_gN_new_null() SKM_sk_new_null(SRP_gN)
+#define sk_SRP_gN_free(st) SKM_sk_free(SRP_gN, (st))
+#define sk_SRP_gN_num(st) SKM_sk_num(SRP_gN, (st))
+#define sk_SRP_gN_value(st, i) SKM_sk_value(SRP_gN, (st), (i))
+#define sk_SRP_gN_set(st, i, val) SKM_sk_set(SRP_gN, (st), (i), (val))
+#define sk_SRP_gN_zero(st) SKM_sk_zero(SRP_gN, (st))
+#define sk_SRP_gN_push(st, val) SKM_sk_push(SRP_gN, (st), (val))
+#define sk_SRP_gN_unshift(st, val) SKM_sk_unshift(SRP_gN, (st), (val))
+#define sk_SRP_gN_find(st, val) SKM_sk_find(SRP_gN, (st), (val))
+#define sk_SRP_gN_find_ex(st, val) SKM_sk_find_ex(SRP_gN, (st), (val))
+#define sk_SRP_gN_delete(st, i) SKM_sk_delete(SRP_gN, (st), (i))
+#define sk_SRP_gN_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN, (st), (ptr))
+#define sk_SRP_gN_insert(st, val, i) SKM_sk_insert(SRP_gN, (st), (val), (i))
+#define sk_SRP_gN_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN, (st), (cmp))
+#define sk_SRP_gN_dup(st) SKM_sk_dup(SRP_gN, st)
+#define sk_SRP_gN_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN, (st), (free_func))
+#define sk_SRP_gN_shift(st) SKM_sk_shift(SRP_gN, (st))
+#define sk_SRP_gN_pop(st) SKM_sk_pop(SRP_gN, (st))
+#define sk_SRP_gN_sort(st) SKM_sk_sort(SRP_gN, (st))
+#define sk_SRP_gN_is_sorted(st) SKM_sk_is_sorted(SRP_gN, (st))
+
+#define sk_SRP_gN_cache_new(cmp) SKM_sk_new(SRP_gN_cache, (cmp))
+#define sk_SRP_gN_cache_new_null() SKM_sk_new_null(SRP_gN_cache)
+#define sk_SRP_gN_cache_free(st) SKM_sk_free(SRP_gN_cache, (st))
+#define sk_SRP_gN_cache_num(st) SKM_sk_num(SRP_gN_cache, (st))
+#define sk_SRP_gN_cache_value(st, i) SKM_sk_value(SRP_gN_cache, (st), (i))
+#define sk_SRP_gN_cache_set(st, i, val) SKM_sk_set(SRP_gN_cache, (st), (i), (val))
+#define sk_SRP_gN_cache_zero(st) SKM_sk_zero(SRP_gN_cache, (st))
+#define sk_SRP_gN_cache_push(st, val) SKM_sk_push(SRP_gN_cache, (st), (val))
+#define sk_SRP_gN_cache_unshift(st, val) SKM_sk_unshift(SRP_gN_cache, (st), (val))
+#define sk_SRP_gN_cache_find(st, val) SKM_sk_find(SRP_gN_cache, (st), (val))
+#define sk_SRP_gN_cache_find_ex(st, val) SKM_sk_find_ex(SRP_gN_cache, (st), (val))
+#define sk_SRP_gN_cache_delete(st, i) SKM_sk_delete(SRP_gN_cache, (st), (i))
+#define sk_SRP_gN_cache_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_gN_cache, (st), (ptr))
+#define sk_SRP_gN_cache_insert(st, val, i) SKM_sk_insert(SRP_gN_cache, (st), (val), (i))
+#define sk_SRP_gN_cache_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_gN_cache, (st), (cmp))
+#define sk_SRP_gN_cache_dup(st) SKM_sk_dup(SRP_gN_cache, st)
+#define sk_SRP_gN_cache_pop_free(st, free_func) SKM_sk_pop_free(SRP_gN_cache, (st), (free_func))
+#define sk_SRP_gN_cache_shift(st) SKM_sk_shift(SRP_gN_cache, (st))
+#define sk_SRP_gN_cache_pop(st) SKM_sk_pop(SRP_gN_cache, (st))
+#define sk_SRP_gN_cache_sort(st) SKM_sk_sort(SRP_gN_cache, (st))
+#define sk_SRP_gN_cache_is_sorted(st) SKM_sk_is_sorted(SRP_gN_cache, (st))
+
+#define sk_SRP_user_pwd_new(cmp) SKM_sk_new(SRP_user_pwd, (cmp))
+#define sk_SRP_user_pwd_new_null() SKM_sk_new_null(SRP_user_pwd)
+#define sk_SRP_user_pwd_free(st) SKM_sk_free(SRP_user_pwd, (st))
+#define sk_SRP_user_pwd_num(st) SKM_sk_num(SRP_user_pwd, (st))
+#define sk_SRP_user_pwd_value(st, i) SKM_sk_value(SRP_user_pwd, (st), (i))
+#define sk_SRP_user_pwd_set(st, i, val) SKM_sk_set(SRP_user_pwd, (st), (i), (val))
+#define sk_SRP_user_pwd_zero(st) SKM_sk_zero(SRP_user_pwd, (st))
+#define sk_SRP_user_pwd_push(st, val) SKM_sk_push(SRP_user_pwd, (st), (val))
+#define sk_SRP_user_pwd_unshift(st, val) SKM_sk_unshift(SRP_user_pwd, (st), (val))
+#define sk_SRP_user_pwd_find(st, val) SKM_sk_find(SRP_user_pwd, (st), (val))
+#define sk_SRP_user_pwd_find_ex(st, val) SKM_sk_find_ex(SRP_user_pwd, (st), (val))
+#define sk_SRP_user_pwd_delete(st, i) SKM_sk_delete(SRP_user_pwd, (st), (i))
+#define sk_SRP_user_pwd_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRP_user_pwd, (st), (ptr))
+#define sk_SRP_user_pwd_insert(st, val, i) SKM_sk_insert(SRP_user_pwd, (st), (val), (i))
+#define sk_SRP_user_pwd_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRP_user_pwd, (st), (cmp))
+#define sk_SRP_user_pwd_dup(st) SKM_sk_dup(SRP_user_pwd, st)
+#define sk_SRP_user_pwd_pop_free(st, free_func) SKM_sk_pop_free(SRP_user_pwd, (st), (free_func))
+#define sk_SRP_user_pwd_shift(st) SKM_sk_shift(SRP_user_pwd, (st))
+#define sk_SRP_user_pwd_pop(st) SKM_sk_pop(SRP_user_pwd, (st))
+#define sk_SRP_user_pwd_sort(st) SKM_sk_sort(SRP_user_pwd, (st))
+#define sk_SRP_user_pwd_is_sorted(st) SKM_sk_is_sorted(SRP_user_pwd, (st))
+
+#define sk_SRTP_PROTECTION_PROFILE_new(cmp) SKM_sk_new(SRTP_PROTECTION_PROFILE, (cmp))
+#define sk_SRTP_PROTECTION_PROFILE_new_null() SKM_sk_new_null(SRTP_PROTECTION_PROFILE)
+#define sk_SRTP_PROTECTION_PROFILE_free(st) SKM_sk_free(SRTP_PROTECTION_PROFILE, (st))
+#define sk_SRTP_PROTECTION_PROFILE_num(st) SKM_sk_num(SRTP_PROTECTION_PROFILE, (st))
+#define sk_SRTP_PROTECTION_PROFILE_value(st, i) SKM_sk_value(SRTP_PROTECTION_PROFILE, (st), (i))
+#define sk_SRTP_PROTECTION_PROFILE_set(st, i, val) SKM_sk_set(SRTP_PROTECTION_PROFILE, (st), (i), (val))
+#define sk_SRTP_PROTECTION_PROFILE_zero(st) SKM_sk_zero(SRTP_PROTECTION_PROFILE, (st))
+#define sk_SRTP_PROTECTION_PROFILE_push(st, val) SKM_sk_push(SRTP_PROTECTION_PROFILE, (st), (val))
+#define sk_SRTP_PROTECTION_PROFILE_unshift(st, val) SKM_sk_unshift(SRTP_PROTECTION_PROFILE, (st), (val))
+#define sk_SRTP_PROTECTION_PROFILE_find(st, val) SKM_sk_find(SRTP_PROTECTION_PROFILE, (st), (val))
+#define sk_SRTP_PROTECTION_PROFILE_find_ex(st, val) SKM_sk_find_ex(SRTP_PROTECTION_PROFILE, (st), (val))
+#define sk_SRTP_PROTECTION_PROFILE_delete(st, i) SKM_sk_delete(SRTP_PROTECTION_PROFILE, (st), (i))
+#define sk_SRTP_PROTECTION_PROFILE_delete_ptr(st, ptr) SKM_sk_delete_ptr(SRTP_PROTECTION_PROFILE, (st), (ptr))
+#define sk_SRTP_PROTECTION_PROFILE_insert(st, val, i) SKM_sk_insert(SRTP_PROTECTION_PROFILE, (st), (val), (i))
+#define sk_SRTP_PROTECTION_PROFILE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SRTP_PROTECTION_PROFILE, (st), (cmp))
+#define sk_SRTP_PROTECTION_PROFILE_dup(st) SKM_sk_dup(SRTP_PROTECTION_PROFILE, st)
+#define sk_SRTP_PROTECTION_PROFILE_pop_free(st, free_func) SKM_sk_pop_free(SRTP_PROTECTION_PROFILE, (st), (free_func))
+#define sk_SRTP_PROTECTION_PROFILE_shift(st) SKM_sk_shift(SRTP_PROTECTION_PROFILE, (st))
+#define sk_SRTP_PROTECTION_PROFILE_pop(st) SKM_sk_pop(SRTP_PROTECTION_PROFILE, (st))
+#define sk_SRTP_PROTECTION_PROFILE_sort(st) SKM_sk_sort(SRTP_PROTECTION_PROFILE, (st))
+#define sk_SRTP_PROTECTION_PROFILE_is_sorted(st) SKM_sk_is_sorted(SRTP_PROTECTION_PROFILE, (st))
+
 #define sk_SSL_CIPHER_new(cmp) SKM_sk_new(SSL_CIPHER, (cmp))
 #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER)
 #define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st))
@@ -2056,31 +2144,6 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define sk_OPENSSL_STRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_STRING, (st))
 
 
-#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
-#define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null())
-#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i))
-#define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st)
-#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func))
-#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i)
-#define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st)
-#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st))
-#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val))
-#define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i))
-#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr))
-#define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp)  \
-       ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \
-       sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
-#define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st)
-#define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st))
-#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st))
-#define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st))
-#define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))
-
-
 #define sk_OPENSSL_BLOCK_new(cmp) ((STACK_OF(OPENSSL_BLOCK) *)sk_new(CHECKED_SK_CMP_FUNC(void, cmp)))
 #define sk_OPENSSL_BLOCK_new_null() ((STACK_OF(OPENSSL_BLOCK) *)sk_new_null())
 #define sk_OPENSSL_BLOCK_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_BLOCK, st), CHECKED_PTR_OF(void, val))
@@ -2106,6 +2169,31 @@ DECLARE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
 #define sk_OPENSSL_BLOCK_is_sorted(st) SKM_sk_is_sorted(OPENSSL_BLOCK, (st))
 
 
+#define sk_OPENSSL_PSTRING_new(cmp) ((STACK_OF(OPENSSL_PSTRING) *)sk_new(CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
+#define sk_OPENSSL_PSTRING_new_null() ((STACK_OF(OPENSSL_PSTRING) *)sk_new_null())
+#define sk_OPENSSL_PSTRING_push(st, val) sk_push(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_find(st, val) sk_find(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_value(st, i) ((OPENSSL_PSTRING)sk_value(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i))
+#define sk_OPENSSL_PSTRING_num(st) SKM_sk_num(OPENSSL_PSTRING, st)
+#define sk_OPENSSL_PSTRING_pop_free(st, free_func) sk_pop_free(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_FREE_FUNC2(OPENSSL_PSTRING, free_func))
+#define sk_OPENSSL_PSTRING_insert(st, val, i) sk_insert(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val), i)
+#define sk_OPENSSL_PSTRING_free(st) SKM_sk_free(OPENSSL_PSTRING, st)
+#define sk_OPENSSL_PSTRING_set(st, i, val) sk_set(CHECKED_STACK_OF(OPENSSL_PSTRING, st), i, CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_zero(st) SKM_sk_zero(OPENSSL_PSTRING, (st))
+#define sk_OPENSSL_PSTRING_unshift(st, val) sk_unshift(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_find_ex(st, val) sk_find_ex((_STACK *)CHECKED_CONST_PTR_OF(STACK_OF(OPENSSL_PSTRING), st), CHECKED_CONST_PTR_OF(OPENSSL_STRING, val))
+#define sk_OPENSSL_PSTRING_delete(st, i) SKM_sk_delete(OPENSSL_PSTRING, (st), (i))
+#define sk_OPENSSL_PSTRING_delete_ptr(st, ptr) (OPENSSL_PSTRING *)sk_delete_ptr(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_PTR_OF(OPENSSL_STRING, ptr))
+#define sk_OPENSSL_PSTRING_set_cmp_func(st, cmp)  \
+       ((int (*)(const OPENSSL_STRING * const *,const OPENSSL_STRING * const *)) \
+       sk_set_cmp_func(CHECKED_STACK_OF(OPENSSL_PSTRING, st), CHECKED_SK_CMP_FUNC(OPENSSL_STRING, cmp)))
+#define sk_OPENSSL_PSTRING_dup(st) SKM_sk_dup(OPENSSL_PSTRING, st)
+#define sk_OPENSSL_PSTRING_shift(st) SKM_sk_shift(OPENSSL_PSTRING, (st))
+#define sk_OPENSSL_PSTRING_pop(st) (OPENSSL_STRING *)sk_pop(CHECKED_STACK_OF(OPENSSL_PSTRING, st))
+#define sk_OPENSSL_PSTRING_sort(st) SKM_sk_sort(OPENSSL_PSTRING, (st))
+#define sk_OPENSSL_PSTRING_is_sorted(st) SKM_sk_is_sorted(OPENSSL_PSTRING, (st))
+
+
 #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
        SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \

diff --git a/deps/openssl/openssl/crypto/symhacks.h b/deps/openssl/openssl/crypto/symhacks.h
index 3fd4a81..07a412f 100644 (file)
--- a/deps/openssl/openssl/crypto/symhacks.h
+++ b/deps/openssl/openssl/crypto/symhacks.h
@@ -176,7 +176,6 @@
 #define SSL_CTX_set_default_passwd_cb_userdata  SSL_CTX_set_def_passwd_cb_ud
 #undef SSL_COMP_get_compression_methods
 #define SSL_COMP_get_compression_methods       SSL_COMP_get_compress_methods
-
 #undef ssl_add_clienthello_renegotiate_ext
 #define ssl_add_clienthello_renegotiate_ext    ssl_add_clienthello_reneg_ext
 #undef ssl_add_serverhello_renegotiate_ext
@@ -185,6 +184,26 @@
 #define ssl_parse_clienthello_renegotiate_ext  ssl_parse_clienthello_reneg_ext
 #undef ssl_parse_serverhello_renegotiate_ext
 #define ssl_parse_serverhello_renegotiate_ext  ssl_parse_serverhello_reneg_ext
+#undef SSL_srp_server_param_with_username
+#define SSL_srp_server_param_with_username     SSL_srp_server_param_with_un
+#undef SSL_CTX_set_srp_client_pwd_callback
+#define SSL_CTX_set_srp_client_pwd_callback    SSL_CTX_set_srp_client_pwd_cb
+#undef SSL_CTX_set_srp_verify_param_callback
+#define SSL_CTX_set_srp_verify_param_callback  SSL_CTX_set_srp_vfy_param_cb
+#undef SSL_CTX_set_srp_username_callback
+#define SSL_CTX_set_srp_username_callback      SSL_CTX_set_srp_un_cb
+#undef ssl_add_clienthello_use_srtp_ext
+#define ssl_add_clienthello_use_srtp_ext       ssl_add_clihello_use_srtp_ext
+#undef ssl_add_serverhello_use_srtp_ext
+#define ssl_add_serverhello_use_srtp_ext       ssl_add_serhello_use_srtp_ext
+#undef ssl_parse_clienthello_use_srtp_ext
+#define ssl_parse_clienthello_use_srtp_ext     ssl_parse_clihello_use_srtp_ext
+#undef ssl_parse_serverhello_use_srtp_ext
+#define ssl_parse_serverhello_use_srtp_ext     ssl_parse_serhello_use_srtp_ext
+#undef SSL_CTX_set_next_protos_advertised_cb
+#define SSL_CTX_set_next_protos_advertised_cb  SSL_CTX_set_next_protos_adv_cb
+#undef SSL_CTX_set_next_proto_select_cb
+#define SSL_CTX_set_next_proto_select_cb       SSL_CTX_set_next_proto_sel_cb
 
 /* Hack some long ENGINE names */
 #undef ENGINE_get_default_BN_mod_exp_crt
@@ -238,6 +257,9 @@
 #define EC_GROUP_get_point_conversion_form     EC_GROUP_get_point_conv_form
 #undef EC_GROUP_clear_free_all_extra_data
 #define EC_GROUP_clear_free_all_extra_data     EC_GROUP_clr_free_all_xtra_data
+#undef EC_KEY_set_public_key_affine_coordinates
+#define EC_KEY_set_public_key_affine_coordinates \
+                                               EC_KEY_set_pub_key_aff_coords
 #undef EC_POINT_set_Jprojective_coordinates_GFp
 #define EC_POINT_set_Jprojective_coordinates_GFp \
                                                 EC_POINT_set_Jproj_coords_GFp
@@ -294,8 +316,6 @@
 #define ec_GFp_simple_point_set_to_infinity     ec_GFp_simple_pt_set_to_inf
 #undef ec_GFp_simple_points_make_affine
 #define ec_GFp_simple_points_make_affine       ec_GFp_simple_pts_make_affine
-#undef ec_GFp_simple_group_get_curve_GFp
-#define ec_GFp_simple_group_get_curve_GFp       ec_GFp_simple_grp_get_curve_GFp
 #undef ec_GFp_simple_set_Jprojective_coordinates_GFp
 #define ec_GFp_simple_set_Jprojective_coordinates_GFp \
                                                 ec_GFp_smp_set_Jproj_coords_GFp
@@ -399,6 +419,12 @@
 #undef dtls1_retransmit_buffered_messages
 #define dtls1_retransmit_buffered_messages     dtls1_retransmit_buffered_msgs
 
+/* Hack some long SRP names */
+#undef SRP_generate_server_master_secret
+#define SRP_generate_server_master_secret      SRP_gen_server_master_secret
+#undef SRP_generate_client_master_secret
+#define SRP_generate_client_master_secret      SRP_gen_client_master_secret
+
 /* Hack some long UI names */
 #undef UI_method_get_prompt_constructor
 #define UI_method_get_prompt_constructor       UI_method_get_prompt_constructr

diff --git a/deps/openssl/openssl/crypto/ts/ts.h b/deps/openssl/openssl/crypto/ts/ts.h
index 190e8a1..c2448e3 100644 (file)
--- a/deps/openssl/openssl/crypto/ts/ts.h
+++ b/deps/openssl/openssl/crypto/ts/ts.h
@@ -86,9 +86,6 @@
 #include <openssl/dh.h>
 #endif
 
-#include <openssl/evp.h>
-
-
 #ifdef  __cplusplus
 extern "C" {
 #endif

diff --git a/deps/openssl/openssl/crypto/ts/ts_rsp_verify.c b/deps/openssl/openssl/crypto/ts/ts_rsp_verify.c
index e1f3b53..afe16af 100644 (file)
--- a/deps/openssl/openssl/crypto/ts/ts_rsp_verify.c
+++ b/deps/openssl/openssl/crypto/ts/ts_rsp_verify.c
@@ -614,12 +614,15 @@ static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
                goto err;
                }
 
-       EVP_DigestInit(&md_ctx, md);
+       if (!EVP_DigestInit(&md_ctx, md))
+               goto err;
        while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0)
                {
-               EVP_DigestUpdate(&md_ctx, buffer, length);
+               if (!EVP_DigestUpdate(&md_ctx, buffer, length))
+                       goto err;
                }
-       EVP_DigestFinal(&md_ctx, *imprint, NULL);
+       if (!EVP_DigestFinal(&md_ctx, *imprint, NULL))
+               goto err;
 
        return 1;
  err:

diff --git a/deps/openssl/openssl/crypto/ui/ui.h b/deps/openssl/openssl/crypto/ui/ui.h
index 2b1cfa2..bd78aa4 100644 (file)
--- a/deps/openssl/openssl/crypto/ui/ui.h
+++ b/deps/openssl/openssl/crypto/ui/ui.h
@@ -316,7 +316,7 @@ int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*);
 int (*UI_method_get_flusher(UI_METHOD *method))(UI*);
 int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*);
 int (*UI_method_get_closer(UI_METHOD *method))(UI*);
-char* (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*);
+char * (*UI_method_get_prompt_constructor(UI_METHOD *method))(UI*, const char*, const char*);
 
 /* The following functions are helpers for method writers to access relevant
    data from a UI_STRING. */

diff --git a/deps/openssl/openssl/crypto/ui/ui_openssl.c b/deps/openssl/openssl/crypto/ui/ui_openssl.c
index b05cbf3..a38c758 100644 (file)
--- a/deps/openssl/openssl/crypto/ui/ui_openssl.c
+++ b/deps/openssl/openssl/crypto/ui/ui_openssl.c
@@ -122,9 +122,15 @@
  * sigaction and fileno included. -pedantic would be more appropriate for
  * the intended purposes, but we can't prevent users from adding -ansi.
  */
+#if defined(OPENSSL_SYSNAME_VXWORKS)
+#include <sys/types.h>
+#endif
+
+#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
 #ifndef _POSIX_C_SOURCE
 #define _POSIX_C_SOURCE 2
 #endif
+#endif
 #include <signal.h>
 #include <stdio.h>
 #include <string.h>
@@ -184,7 +190,7 @@
 # undef  SGTTY
 #endif
 
-#if defined(linux) && !defined(TERMIO) && !defined(__ANDROID__)
+#if defined(linux) && !defined(TERMIO)
 # undef  TERMIOS
 # define TERMIO
 # undef  SGTTY

diff --git a/deps/openssl/openssl/crypto/vms_rms.h b/deps/openssl/openssl/crypto/vms_rms.h
old mode 100644 (file)
new mode 100755 (executable)

diff --git a/deps/openssl/openssl/crypto/whrlpool/Makefile b/deps/openssl/openssl/crypto/whrlpool/Makefile
index 566b996..f4d46e4 100644 (file)
--- a/deps/openssl/openssl/crypto/whrlpool/Makefile
+++ b/deps/openssl/openssl/crypto/whrlpool/Makefile
@@ -89,5 +89,8 @@ clean:
 
 wp_block.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
 wp_block.o: ../../include/openssl/whrlpool.h wp_block.c wp_locl.h
-wp_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+wp_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+wp_dgst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+wp_dgst.o: ../../include/openssl/ossl_typ.h ../../include/openssl/safestack.h
+wp_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
 wp_dgst.o: ../../include/openssl/whrlpool.h wp_dgst.c wp_locl.h

diff --git a/deps/openssl/openssl/crypto/whrlpool/asm/wp-mmx.pl b/deps/openssl/openssl/crypto/whrlpool/asm/wp-mmx.pl
index 32cf163..cb2381c 100644 (file)
--- a/deps/openssl/openssl/crypto/whrlpool/asm/wp-mmx.pl
+++ b/deps/openssl/openssl/crypto/whrlpool/asm/wp-mmx.pl
@@ -119,7 +119,7 @@ $tbl="ebp";
        &mov    ("eax",&DWP(0,"esp"));
        &mov    ("ebx",&DWP(4,"esp"));
 for($i=0;$i<8;$i++) {
-    my $func = ($i==0)? movq : pxor;
+    my $func = ($i==0)? \&movq : \&pxor;
        &movb   (&LB("ecx"),&LB("eax"));
        &movb   (&LB("edx"),&HB("eax"));
        &scale  ("esi","ecx");

diff --git a/deps/openssl/openssl/crypto/whrlpool/asm/wp-x86_64.pl b/deps/openssl/openssl/crypto/whrlpool/asm/wp-x86_64.pl
index 87c0843..24b2ff6 100644 (file)
--- a/deps/openssl/openssl/crypto/whrlpool/asm/wp-x86_64.pl
+++ b/deps/openssl/openssl/crypto/whrlpool/asm/wp-x86_64.pl
@@ -41,7 +41,8 @@ $0 =~ m/(.*[\/\\])[^\/\\]+$/; my $dir=$1; my $xlate;
 ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
 die "can't locate x86_64-xlate.pl";
 
-open STDOUT,"| $^X $xlate $flavour $output";
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
 
 sub L() { $code.=".byte        ".join(',',@_)."\n"; }
 sub LL(){ $code.=".byte        ".join(',',@_).",".join(',',@_)."\n"; }

diff --git a/deps/openssl/openssl/crypto/whrlpool/whrlpool.h b/deps/openssl/openssl/crypto/whrlpool/whrlpool.h
index 03c91da..9e01f5b 100644 (file)
--- a/deps/openssl/openssl/crypto/whrlpool/whrlpool.h
+++ b/deps/openssl/openssl/crypto/whrlpool/whrlpool.h
@@ -24,6 +24,9 @@ typedef struct        {
        } WHIRLPOOL_CTX;
 
 #ifndef OPENSSL_NO_WHIRLPOOL
+#ifdef OPENSSL_FIPS
+int private_WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
+#endif
 int WHIRLPOOL_Init     (WHIRLPOOL_CTX *c);
 int WHIRLPOOL_Update   (WHIRLPOOL_CTX *c,const void *inp,size_t bytes);
 void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c,const void *inp,size_t bits);

diff --git a/deps/openssl/openssl/crypto/whrlpool/wp_block.c b/deps/openssl/openssl/crypto/whrlpool/wp_block.c
index 221f6cc..824ed18 100644 (file)
--- a/deps/openssl/openssl/crypto/whrlpool/wp_block.c
+++ b/deps/openssl/openssl/crypto/whrlpool/wp_block.c
@@ -68,9 +68,9 @@ typedef unsigned long long    u64;
                                           CPUs this is actually faster! */
 #    endif
 #    define GO_FOR_MMX(ctx,inp,num)    do {                    \
-       extern unsigned long OPENSSL_ia32cap_P;                 \
+       extern unsigned int OPENSSL_ia32cap_P[];                \
        void whirlpool_block_mmx(void *,const void *,size_t);   \
-       if (!(OPENSSL_ia32cap_P & (1<<23)))     break;          \
+       if (!(OPENSSL_ia32cap_P[0] & (1<<23)))  break;          \
         whirlpool_block_mmx(ctx->H.c,inp,num); return;         \
                                        } while (0)
 #  endif

diff --git a/deps/openssl/openssl/crypto/whrlpool/wp_dgst.c b/deps/openssl/openssl/crypto/whrlpool/wp_dgst.c
index ee5c5c1..7e28bef 100644 (file)
--- a/deps/openssl/openssl/crypto/whrlpool/wp_dgst.c
+++ b/deps/openssl/openssl/crypto/whrlpool/wp_dgst.c
@@ -52,9 +52,10 @@
  */
 
 #include "wp_locl.h"
+#include <openssl/crypto.h>
 #include <string.h>
 
-int WHIRLPOOL_Init     (WHIRLPOOL_CTX *c)
+fips_md_init(WHIRLPOOL)
        {
        memset (c,0,sizeof(*c));
        return(1);

diff --git a/deps/openssl/openssl/crypto/x509/by_dir.c b/deps/openssl/openssl/crypto/x509/by_dir.c
index 03293ac..27ca515 100644 (file)
--- a/deps/openssl/openssl/crypto/x509/by_dir.c
+++ b/deps/openssl/openssl/crypto/x509/by_dir.c
@@ -287,8 +287,6 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
        int ok=0;
        int i,j,k;
        unsigned long h;
-       unsigned long hash_array[2];
-       int hash_index;
        BUF_MEM *b=NULL;
        X509_OBJECT stmp,*tmp;
        const char *postfix="";
@@ -325,11 +323,6 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
        ctx=(BY_DIR *)xl->method_data;
 
        h=X509_NAME_hash(name);
-       hash_array[0]=h;
-       hash_array[1]=X509_NAME_hash_old(name);
-       for (hash_index=0; hash_index < 2; hash_index++)
-               {
-               h=hash_array[hash_index];
        for (i=0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++)
                {
                BY_DIR_ENTRY *ent;
@@ -483,7 +476,6 @@ static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
                        goto finish;
                        }
                }
-               }
 finish:
        if (b != NULL) BUF_MEM_free(b);
        return(ok);

diff --git a/deps/openssl/openssl/crypto/x509/x509.h b/deps/openssl/openssl/crypto/x509/x509.h
index e6f8a40..092dd74 100644 (file)
--- a/deps/openssl/openssl/crypto/x509/x509.h
+++ b/deps/openssl/openssl/crypto/x509/x509.h
@@ -657,11 +657,15 @@ int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
 
 int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
 
+int X509_signature_dump(BIO *bp,const ASN1_STRING *sig, int indent);
 int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig);
 
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
 
 int X509_pubkey_digest(const X509 *data,const EVP_MD *type,
@@ -763,6 +767,7 @@ X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
 int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval);
 void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
                                                X509_ALGOR *algor);
+void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
 
 X509_NAME *X509_NAME_dup(X509_NAME *xn);
 X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
@@ -896,6 +901,9 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
 int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
        ASN1_BIT_STRING *signature,
        void *data, EVP_PKEY *pkey, const EVP_MD *type);
+int ASN1_item_sign_ctx(const ASN1_ITEM *it,
+               X509_ALGOR *algor1, X509_ALGOR *algor2,
+               ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx);
 #endif
 
 int            X509_set_version(X509 *x,long version);
@@ -1161,6 +1169,9 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
                                 unsigned char *salt, int saltlen,
                                 unsigned char *aiv, int prf_nid);
 
+X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
+                               int prf_nid, int keylen);
+
 /* PKCS#8 utilities */
 
 DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)

diff --git a/deps/openssl/openssl/crypto/x509/x509_cmp.c b/deps/openssl/openssl/crypto/x509/x509_cmp.c
index 4bc9da0..352aa37 100644 (file)
--- a/deps/openssl/openssl/crypto/x509/x509_cmp.c
+++ b/deps/openssl/openssl/crypto/x509/x509_cmp.c
@@ -86,16 +86,20 @@ unsigned long X509_issuer_and_serial_hash(X509 *a)
 
        EVP_MD_CTX_init(&ctx);
        f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
-       ret=strlen(f);
-       EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
-       EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
+       if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
+               goto err;
+       if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,strlen(f)))
+               goto err;
        OPENSSL_free(f);
-       EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
-               (unsigned long)a->cert_info->serialNumber->length);
-       EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
+       if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
+               (unsigned long)a->cert_info->serialNumber->length))
+               goto err;
+       if (!EVP_DigestFinal_ex(&ctx,&(md[0]),NULL))
+               goto err;
        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
                )&0xffffffffL;
+       err:
        EVP_MD_CTX_cleanup(&ctx);
        return(ret);
        }
@@ -219,7 +223,9 @@ unsigned long X509_NAME_hash(X509_NAME *x)
 
        /* Make sure X509_NAME structure contains valid cached encoding */
        i2d_X509_NAME(x,NULL);
-       EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(), NULL);
+       if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(),
+               NULL))
+               return 0;
 
        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
@@ -234,16 +240,22 @@ unsigned long X509_NAME_hash(X509_NAME *x)
 
 unsigned long X509_NAME_hash_old(X509_NAME *x)
        {
+       EVP_MD_CTX md_ctx;
        unsigned long ret=0;
        unsigned char md[16];
 
        /* Make sure X509_NAME structure contains valid cached encoding */
        i2d_X509_NAME(x,NULL);
-       EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL);
+       EVP_MD_CTX_init(&md_ctx);
+       EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+       if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
+           && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
+           && EVP_DigestFinal_ex(&md_ctx,md,NULL))
+               ret=(((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+                    ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+                    )&0xffffffffL;
+       EVP_MD_CTX_cleanup(&md_ctx);
 
-       ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-               ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-               )&0xffffffffL;
        return(ret);
        }
 #endif

diff --git a/deps/openssl/openssl/crypto/x509/x509_lu.c b/deps/openssl/openssl/crypto/x509/x509_lu.c
index 3a6e04a..38525a8 100644 (file)
--- a/deps/openssl/openssl/crypto/x509/x509_lu.c
+++ b/deps/openssl/openssl/crypto/x509/x509_lu.c
@@ -87,7 +87,7 @@ void X509_LOOKUP_free(X509_LOOKUP *ctx)
        if (ctx == NULL) return;
        if (    (ctx->method != NULL) &&
                (ctx->method->free != NULL))
-               ctx->method->free(ctx);
+               (*ctx->method->free)(ctx);
        OPENSSL_free(ctx);
        }
 

diff --git a/deps/openssl/openssl/crypto/x509/x509_vfy.c b/deps/openssl/openssl/crypto/x509/x509_vfy.c
index 701ec56..12d71f5 100644 (file)
--- a/deps/openssl/openssl/crypto/x509/x509_vfy.c
+++ b/deps/openssl/openssl/crypto/x509/x509_vfy.c
@@ -153,7 +153,6 @@ static int x509_subject_cmp(X509 **a, X509 **b)
 int X509_verify_cert(X509_STORE_CTX *ctx)
        {
        X509 *x,*xtmp,*chain_ss=NULL;
-       X509_NAME *xn;
        int bad_chain = 0;
        X509_VERIFY_PARAM *param = ctx->param;
        int depth,i,ok=0;
@@ -205,7 +204,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                                         */
 
                /* If we are self signed, we break */
-               xn=X509_get_issuer_name(x);
                if (ctx->check_issued(ctx, x,x)) break;
 
                /* If we were passed a cert chain, use it first */
@@ -242,7 +240,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
 
        i=sk_X509_num(ctx->chain);
        x=sk_X509_value(ctx->chain,i-1);
-       xn = X509_get_subject_name(x);
        if (ctx->check_issued(ctx, x, x))
                {
                /* we have a self signed certificate */
@@ -291,7 +288,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                if (depth < num) break;
 
                /* If we are self signed, we break */
-               xn=X509_get_issuer_name(x);
                if (ctx->check_issued(ctx,x,x)) break;
 
                ok = ctx->get_issuer(&xtmp, ctx, x);
@@ -310,7 +306,6 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                }
 
        /* we now have our chain, lets check it... */
-       xn=X509_get_issuer_name(x);
 
        /* Is last certificate looked up self signed? */
        if (!ctx->check_issued(ctx,x,x))
@@ -877,7 +872,7 @@ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
        {
        ASN1_OCTET_STRING *exta, *extb;
        int i;
-       i = X509_CRL_get_ext_by_NID(a, nid, 0);
+       i = X509_CRL_get_ext_by_NID(a, nid, -1);
        if (i >= 0)
                {
                /* Can't have multiple occurrences */
@@ -888,7 +883,7 @@ static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
        else
                exta = NULL;
 
-       i = X509_CRL_get_ext_by_NID(b, nid, 0);
+       i = X509_CRL_get_ext_by_NID(b, nid, -1);
 
        if (i >= 0)
                {

diff --git a/deps/openssl/openssl/crypto/x509/x509type.c b/deps/openssl/openssl/crypto/x509/x509type.c
index 3385ad3..9702ec5 100644 (file)
--- a/deps/openssl/openssl/crypto/x509/x509type.c
+++ b/deps/openssl/openssl/crypto/x509/x509type.c
@@ -100,20 +100,26 @@ int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
                break;
                }
 
-       i=X509_get_signature_type(x);
-       switch (i)
+       i=OBJ_obj2nid(x->sig_alg->algorithm);
+       if (i && OBJ_find_sigid_algs(i, NULL, &i))
                {
-       case EVP_PKEY_RSA:
-               ret|=EVP_PKS_RSA;
-               break;
-       case EVP_PKEY_DSA:
-               ret|=EVP_PKS_DSA;
-               break;
-       case EVP_PKEY_EC:
-               ret|=EVP_PKS_EC;
-               break;
-       default:
-               break;
+
+               switch (i)
+                       {
+               case NID_rsaEncryption:
+               case NID_rsa:
+                       ret|=EVP_PKS_RSA;
+                       break;
+               case NID_dsa:
+               case NID_dsa_2:
+                       ret|=EVP_PKS_DSA;
+                       break;
+               case NID_X9_62_id_ecPublicKey:
+                       ret|=EVP_PKS_EC;
+                       break;
+               default:
+                       break;
+                       }
                }
 
        if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look

diff --git a/deps/openssl/openssl/crypto/x509/x_all.c b/deps/openssl/openssl/crypto/x509/x_all.c
index 8ec88c2..b94aeeb 100644 (file)
--- a/deps/openssl/openssl/crypto/x509/x_all.c
+++ b/deps/openssl/openssl/crypto/x509/x_all.c
@@ -95,12 +95,25 @@ int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
                x->sig_alg, x->signature, x->cert_info,pkey,md));
        }
 
+int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
+       {
+       return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
+               x->cert_info->signature,
+               x->sig_alg, x->signature, x->cert_info, ctx);
+       }
+
 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
        {
        return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
                x->signature, x->req_info,pkey,md));
        }
 
+int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
+       {
+       return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
+               x->sig_alg, NULL, x->signature, x->req_info, ctx);
+       }
+
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
        {
        x->crl->enc.modified = 1;
@@ -108,6 +121,12 @@ int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
                x->sig_alg, x->signature, x->crl,pkey,md));
        }
 
+int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
+       {
+       return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
+               x->crl->sig_alg, x->sig_alg, x->signature, x->crl, ctx);
+       }
+
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
        {
        return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,

diff --git a/deps/openssl/openssl/crypto/x509v3/v3_asid.c b/deps/openssl/openssl/crypto/x509v3/v3_asid.c
index 3f434c0..1587e8e 100644 (file)
--- a/deps/openssl/openssl/crypto/x509v3/v3_asid.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_asid.c
@@ -358,6 +358,20 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
       goto done;
   }
 
+  /*
+   * Check for inverted range.
+   */
+  i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
+  {
+    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+    ASN1_INTEGER *a_min, *a_max;
+    if (a != NULL && a->type == ASIdOrRange_range) {
+      extract_min_max(a, &a_min, &a_max);
+      if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
+       goto done;
+    }
+  }
+
   ret = 1;
 
  done:
@@ -392,9 +406,18 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
     return 1;
 
   /*
-   * We have a list.  Sort it.
+   * If not a list, or if empty list, it's broken.
+   */
+  if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
+      sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
+    X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+             X509V3_R_EXTENSION_VALUE_ERROR);
+    return 0;
+  }
+
+  /*
+   * We have a non-empty list.  Sort it.
    */
-  OPENSSL_assert(choice->type == ASIdentifierChoice_asIdsOrRanges);
   sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
 
   /*
@@ -415,6 +438,13 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
     OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
 
     /*
+     * Punt inverted ranges.
+     */
+    if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
+       ASN1_INTEGER_cmp(b_min, b_max) > 0)
+      goto done;
+
+    /*
      * Check for overlaps.
      */
     if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
@@ -465,12 +495,26 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
        break;
       }
       ASIdOrRange_free(b);
-      sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
+      (void) sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
       i--;
       continue;
     }
   }
 
+  /*
+   * Check for final inverted range.
+   */
+  i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
+  {
+    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+    ASN1_INTEGER *a_min, *a_max;
+    if (a != NULL && a->type == ASIdOrRange_range) {
+      extract_min_max(a, &a_min, &a_max);
+      if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
+       goto done;
+    }
+  }
+
   OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
 
   ret = 1;
@@ -498,6 +542,7 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
                               struct v3_ext_ctx *ctx,
                               STACK_OF(CONF_VALUE) *values)
 {
+  ASN1_INTEGER *min = NULL, *max = NULL;
   ASIdentifiers *asid = NULL;
   int i;
 
@@ -508,7 +553,6 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
 
   for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
     CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
-    ASN1_INTEGER *min = NULL, *max = NULL;
     int i1, i2, i3, is_range, which;
 
     /*
@@ -578,18 +622,19 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
       max = s2i_ASN1_INTEGER(NULL, s + i2);
       OPENSSL_free(s);
       if (min == NULL || max == NULL) {
-       ASN1_INTEGER_free(min);
-       ASN1_INTEGER_free(max);
        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
        goto err;
       }
+      if (ASN1_INTEGER_cmp(min, max) > 0) {
+       X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_VALUE_ERROR);
+       goto err;
+      }
     }
     if (!v3_asid_add_id_or_range(asid, which, min, max)) {
-      ASN1_INTEGER_free(min);
-      ASN1_INTEGER_free(max);
       X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
       goto err;
     }
+    min = max = NULL;
   }
 
   /*
@@ -601,6 +646,8 @@ static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
 
  err:
   ASIdentifiers_free(asid);
+  ASN1_INTEGER_free(min);
+  ASN1_INTEGER_free(max);
   return NULL;
 }
 

diff --git a/deps/openssl/openssl/crypto/x509v3/v3_purp.c b/deps/openssl/openssl/crypto/x509v3/v3_purp.c
index 181bd34..ad68865 100644 (file)
--- a/deps/openssl/openssl/crypto/x509v3/v3_purp.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_purp.c
@@ -474,11 +474,11 @@ static void x509v3_cache_extensions(X509 *x)
        for (i = 0; i < X509_get_ext_count(x); i++)
                {
                ex = X509_get_ext(x, i);
-               if (!X509_EXTENSION_get_critical(ex))
-                       continue;
                if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
                                        == NID_freshest_crl)
                        x->ex_flags |= EXFLAG_FRESHEST;
+               if (!X509_EXTENSION_get_critical(ex))
+                       continue;
                if (!X509_supported_extension(ex))
                        {
                        x->ex_flags |= EXFLAG_CRITICAL;

diff --git a/deps/openssl/openssl/crypto/x509v3/v3_skey.c b/deps/openssl/openssl/crypto/x509v3/v3_skey.c
index 202c9e4..0a984fb 100644 (file)
--- a/deps/openssl/openssl/crypto/x509v3/v3_skey.c
+++ b/deps/openssl/openssl/crypto/x509v3/v3_skey.c
@@ -129,7 +129,8 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
                goto err;
        }
 
-       EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);
+       if (!EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL))
+               goto err;
 
        if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
                X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);

diff --git a/deps/openssl/openssl/crypto/x86_64cpuid.pl b/deps/openssl/openssl/crypto/x86_64cpuid.pl
index c96821a..6ebfd01 100644 (file)
--- a/deps/openssl/openssl/crypto/x86_64cpuid.pl
+++ b/deps/openssl/openssl/crypto/x86_64cpuid.pl
@@ -7,15 +7,25 @@ if ($flavour =~ /\./) { $output = $flavour; undef $flavour; }
 $win64=0; $win64=1 if ($flavour =~ /[nm]asm|mingw64/ || $output =~ /\.asm$/);
 
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-open STDOUT,"| $^X ${dir}perlasm/x86_64-xlate.pl $flavour $output";
+( $xlate="${dir}x86_64-xlate.pl" and -f $xlate ) or
+( $xlate="${dir}perlasm/x86_64-xlate.pl" and -f $xlate) or
+die "can't locate x86_64-xlate.pl";
+
+open OUT,"| \"$^X\" $xlate $flavour $output";
+*STDOUT=*OUT;
+
+($arg1,$arg2,$arg3,$arg4)=$win64?("%rcx","%rdx","%r8", "%r9") :        # Win64 order
+                                ("%rdi","%rsi","%rdx","%rcx"); # Unix order
 
-if ($win64)    { $arg1="%rcx"; $arg2="%rdx"; }
-else           { $arg1="%rdi"; $arg2="%rsi"; }
 print<<___;
 .extern                OPENSSL_cpuid_setup
+.hidden                OPENSSL_cpuid_setup
 .section       .init
        call    OPENSSL_cpuid_setup
 
+.hidden        OPENSSL_ia32cap_P
+.comm  OPENSSL_ia32cap_P,8,4
+
 .text
 
 .globl OPENSSL_atomic_add
@@ -46,7 +56,7 @@ OPENSSL_rdtsc:
 .type  OPENSSL_ia32_cpuid,\@abi-omnipotent
 .align 16
 OPENSSL_ia32_cpuid:
-       mov     %rbx,%r8
+       mov     %rbx,%r8                # save %rbx
 
        xor     %eax,%eax
        cpuid
@@ -78,7 +88,15 @@ OPENSSL_ia32_cpuid:
        # AMD specific
        mov     \$0x80000000,%eax
        cpuid
-       cmp     \$0x80000008,%eax
+       cmp     \$0x80000001,%eax
+       jb      .Lintel
+       mov     %eax,%r10d
+       mov     \$0x80000001,%eax
+       cpuid
+       or      %ecx,%r9d
+       and     \$0x00000801,%r9d       # isolate AMD XOP bit, 1<<11
+
+       cmp     \$0x80000008,%r10d
        jb      .Lintel
 
        mov     \$0x80000008,%eax
@@ -89,12 +107,12 @@ OPENSSL_ia32_cpuid:
        mov     \$1,%eax
        cpuid
        bt      \$28,%edx               # test hyper-threading bit
-       jnc     .Ldone
+       jnc     .Lgeneric
        shr     \$16,%ebx               # number of logical processors
        cmp     %r10b,%bl
-       ja      .Ldone
+       ja      .Lgeneric
        and     \$0xefffffff,%edx       # ~(1<<28)
-       jmp     .Ldone
+       jmp     .Lgeneric
 
 .Lintel:
        cmp     \$4,%r11d
@@ -111,30 +129,47 @@ OPENSSL_ia32_cpuid:
 .Lnocacheinfo:
        mov     \$1,%eax
        cpuid
+       and     \$0xbfefffff,%edx       # force reserved bits to 0
        cmp     \$0,%r9d
        jne     .Lnotintel
-       or      \$0x00100000,%edx       # use reserved 20th bit to engage RC4_CHAR
+       or      \$0x40000000,%edx       # set reserved bit#30 on Intel CPUs
        and     \$15,%ah
        cmp     \$15,%ah                # examine Family ID
-       je      .Lnotintel
-       or      \$0x40000000,%edx       # use reserved bit to skip unrolled loop
+       jne     .Lnotintel
+       or      \$0x00100000,%edx       # set reserved bit#20 to engage RC4_CHAR
 .Lnotintel:
        bt      \$28,%edx               # test hyper-threading bit
-       jnc     .Ldone
+       jnc     .Lgeneric
        and     \$0xefffffff,%edx       # ~(1<<28)
        cmp     \$0,%r10d
-       je      .Ldone
+       je      .Lgeneric
 
        or      \$0x10000000,%edx       # 1<<28
        shr     \$16,%ebx
        cmp     \$1,%bl                 # see if cache is shared
-       ja      .Ldone
+       ja      .Lgeneric
        and     \$0xefffffff,%edx       # ~(1<<28)
+.Lgeneric:
+       and     \$0x00000800,%r9d       # isolate AMD XOP flag
+       and     \$0xfffff7ff,%ecx
+       or      %ecx,%r9d               # merge AMD XOP flag
+
+       mov     %edx,%r10d              # %r9d:%r10d is copy of %ecx:%edx
+       bt      \$27,%r9d               # check OSXSAVE bit
+       jnc     .Lclear_avx
+       xor     %ecx,%ecx               # XCR0
+       .byte   0x0f,0x01,0xd0          # xgetbv
+       and     \$6,%eax                # isolate XMM and YMM state support
+       cmp     \$6,%eax
+       je      .Ldone
+.Lclear_avx:
+       mov     \$0xefffe7ff,%eax       # ~(1<<28|1<<12|1<<11)
+       and     %eax,%r9d               # clear AVX, FMA and AMD XOP bits
 .Ldone:
-       shl     \$32,%rcx
-       mov     %edx,%eax
-       mov     %r8,%rbx
-       or      %rcx,%rax
+       shl     \$32,%r9
+       mov     %r10d,%eax
+       mov     %r8,%rbx                # restore %rbx
+       or      %r9,%rax
        ret
 .size  OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid
 
@@ -229,4 +264,21 @@ OPENSSL_wipe_cpu:
 .size  OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
 ___
 
+print<<___;
+.globl OPENSSL_ia32_rdrand
+.type  OPENSSL_ia32_rdrand,\@abi-omnipotent
+.align 16
+OPENSSL_ia32_rdrand:
+       mov     \$8,%ecx
+.Loop_rdrand:
+       rdrand  %rax
+       jc      .Lbreak_rdrand
+       loop    .Loop_rdrand
+.Lbreak_rdrand:
+       cmp     \$0,%rax
+       cmove   %rcx,%rax
+       ret
+.size  OPENSSL_ia32_rdrand,.-OPENSSL_ia32_rdrand
+___
+
 close STDOUT;  # flush

diff --git a/deps/openssl/openssl/crypto/x86cpuid.pl b/deps/openssl/openssl/crypto/x86cpuid.pl
index a7464af..c18b0e2 100644 (file)
--- a/deps/openssl/openssl/crypto/x86cpuid.pl
+++ b/deps/openssl/openssl/crypto/x86cpuid.pl
@@ -19,9 +19,9 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
        &pushf  ();
        &pop    ("eax");
        &xor    ("ecx","eax");
-       &bt     ("ecx",21);
-       &jnc    (&label("done"));
        &xor    ("eax","eax");
+       &bt     ("ecx",21);
+       &jnc    (&label("nocpuid"));
        &cpuid  ();
        &mov    ("edi","eax");          # max value for standard query level
 
@@ -51,7 +51,14 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
        # AMD specific
        &mov    ("eax",0x80000000);
        &cpuid  ();
-       &cmp    ("eax",0x80000008);
+       &cmp    ("eax",0x80000001);
+       &jb     (&label("intel"));
+       &mov    ("esi","eax");
+       &mov    ("eax",0x80000001);
+       &cpuid  ();
+       &or     ("ebp","ecx");
+       &and    ("ebp",1<<11|1);        # isolate XOP bit
+       &cmp    ("esi",0x80000008);
        &jb     (&label("intel"));
 
        &mov    ("eax",0x80000008);
@@ -62,13 +69,13 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
        &mov    ("eax",1);
        &cpuid  ();
        &bt     ("edx",28);
-       &jnc    (&label("done"));
+       &jnc    (&label("generic"));
        &shr    ("ebx",16);
        &and    ("ebx",0xff);
        &cmp    ("ebx","esi");
-       &ja     (&label("done"));
+       &ja     (&label("generic"));
        &and    ("edx",0xefffffff);     # clear hyper-threading bit
-       &jmp    (&label("done"));
+       &jmp    (&label("generic"));
        
 &set_label("intel");
        &cmp    ("edi",4);
@@ -85,27 +92,51 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
 &set_label("nocacheinfo");
        &mov    ("eax",1);
        &cpuid  ();
+       &and    ("edx",0xbfefffff);     # force reserved bits #20, #30 to 0
        &cmp    ("ebp",0);
-       &jne    (&label("notP4"));
+       &jne    (&label("notintel"));
+       &or     ("edx",1<<30);          # set reserved bit#30 on Intel CPUs
        &and    (&HB("eax"),15);        # familiy ID
        &cmp    (&HB("eax"),15);        # P4?
-       &jne    (&label("notP4"));
-       &or     ("edx",1<<20);          # use reserved bit to engage RC4_CHAR
-&set_label("notP4");
+       &jne    (&label("notintel"));
+       &or     ("edx",1<<20);          # set reserved bit#20 to engage RC4_CHAR
+&set_label("notintel");
        &bt     ("edx",28);             # test hyper-threading bit
-       &jnc    (&label("done"));
+       &jnc    (&label("generic"));
        &and    ("edx",0xefffffff);
        &cmp    ("edi",0);
-       &je     (&label("done"));
+       &je     (&label("generic"));
 
        &or     ("edx",0x10000000);
        &shr    ("ebx",16);
        &cmp    (&LB("ebx"),1);
-       &ja     (&label("done"));
+       &ja     (&label("generic"));
        &and    ("edx",0xefffffff);     # clear hyper-threading bit if not
+
+&set_label("generic");
+       &and    ("ebp",1<<11);          # isolate AMD XOP flag
+       &and    ("ecx",0xfffff7ff);     # force 11th bit to 0
+       &mov    ("esi","edx");
+       &or     ("ebp","ecx");          # merge AMD XOP flag
+
+       &bt     ("ecx",27);             # check OSXSAVE bit
+       &jnc    (&label("clear_avx"));
+       &xor    ("ecx","ecx");
+       &data_byte(0x0f,0x01,0xd0);     # xgetbv
+       &and    ("eax",6);
+       &cmp    ("eax",6);
+       &je     (&label("done"));
+       &cmp    ("eax",2);
+       &je     (&label("clear_avx"));
+&set_label("clear_xmm");
+       &and    ("ebp",0xfdfffffd);     # clear AESNI and PCLMULQDQ bits
+       &and    ("esi",0xfeffffff);     # clear FXSR
+&set_label("clear_avx");
+       &and    ("ebp",0xefffe7ff);     # clear AVX, FMA and AMD XOP bits
 &set_label("done");
-       &mov    ("eax","edx");
-       &mov    ("edx","ecx");
+       &mov    ("eax","esi");
+       &mov    ("edx","ebp");
+&set_label("nocpuid");
 &function_end("OPENSSL_ia32_cpuid");
 
 &external_label("OPENSSL_ia32cap_P");
@@ -134,7 +165,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
        &jnz    (&label("nohalt"));     # not enough privileges
 
        &pushf  ();
-       &pop    ("eax")
+       &pop    ("eax");
        &bt     ("eax",9);
        &jnc    (&label("nohalt"));     # interrupts are disabled
 
@@ -199,8 +230,9 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
        &bt     (&DWP(0,"ecx"),1);
        &jnc    (&label("no_x87"));
        if ($sse2) {
-               &bt     (&DWP(0,"ecx"),26);
-               &jnc    (&label("no_sse2"));
+               &and    ("ecx",1<<26|1<<24);    # check SSE2 and FXSR bits
+               &cmp    ("ecx",1<<26|1<<24);
+               &jne    (&label("no_sse2"));
                &pxor   ("xmm0","xmm0");
                &pxor   ("xmm1","xmm1");
                &pxor   ("xmm2","xmm2");
@@ -248,7 +280,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
 #      arguments is 1 or 2!
 &function_begin_B("OPENSSL_indirect_call");
        {
-       my $i,$max=7;           # $max has to be chosen as 4*n-1
+       my ($max,$i)=(7,);      # $max has to be chosen as 4*n-1
                                # in order to preserve eventual
                                # stack alignment
        &push   ("ebp");
@@ -307,6 +339,18 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
        &ret    ();
 &function_end_B("OPENSSL_cleanse");
 
+&function_begin_B("OPENSSL_ia32_rdrand");
+       &mov    ("ecx",8);
+&set_label("loop");
+       &rdrand ("eax");
+       &jc     (&label("break"));
+       &loop   (&label("loop"));
+&set_label("break");
+       &cmp    ("eax",0);
+       &cmove  ("eax","ecx");
+       &ret    ();
+&function_end_B("OPENSSL_ia32_rdrand");
+
 &initseg("OPENSSL_cpuid_setup");
 
 &asm_finish();

diff --git a/deps/openssl/openssl/doc/HOWTO/proxy_certificates.txt b/deps/openssl/openssl/doc/HOWTO/proxy_certificates.txt
index 3d36b02..f98ec36 100644 (file)
--- a/deps/openssl/openssl/doc/HOWTO/proxy_certificates.txt
+++ b/deps/openssl/openssl/doc/HOWTO/proxy_certificates.txt
@@ -57,7 +57,7 @@ following methods:
 
  - in all other cases, proxy certificate validation can be enabled
    before starting the application by setting the envirnoment variable
-   OPENSSL_ALLOW_PROXY with some non-empty value.
+   OPENSSL_ALLOW_PROXY_CERTS with some non-empty value.
 
 There are thoughts to allow proxy certificates with a line in the
 default openssl.cnf, but that's still in the future.

diff --git a/deps/openssl/openssl/doc/apps/CA.pl.pod b/deps/openssl/openssl/doc/apps/CA.pl.pod
index ed69952..d326101 100644 (file)
--- a/deps/openssl/openssl/doc/apps/CA.pl.pod
+++ b/deps/openssl/openssl/doc/apps/CA.pl.pod
@@ -39,13 +39,13 @@ prints a usage message.
 
 =item B<-newcert>
 
-creates a new self signed certificate. The private key and certificate are
-written to the file "newreq.pem".
+creates a new self signed certificate. The private key is written to the file
+"newkey.pem" and the request written to the file "newreq.pem".
 
 =item B<-newreq>
 
-creates a new certificate request. The private key and request are
-written to the file "newreq.pem".
+creates a new certificate request. The private key is written to the file
+"newkey.pem" and the request written to the file "newreq.pem".
 
 =item B<-newreq-nodes>
 

diff --git a/deps/openssl/openssl/doc/apps/genpkey.pod b/deps/openssl/openssl/doc/apps/genpkey.pod
index 1611b5c..c74d097 100644 (file)
--- a/deps/openssl/openssl/doc/apps/genpkey.pod
+++ b/deps/openssl/openssl/doc/apps/genpkey.pod
@@ -114,6 +114,8 @@ hexadecimal value if preceded by B<0x>. Default value is 65537.
 
 The number of bits in the generated parameters. If not specified 1024 is used.
 
+=back
+
 =head1 DH PARAMETER GENERATION OPTIONS
 
 =over 4

diff --git a/deps/openssl/openssl/doc/apps/openssl.pod b/deps/openssl/openssl/doc/apps/openssl.pod
index 738142e..64a160c 100644 (file)
--- a/deps/openssl/openssl/doc/apps/openssl.pod
+++ b/deps/openssl/openssl/doc/apps/openssl.pod
@@ -287,8 +287,6 @@ SHA Digest
 
 SHA-1 Digest
 
-=back
-
 =item B<sha224>
 
 SHA-224 Digest
@@ -305,6 +303,8 @@ SHA-384 Digest
 
 SHA-512 Digest
 
+=back
+
 =head2 ENCODING AND CIPHER COMMANDS
 
 =over 10

diff --git a/deps/openssl/openssl/doc/apps/verify.pod b/deps/openssl/openssl/doc/apps/verify.pod
index 336098f..da68300 100644 (file)
--- a/deps/openssl/openssl/doc/apps/verify.pod
+++ b/deps/openssl/openssl/doc/apps/verify.pod
@@ -54,35 +54,37 @@ in PEM format concatenated together.
 =item B<-untrusted file>
 
 A file of untrusted certificates. The file should contain multiple certificates
+in PEM format concatenated together.
 
 =item B<-purpose purpose>
 
-the intended use for the certificate. Without this option no chain verification
-will be done. Currently accepted uses are B<sslclient>, B<sslserver>,
-B<nssslserver>, B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION>
-section for more information.
+The intended use for the certificate. If this option is not specified,
+B<verify> will not consider certificate purpose during chain verification.
+Currently accepted uses are B<sslclient>, B<sslserver>, B<nssslserver>,
+B<smimesign>, B<smimeencrypt>. See the B<VERIFY OPERATION> section for more
+information.
 
 =item B<-help>
 
-prints out a usage message.
+Print out a usage message.
 
 =item B<-verbose>
 
-print extra information about the operations being performed.
+Print extra information about the operations being performed.
 
 =item B<-issuer_checks>
 
-print out diagnostics relating to searches for the issuer certificate
-of the current certificate. This shows why each candidate issuer
-certificate was rejected. However the presence of rejection messages
-does not itself imply that anything is wrong: during the normal
-verify process several rejections may take place.
+Print out diagnostics relating to searches for the issuer certificate of the
+current certificate. This shows why each candidate issuer certificate was
+rejected. The presence of rejection messages does not itself imply that
+anything is wrong; during the normal verification process, several
+rejections may take place.
 
 =item B<-policy arg>
 
-Enable policy processing and add B<arg> to the user-initial-policy-set
-(see RFC3280 et al). The policy B<arg> can be an object name an OID in numeric
-form. This argument can appear more than once.
+Enable policy processing and add B<arg> to the user-initial-policy-set (see
+RFC5280). The policy B<arg> can be an object name an OID in numeric form.
+This argument can appear more than once.
 
 =item B<-policy_check>
 
@@ -90,41 +92,40 @@ Enables certificate policy processing.
 
 =item B<-explicit_policy>
 
-Set policy variable require-explicit-policy (see RFC3280 et al).
+Set policy variable require-explicit-policy (see RFC5280).
 
 =item B<-inhibit_any>
 
-Set policy variable inhibit-any-policy (see RFC3280 et al).
+Set policy variable inhibit-any-policy (see RFC5280).
 
 =item B<-inhibit_map>
 
-Set policy variable inhibit-policy-mapping (see RFC3280 et al).
+Set policy variable inhibit-policy-mapping (see RFC5280).
 
 =item B<-policy_print>
 
-Print out diagnostics, related to policy checking
+Print out diagnostics related to policy processing.
 
 =item B<-crl_check>
 
-Checks end entity certificate validity by attempting to lookup a valid CRL.
+Checks end entity certificate validity by attempting to look up a valid CRL.
 If a valid CRL cannot be found an error occurs. 
 
 =item B<-crl_check_all>
 
 Checks the validity of B<all> certificates in the chain by attempting
-to lookup valid CRLs.
+to look up valid CRLs.
 
 =item B<-ignore_critical>
 
 Normally if an unhandled critical extension is present which is not
-supported by OpenSSL the certificate is rejected (as required by
-RFC3280 et al). If this option is set critical extensions are
-ignored.
+supported by OpenSSL the certificate is rejected (as required by RFC5280).
+If this option is set critical extensions are ignored.
 
 =item B<-x509_strict>
 
-Disable workarounds for broken certificates which have to be disabled
-for strict X.509 compliance.
+For strict X.509 compliance, disable non-compliant workarounds for broken
+certificates.
 
 =item B<-extended_crl>
 
@@ -142,16 +143,15 @@ because it doesn't add any security.
 
 =item B<->
 
-marks the last option. All arguments following this are assumed to be
+Indicates the last option. All arguments following this are assumed to be
 certificate files. This is useful if the first certificate filename begins
 with a B<->.
 
 =item B<certificates>
 
-one or more certificates to verify. If no certificate filenames are included
-then an attempt is made to read a certificate from standard input. They should
-all be in PEM format.
-
+One or more certificates to verify. If no certificates are given, B<verify>
+will attempt to read a certificate from standard input. Certificates must be
+in PEM format.
 
 =back
 

diff --git a/deps/openssl/openssl/doc/apps/x509.pod b/deps/openssl/openssl/doc/apps/x509.pod
index 3002b08..d2d9eb8 100644 (file)
--- a/deps/openssl/openssl/doc/apps/x509.pod
+++ b/deps/openssl/openssl/doc/apps/x509.pod
@@ -29,6 +29,7 @@ B<openssl> B<x509>
 [B<-purpose>]
 [B<-dates>]
 [B<-modulus>]
+[B<-pubkey>]
 [B<-fingerprint>]
 [B<-alias>]
 [B<-noout>]
@@ -135,6 +136,10 @@ section for more information.
 
 this option prevents output of the encoded version of the request.
 
+=item B<-pubkey>
+
+outputs the the certificate's SubjectPublicKeyInfo block in PEM format.
+
 =item B<-modulus>
 
 this option prints out the value of the modulus of the public key

diff --git a/deps/openssl/openssl/doc/crypto/EVP_DigestInit.pod b/deps/openssl/openssl/doc/crypto/EVP_DigestInit.pod
index 5b477ac..367691c 100644 (file)
--- a/deps/openssl/openssl/doc/crypto/EVP_DigestInit.pod
+++ b/deps/openssl/openssl/doc/crypto/EVP_DigestInit.pod
@@ -6,7 +6,8 @@ EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
 EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE,
 EVP_MD_CTX_copy_ex, EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size,
 EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type,
-EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
+EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_sha224, EVP_sha256,
+EVP_sha384, EVP_sha512, EVP_dss, EVP_dss1, EVP_mdc2,
 EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj -
 EVP digest routines
 
@@ -33,16 +34,15 @@ EVP digest routines
 
  int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);  
 
- #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */
+ #define EVP_MAX_MD_SIZE 64    /* SHA512 */
 
+ int EVP_MD_type(const EVP_MD *md);
+ int EVP_MD_pkey_type(const EVP_MD *md);       
+ int EVP_MD_size(const EVP_MD *md);
+ int EVP_MD_block_size(const EVP_MD *md);
 
- #define EVP_MD_type(e)                        ((e)->type)
- #define EVP_MD_pkey_type(e)           ((e)->pkey_type)
- #define EVP_MD_size(e)                        ((e)->md_size)
- #define EVP_MD_block_size(e)          ((e)->block_size)
-
- #define EVP_MD_CTX_md(e)              (e)->digest)
- #define EVP_MD_CTX_size(e)            EVP_MD_size((e)->digest)
+ const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+ #define EVP_MD_CTX_size(e)            EVP_MD_size(EVP_MD_CTX_md(e))
  #define EVP_MD_CTX_block_size(e)      EVP_MD_block_size((e)->digest)
  #define EVP_MD_CTX_type(e)            EVP_MD_type((e)->digest)
 
@@ -56,6 +56,11 @@ EVP digest routines
  const EVP_MD *EVP_mdc2(void);
  const EVP_MD *EVP_ripemd160(void);
 
+ const EVP_MD *EVP_sha224(void);
+ const EVP_MD *EVP_sha256(void);
+ const EVP_MD *EVP_sha384(void);
+ const EVP_MD *EVP_sha512(void);
+
  const EVP_MD *EVP_get_digestbyname(const char *name);
  #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
  #define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
@@ -124,12 +129,14 @@ B<EVP_MD_CTX>.
 
 EVP_MD_pkey_type() returns the NID of the public key signing algorithm associated
 with this digest. For example EVP_sha1() is associated with RSA so this will
-return B<NID_sha1WithRSAEncryption>. This "link" between digests and signature
-algorithms may not be retained in future versions of OpenSSL.
+return B<NID_sha1WithRSAEncryption>. Since digests and signature algorithms
+are no longer linked this function is only retained for compatibility
+reasons.
 
-EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and EVP_ripemd160()
-return B<EVP_MD> structures for the MD2, MD5, SHA, SHA1, MDC2 and RIPEMD160 digest
-algorithms respectively. The associated signature algorithm is RSA in each case.
+EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_sha224(), EVP_sha256(),
+EVP_sha384(), EVP_sha512(), EVP_mdc2() and EVP_ripemd160() return B<EVP_MD>
+structures for the MD2, MD5, SHA, SHA1, SHA224, SHA256, SHA384, SHA512, MDC2
+and RIPEMD160 digest algorithms respectively. 
 
 EVP_dss() and EVP_dss1() return B<EVP_MD> structures for SHA and SHA1 digest
 algorithms but using DSS (DSA) for the signature algorithm. Note: there is 
@@ -171,8 +178,8 @@ The B<EVP> interface to message digests should almost always be used in
 preference to the low level interfaces. This is because the code then becomes
 transparent to the digest used and much more flexible.
 
-SHA1 is the digest of choice for new applications. The other digest algorithms
-are still in common use.
+New applications should use the SHA2 digest algorithms such as SHA256. 
+The other digest algorithms are still in common use.
 
 For most applications the B<impl> parameter to EVP_DigestInit_ex() will be
 set to NULL to use the default digest implementation.
@@ -187,6 +194,19 @@ implementations of digests to be specified.
 In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use
 memory leaks will occur. 
 
+Stack allocation of EVP_MD_CTX structures is common, for example:
+
+ EVP_MD_CTX mctx;
+ EVP_MD_CTX_init(&mctx);
+
+This will cause binary compatibility issues if the size of EVP_MD_CTX
+structure changes (this will only happen with a major release of OpenSSL).
+Applications wishing to avoid this should use EVP_MD_CTX_create() instead:
+
+ EVP_MD_CTX *mctx;
+ mctx = EVP_MD_CTX_create();
+
+
 =head1 EXAMPLE
 
 This example digests the data "Test Message\n" and "Hello World\n", using the
@@ -197,7 +217,7 @@ digest name passed on the command line.
 
  main(int argc, char *argv[])
  {
- EVP_MD_CTX mdctx;
+ EVP_MD_CTX *mdctx;
  const EVP_MD *md;
  char mess1[] = "Test Message\n";
  char mess2[] = "Hello World\n";
@@ -218,12 +238,12 @@ digest name passed on the command line.
        exit(1);
  }
 
- EVP_MD_CTX_init(&mdctx);
- EVP_DigestInit_ex(&mdctx, md, NULL);
- EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
- EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
- EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
- EVP_MD_CTX_cleanup(&mdctx);
+ mdctx = EVP_MD_CTX_create();
+ EVP_DigestInit_ex(mdctx, md, NULL);
+ EVP_DigestUpdate(mdctx, mess1, strlen(mess1));
+ EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
+ EVP_DigestFinal_ex(mdctx, md_value, &md_len);
+ EVP_MD_CTX_destroy(mdctx);
 
  printf("Digest is: ");
  for(i = 0; i < md_len; i++) printf("%02x", md_value[i]);

diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod b/deps/openssl/openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod
index f2f4559..13b91f1 100644 (file)
--- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod
+++ b/deps/openssl/openssl/doc/crypto/EVP_PKEY_CTX_ctrl.pod
@@ -117,7 +117,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 L<EVP_PKEY_keygen(3)|EVP_PKEY_keygen(3)> 
 

diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_decrypt.pod b/deps/openssl/openssl/doc/crypto/EVP_PKEY_decrypt.pod
index 42b2a8c..8479832 100644 (file)
--- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_decrypt.pod
+++ b/deps/openssl/openssl/doc/crypto/EVP_PKEY_decrypt.pod
@@ -83,7 +83,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 
 =head1 HISTORY

diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_derive.pod b/deps/openssl/openssl/doc/crypto/EVP_PKEY_derive.pod
index d9d6d76..27464be 100644 (file)
--- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_derive.pod
+++ b/deps/openssl/openssl/doc/crypto/EVP_PKEY_derive.pod
@@ -84,7 +84,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 
 =head1 HISTORY
 

diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_encrypt.pod b/deps/openssl/openssl/doc/crypto/EVP_PKEY_encrypt.pod
index 91c9c5d..e495a81 100644 (file)
--- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_encrypt.pod
+++ b/deps/openssl/openssl/doc/crypto/EVP_PKEY_encrypt.pod
@@ -83,7 +83,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 
 =head1 HISTORY

diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_get_default_digest.pod b/deps/openssl/openssl/doc/crypto/EVP_PKEY_get_default_digest.pod
index 1a9c795..8ff597d 100644 (file)
--- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_get_default_digest.pod
+++ b/deps/openssl/openssl/doc/crypto/EVP_PKEY_get_default_digest.pod
@@ -32,7 +32,7 @@ public key algorithm.
 L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 
 =head1 HISTORY
 

diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_keygen.pod b/deps/openssl/openssl/doc/crypto/EVP_PKEY_keygen.pod
index 37c6fe9..fd431ac 100644 (file)
--- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_keygen.pod
+++ b/deps/openssl/openssl/doc/crypto/EVP_PKEY_keygen.pod
@@ -151,7 +151,7 @@ L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 
 =head1 HISTORY

diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_sign.pod b/deps/openssl/openssl/doc/crypto/EVP_PKEY_sign.pod
index 2fb52c3..a044f2c 100644 (file)
--- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_sign.pod
+++ b/deps/openssl/openssl/doc/crypto/EVP_PKEY_sign.pod
@@ -86,7 +86,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_verify(3)|EVP_PKEY_verify(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 
 =head1 HISTORY

diff --git a/deps/openssl/openssl/doc/crypto/EVP_PKEY_verify.pod b/deps/openssl/openssl/doc/crypto/EVP_PKEY_verify.pod
index f93e5fc..90612ba 100644 (file)
--- a/deps/openssl/openssl/doc/crypto/EVP_PKEY_verify.pod
+++ b/deps/openssl/openssl/doc/crypto/EVP_PKEY_verify.pod
@@ -81,7 +81,7 @@ L<EVP_PKEY_CTX_new(3)|EVP_PKEY_CTX_new(3)>,
 L<EVP_PKEY_encrypt(3)|EVP_PKEY_encrypt(3)>,
 L<EVP_PKEY_decrypt(3)|EVP_PKEY_decrypt(3)>,
 L<EVP_PKEY_sign(3)|EVP_PKEY_sign(3)>,
-L<EVP_PKEY_verifyrecover(3)|EVP_PKEY_verifyrecover(3)>,
+L<EVP_PKEY_verify_recover(3)|EVP_PKEY_verify_recover(3)>,
 L<EVP_PKEY_derive(3)|EVP_PKEY_derive(3)> 
 
 =head1 HISTORY

diff --git a/deps/openssl/openssl/doc/crypto/ecdsa.pod b/deps/openssl/openssl/doc/crypto/ecdsa.pod
index 49b10f2..20edff9 100644 (file)
--- a/deps/openssl/openssl/doc/crypto/ecdsa.pod
+++ b/deps/openssl/openssl/doc/crypto/ecdsa.pod
@@ -114,7 +114,7 @@ using the public key B<eckey>.
 
 ECDSA_size() returns the maximum length signature or 0 on error.
 
-ECDSA_sign_setup() and ECDSA_sign() return 1 if successful or -1
+ECDSA_sign_setup() and ECDSA_sign() return 1 if successful or 0
 on error.
 
 ECDSA_verify() and ECDSA_do_verify() return 1 for a valid

diff --git a/deps/openssl/openssl/doc/ssl/SSL_alert_type_string.pod b/deps/openssl/openssl/doc/ssl/SSL_alert_type_string.pod
index 94e28cc..0329c34 100644 (file)
--- a/deps/openssl/openssl/doc/ssl/SSL_alert_type_string.pod
+++ b/deps/openssl/openssl/doc/ssl/SSL_alert_type_string.pod
@@ -214,6 +214,11 @@ satisfy a request; the process might receive security parameters
 difficult to communicate changes to these parameters after that
 point. This message is always a warning.
 
+=item "UP"/"unknown PSK identity"
+
+Sent by the server to indicate that it does not recognize a PSK
+identity or an SRP identity. 
+
 =item "UK"/"unknown"
 
 This indicates that no description is available for this alert type.

diff --git a/deps/openssl/openssl/e_os.h b/deps/openssl/openssl/e_os.h
index 5ceeeeb..79c1392 100644 (file)
--- a/deps/openssl/openssl/e_os.h
+++ b/deps/openssl/openssl/e_os.h
@@ -99,7 +99,6 @@ extern "C" {
 #  ifndef MAC_OS_GUSI_SOURCE
 #    define MAC_OS_pre_X
 #    define NO_SYS_TYPES_H
-     typedef long ssize_t;
 #  endif
 #  define NO_SYS_PARAM_H
 #  define NO_CHMOD
@@ -340,8 +339,6 @@ static unsigned int _strlen31(const char *str)
 #    define OPENSSL_NO_POSIX_IO
 #  endif
 
-#  define ssize_t long
-
 #  if defined (__BORLANDC__)
 #    define _setmode setmode
 #    define _O_TEXT O_TEXT
@@ -456,9 +453,6 @@ static unsigned int _strlen31(const char *str)
                          * (unless when compiling with -D_POSIX_SOURCE,
                          * which doesn't work for us) */
 #    endif
-#    if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)
-#      define ssize_t int /* ditto */
-#    endif
 #    ifdef OPENSSL_SYS_NEWS4 /* setvbuf is missing on mips-sony-bsd */
 #      define setvbuf(a, b, c, d) setbuffer((a), (b), (d))
        typedef unsigned long clock_t;
@@ -637,12 +631,6 @@ static unsigned int _strlen31(const char *str)
 
 #endif
 
-#if defined(__ultrix)
-#  ifndef ssize_t
-#    define ssize_t int 
-#  endif
-#endif
-
 #if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
   /* include headers first, so our defines don't break it */
 #include <stdlib.h>

diff --git a/deps/openssl/openssl/e_os2.h b/deps/openssl/openssl/e_os2.h
index d30724d..d22c036 100644 (file)
--- a/deps/openssl/openssl/e_os2.h
+++ b/deps/openssl/openssl/e_os2.h
@@ -289,6 +289,26 @@ extern "C" {
 # define OPENSSL_GLOBAL_REF(name) _shadow_##name
 #endif
 
+#if defined(OPENSSL_SYS_MACINTOSH_CLASSIC) && macintosh==1 && !defined(MAC_OS_GUSI_SOURCE)
+#  define ossl_ssize_t long
+#endif
+
+#ifdef OPENSSL_SYS_MSDOS
+#  define ossl_ssize_t long
+#endif
+
+#if defined(NeXT) || defined(OPENSSL_SYS_NEWS4) || defined(OPENSSL_SYS_SUNOS)
+#  define ssize_t int
+#endif
+
+#if defined(__ultrix) && !defined(ssize_t)
+#  define ossl_ssize_t int 
+#endif
+
+#ifndef ossl_ssize_t
+#  define ossl_ssize_t ssize_t
+#endif
+
 #ifdef  __cplusplus
 }
 #endif

diff --git a/deps/openssl/openssl/engines/ccgost/Makefile b/deps/openssl/openssl/engines/ccgost/Makefile
index dadb523..d661c10 100644 (file)
--- a/deps/openssl/openssl/engines/ccgost/Makefile
+++ b/deps/openssl/openssl/engines/ccgost/Makefile
@@ -142,13 +142,13 @@ gost94_keyx.o: ../../include/openssl/x509_vfy.h e_gost_err.h gost89.h
 gost94_keyx.o: gost94_keyx.c gost_keywrap.h gost_lcl.h gosthash.h
 gost_ameth.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
 gost_ameth.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-gost_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-gost_ameth.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
-gost_ameth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
-gost_ameth.o: ../../include/openssl/ecdsa.h ../../include/openssl/engine.h
-gost_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-gost_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-gost_ameth.o: ../../include/openssl/objects.h
+gost_ameth.o: ../../include/openssl/buffer.h ../../include/openssl/cms.h
+gost_ameth.o: ../../include/openssl/crypto.h ../../include/openssl/dsa.h
+gost_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+gost_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+gost_ameth.o: ../../include/openssl/engine.h ../../include/openssl/err.h
+gost_ameth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+gost_ameth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
 gost_ameth.o: ../../include/openssl/opensslconf.h
 gost_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 gost_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h

diff --git a/deps/openssl/openssl/engines/ccgost/gost89.c b/deps/openssl/openssl/engines/ccgost/gost89.c
index 7ebae0f..b0568c6 100644 (file)
--- a/deps/openssl/openssl/engines/ccgost/gost89.c
+++ b/deps/openssl/openssl/engines/ccgost/gost89.c
@@ -369,7 +369,13 @@ int gost_mac(gost_ctx *ctx,int mac_len,const unsigned char *data,
                memset(buf2,0,8);
                memcpy(buf2,data+i,data_len-i);
                mac_block(ctx,buffer,buf2);
-               }       
+               i+=8;
+               }
+       if (i==8)
+               {
+               memset(buf2,0,8);
+               mac_block(ctx,buffer,buf2);
+               }
        get_mac(buffer,mac_len,mac);
        return 1;
        }
@@ -389,7 +395,13 @@ int gost_mac_iv(gost_ctx *ctx,int mac_len,const unsigned char *iv,const unsigned
                memset(buf2,0,8);
                memcpy(buf2,data+i,data_len-i);
                mac_block(ctx,buffer,buf2);
+               i+=8;
                }       
+       if (i==8)
+               {
+               memset(buf2,0,8);
+               mac_block(ctx,buffer,buf2);
+               }
        get_mac(buffer,mac_len,mac);
        return 1;
        }

diff --git a/deps/openssl/openssl/engines/ccgost/gost_ameth.c b/deps/openssl/openssl/engines/ccgost/gost_ameth.c
index e6c2839..2cde1fc 100644 (file)
--- a/deps/openssl/openssl/engines/ccgost/gost_ameth.c
+++ b/deps/openssl/openssl/engines/ccgost/gost_ameth.c
@@ -13,6 +13,9 @@
 #include <openssl/engine.h>
 #include <openssl/evp.h>
 #include <openssl/asn1.h>
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
 #include "gost_params.h"
 #include "gost_lcl.h"
 #include "e_gost_err.h"
@@ -230,6 +233,24 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op,
                                X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
                                }
                        return 1;
+#ifndef OPENSSL_NO_CMS
+               case ASN1_PKEY_CTRL_CMS_SIGN:
+                       if (arg1 == 0) 
+                               {
+                               X509_ALGOR *alg1 = NULL, *alg2 = NULL;
+                               int nid = EVP_PKEY_base_id(pkey);
+                               CMS_SignerInfo_get0_algs((CMS_SignerInfo *)arg2, 
+                                       NULL, NULL, &alg1, &alg2);
+                               X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94),
+                                       V_ASN1_NULL, 0);
+                               if (nid == NID_undef) 
+                                       {
+                                       return (-1);
+                                       }
+                               X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
+                               }
+                       return 1;
+#endif
                case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
                        if (arg1 == 0)
                                {
@@ -244,6 +265,22 @@ static int pkey_ctrl_gost(EVP_PKEY *pkey, int op,
                                        V_ASN1_SEQUENCE, params);
                                }
                        return 1;
+#ifndef OPENSSL_NO_CMS
+               case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+                       if (arg1 == 0)
+                               {
+                               X509_ALGOR *alg;
+                               ASN1_STRING * params = encode_gost_algor_params(pkey);
+                               if (!params) 
+                                       {
+                                       return -1;
+                                       }
+                               CMS_RecipientInfo_ktri_get0_algs((CMS_RecipientInfo *)arg2, NULL, NULL, &alg);
+                               X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type),
+                                       V_ASN1_SEQUENCE, params);
+                               }
+                       return 1;
+#endif
                case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
                        *(int *)arg2 = NID_id_GostR3411_94;
                        return 2;

diff --git a/deps/openssl/openssl/engines/ccgost/gost_crypt.c b/deps/openssl/openssl/engines/ccgost/gost_crypt.c
index cde58c0..52aef15 100644 (file)
--- a/deps/openssl/openssl/engines/ccgost/gost_crypt.c
+++ b/deps/openssl/openssl/engines/ccgost/gost_crypt.c
@@ -11,6 +11,14 @@
 #include <openssl/rand.h>
 #include "e_gost_err.h"
 #include "gost_lcl.h"
+
+#if !defined(CCGOST_DEBUG) && !defined(DEBUG)
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
+#endif
+#include <assert.h>
+
 static int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 
        const unsigned char *iv, int enc);
 static int     gost_cipher_init_cpa(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -206,12 +214,13 @@ int gost_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 static void gost_crypt_mesh (void *ctx,unsigned char *iv,unsigned char *buf)
        {
        struct ossl_gost_cipher_ctx *c = ctx;
-       if (c->count&&c->key_meshing && c->count%1024==0)
+       assert(c->count%8 == 0 && c->count <= 1024);
+       if (c->key_meshing && c->count==1024)
                {
                cryptopro_key_meshing(&(c->cctx),iv);
                }       
        gostcrypt(&(c->cctx),iv,buf);
-       c->count+=8;
+       c->count = c->count%1024 + 8;
        }
 
 static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf)
@@ -219,7 +228,8 @@ static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf)
        struct ossl_gost_cipher_ctx *c = ctx;
        word32 g,go;
        unsigned char buf1[8];
-       if (c->count && c->key_meshing && c->count %1024 ==0)
+       assert(c->count%8 == 0 && c->count <= 1024);
+       if (c->key_meshing && c->count==1024)
                {
                cryptopro_key_meshing(&(c->cctx),iv);
                }
@@ -248,7 +258,7 @@ static void gost_cnt_next (void *ctx, unsigned char *iv, unsigned char *buf)
        buf1[7]=(unsigned char)((g>>24)&0xff);
        memcpy(iv,buf1,8);
        gostcrypt(&(c->cctx),buf1,buf);
-       c->count +=8;
+       c->count = c->count%1024 + 8;
        }
 
 /* GOST encryption in CFB mode */
@@ -511,12 +521,13 @@ static void mac_block_mesh(struct ossl_gost_imit_ctx *c,const unsigned char *dat
         * interpret internal state of MAC algorithm as iv during keymeshing
         * (but does initialize internal state from iv in key transport
         */
-       if (c->key_meshing&& c->count && c->count %1024 ==0)
+       assert(c->count%8 == 0 && c->count <= 1024);
+       if (c->key_meshing && c->count==1024)
                {
                cryptopro_key_meshing(&(c->cctx),buffer);
                }
        mac_block(&(c->cctx),c->buffer,data);
-       c->count +=8;
+       c->count = c->count%1024 + 8;
        }
 
 int gost_imit_update(EVP_MD_CTX *ctx, const void *data, size_t count)
@@ -565,6 +576,12 @@ int gost_imit_final(EVP_MD_CTX *ctx,unsigned char *md)
                GOSTerr(GOST_F_GOST_IMIT_FINAL, GOST_R_MAC_KEY_NOT_SET);
                return 0;
        }
+       if (c->count==0 && c->bytes_left)
+               {
+               unsigned char buffer[8];
+               memset(buffer, 0, 8);
+               gost_imit_update(ctx, buffer, 8);
+               }
        if (c->bytes_left)
                {
                int i;

diff --git a/deps/openssl/openssl/engines/ccgost/gost_eng.c b/deps/openssl/openssl/engines/ccgost/gost_eng.c
index d2cbe3b..8f29bf6 100644 (file)
--- a/deps/openssl/openssl/engines/ccgost/gost_eng.c
+++ b/deps/openssl/openssl/engines/ccgost/gost_eng.c
@@ -64,6 +64,13 @@ static int gost_engine_finish(ENGINE *e)
 static int gost_engine_destroy(ENGINE *e)
        { 
        gost_param_free();
+
+       pmeth_GostR3410_94 = NULL;
+       pmeth_GostR3410_2001 = NULL;
+       pmeth_Gost28147_MAC = NULL;
+       ameth_GostR3410_94 = NULL;
+       ameth_GostR3410_2001 = NULL;
+       ameth_Gost28147_MAC = NULL;
        return 1;
        }
 
@@ -71,6 +78,11 @@ static int bind_gost (ENGINE *e,const char *id)
        {
        int ret = 0;
        if (id && strcmp(id, engine_gost_id)) return 0;
+       if (ameth_GostR3410_94)
+               {
+               printf("GOST engine already loaded\n");
+               goto end;
+               }
 
        if (!ENGINE_set_id(e, engine_gost_id)) 
                {
@@ -263,7 +275,10 @@ static ENGINE *engine_gost(void)
        
 void ENGINE_load_gost(void)
        {
-       ENGINE *toadd =engine_gost();
+       ENGINE *toadd;
+       if (pmeth_GostR3410_94)
+               return;
+       toadd = engine_gost();
        if (!toadd) return;
        ENGINE_add(toadd);
        ENGINE_free(toadd);

diff --git a/deps/openssl/openssl/engines/ccgost/gost_lcl.h b/deps/openssl/openssl/engines/ccgost/gost_lcl.h
index 437a48c..00aa42c 100644 (file)
--- a/deps/openssl/openssl/engines/ccgost/gost_lcl.h
+++ b/deps/openssl/openssl/engines/ccgost/gost_lcl.h
@@ -136,7 +136,7 @@ extern EVP_MD imit_gost_cpa;
 /* Cipher context used for EVP_CIPHER operation */
 struct ossl_gost_cipher_ctx {
        int paramNID;
-       off_t count;
+       unsigned int count;
        int key_meshing;
        gost_ctx cctx;
 };     
@@ -151,7 +151,7 @@ struct ossl_gost_imit_ctx {
        gost_ctx cctx;
        unsigned char buffer[8];
        unsigned char partial_block[8];
-       off_t count;
+       unsigned int count;
        int key_meshing;
        int bytes_left;
        int key_set;

diff --git a/deps/openssl/openssl/engines/ccgost/gost_pmeth.c b/deps/openssl/openssl/engines/ccgost/gost_pmeth.c
index caaea99..f91c9b1 100644 (file)
--- a/deps/openssl/openssl/engines/ccgost/gost_pmeth.c
+++ b/deps/openssl/openssl/engines/ccgost/gost_pmeth.c
@@ -89,6 +89,12 @@ static int pkey_gost_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
                case EVP_PKEY_CTRL_PKCS7_DECRYPT:
                case EVP_PKEY_CTRL_PKCS7_SIGN:
+               case EVP_PKEY_CTRL_DIGESTINIT:
+#ifndef OPENSSL_NO_CMS         
+               case EVP_PKEY_CTRL_CMS_ENCRYPT:
+               case EVP_PKEY_CTRL_CMS_DECRYPT:
+               case EVP_PKEY_CTRL_CMS_SIGN:
+#endif         
                        return 1;
 
                case EVP_PKEY_CTRL_GOST_PARAMSET:
@@ -123,7 +129,7 @@ static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
                        }
                if (strlen(value) == 1)
                        {
-                       switch(toupper(value[0]))
+                       switch(toupper((unsigned char)value[0]))
                                {
                                case 'A':
                                        param_nid = NID_id_GostR3410_94_CryptoPro_A_ParamSet;
@@ -142,9 +148,9 @@ static int pkey_gost_ctrl94_str(EVP_PKEY_CTX *ctx,
                                        break;
                                }
                        }
-               else if ((strlen(value) == 2) && (toupper(value[0]) == 'X'))
+               else if ((strlen(value) == 2) && (toupper((unsigned char)value[0]) == 'X'))
                        {
-                       switch (toupper(value[1]))
+                       switch (toupper((unsigned char)value[1]))
                                {
                                case 'A':
                                        param_nid = NID_id_GostR3410_94_CryptoPro_XchA_ParamSet;
@@ -198,7 +204,7 @@ static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
                        }
                if (strlen(value) == 1)
                        {
-                       switch(toupper(value[0]))
+                       switch(toupper((unsigned char)value[0]))
                                {
                                case 'A':
                                        param_nid = NID_id_GostR3410_2001_CryptoPro_A_ParamSet;
@@ -217,9 +223,9 @@ static int pkey_gost_ctrl01_str(EVP_PKEY_CTX *ctx,
                                        break;
                                }
                        }
-               else if ((strlen(value) == 2) && (toupper(value[0]) == 'X'))
+               else if ((strlen(value) == 2) && (toupper((unsigned char)value[0]) == 'X'))
                        {
-                       switch (toupper(value[1]))
+                       switch (toupper((unsigned char)value[1]))
                                {
                                case 'A':
                                        param_nid = NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet;
@@ -521,6 +527,7 @@ static int pkey_gost_mac_ctrl_str(EVP_PKEY_CTX *ctx,
                                {
                                GOSTerr(GOST_F_PKEY_GOST_MAC_CTRL_STR,
                                        GOST_R_INVALID_MAC_KEY_LENGTH);
+                               OPENSSL_free(keybuf);
                                return 0;       
                                }
                        ret= pkey_gost_mac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY,

diff --git a/deps/openssl/openssl/engines/ccgost/gosthash.c b/deps/openssl/openssl/engines/ccgost/gosthash.c
index a5c0662..8c278aa 100644 (file)
--- a/deps/openssl/openssl/engines/ccgost/gosthash.c
+++ b/deps/openssl/openssl/engines/ccgost/gosthash.c
@@ -42,7 +42,7 @@ static void circle_xor8 (const byte *w, byte *k)
        byte buf[8];
        int i;
        memcpy(buf,w,8);
-       memcpy(k,w+8,24);
+       memmove(k,w+8,24);
        for(i=0;i<8;i++) 
                k[i+24]=buf[i]^k[i];
        }

diff --git a/deps/openssl/openssl/engines/e_aep.c b/deps/openssl/openssl/engines/e_aep.c
index d7f89e5..1953f06 100644 (file)
--- a/deps/openssl/openssl/engines/e_aep.c
+++ b/deps/openssl/openssl/engines/e_aep.c
@@ -85,7 +85,6 @@ extern int GetThreadID(void);
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
-#include <openssl/bn.h>
 
 #ifndef OPENSSL_NO_HW
 #ifndef OPENSSL_NO_HW_AEP

diff --git a/deps/openssl/openssl/engines/e_capi.c b/deps/openssl/openssl/engines/e_capi.c
index 24b620f..c1085b5 100644 (file)
--- a/deps/openssl/openssl/engines/e_capi.c
+++ b/deps/openssl/openssl/engines/e_capi.c
@@ -442,28 +442,36 @@ static int capi_init(ENGINE *e)
        CAPI_CTX *ctx;
        const RSA_METHOD *ossl_rsa_meth;
        const DSA_METHOD *ossl_dsa_meth;
-       capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
-       cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
+
+       if (capi_idx < 0)
+               {
+               capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
+               if (capi_idx < 0)
+                       goto memerr;
+
+               cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
+
+               /* Setup RSA_METHOD */
+               rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+               ossl_rsa_meth = RSA_PKCS1_SSLeay();
+               capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
+               capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
+               capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
+               capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
+
+               /* Setup DSA Method */
+               dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+               ossl_dsa_meth = DSA_OpenSSL();
+               capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
+               capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
+               capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
+               }
 
        ctx = capi_ctx_new();
-       if (!ctx || (capi_idx < 0))
+       if (!ctx)
                goto memerr;
 
        ENGINE_set_ex_data(e, capi_idx, ctx);
-       /* Setup RSA_METHOD */
-       rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
-       ossl_rsa_meth = RSA_PKCS1_SSLeay();
-       capi_rsa_method.rsa_pub_enc = ossl_rsa_meth->rsa_pub_enc;
-       capi_rsa_method.rsa_pub_dec = ossl_rsa_meth->rsa_pub_dec;
-       capi_rsa_method.rsa_mod_exp = ossl_rsa_meth->rsa_mod_exp;
-       capi_rsa_method.bn_mod_exp = ossl_rsa_meth->bn_mod_exp;
-
-       /* Setup DSA Method */
-       dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
-       ossl_dsa_meth = DSA_OpenSSL();
-       capi_dsa_method.dsa_do_verify = ossl_dsa_meth->dsa_do_verify;
-       capi_dsa_method.dsa_mod_exp = ossl_dsa_meth->dsa_mod_exp;
-       capi_dsa_method.bn_mod_exp = ossl_dsa_meth->bn_mod_exp;
 
 #ifdef OPENSSL_CAPIENG_DIALOG
        {
@@ -522,6 +530,7 @@ static int bind_capi(ENGINE *e)
        {
        if (!ENGINE_set_id(e, engine_capi_id)
                || !ENGINE_set_name(e, engine_capi_name)
+               || !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
                || !ENGINE_set_init_function(e, capi_init)
                || !ENGINE_set_finish_function(e, capi_finish)
                || !ENGINE_set_destroy_function(e, capi_destroy)
@@ -1155,6 +1164,7 @@ static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
                {
                CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
                capi_addlasterror();
+               CryptReleaseContext(hprov, 0);
                return 0;
                }
        CAPI_trace(ctx, "Got max container len %d\n", buflen);
@@ -1422,10 +1432,13 @@ static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id, HCERTSTORE h
 static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const char *contname, char *provname, DWORD ptype, DWORD keyspec)
        {
        CAPI_KEY *key;
+    DWORD dwFlags = 0; 
        key = OPENSSL_malloc(sizeof(CAPI_KEY));
        CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n", 
                                                contname, provname, ptype);
-       if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, 0))
+    if(ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
+        dwFlags = CRYPT_MACHINE_KEYSET;
+    if (!CryptAcquireContextA(&key->hprov, contname, provname, ptype, dwFlags)) 
                {
                CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
                capi_addlasterror();
@@ -1572,6 +1585,8 @@ static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type, int che
                        }
                CryptReleaseContext(hprov, 0);
                }
+       if (ctx->cspname)
+               OPENSSL_free(ctx->cspname);
        ctx->cspname = BUF_strdup(pname);
        ctx->csptype = type;
        return 1;
@@ -1581,9 +1596,12 @@ static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx)
        {
        LPSTR pname;
        DWORD type;
+       int res;
        if (capi_get_provname(ctx, &pname, &type, idx) != 1)
                return 0;
-       return capi_ctx_set_provname(ctx, pname, type, 0);
+       res = capi_ctx_set_provname(ctx, pname, type, 0);
+       OPENSSL_free(pname);
+       return res;
        }
 
 static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)

diff --git a/deps/openssl/openssl/engines/e_padlock.c b/deps/openssl/openssl/engines/e_padlock.c
index 7d09419..9f7a85a 100644 (file)
--- a/deps/openssl/openssl/engines/e_padlock.c
+++ b/deps/openssl/openssl/engines/e_padlock.c
@@ -104,11 +104,13 @@
 # if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
      (defined(_MSC_VER) && defined(_M_IX86))
 #  define COMPILE_HW_PADLOCK
-static ENGINE *ENGINE_padlock (void);
 # endif
 #endif
 
 #ifdef OPENSSL_NO_DYNAMIC_ENGINE
+#ifdef COMPILE_HW_PADLOCK
+static ENGINE *ENGINE_padlock (void);
+#endif
 
 void ENGINE_load_padlock (void)
 {
@@ -197,6 +199,8 @@ padlock_bind_helper(ENGINE *e)
        return 1;
 }
 
+#ifdef OPENSSL_NO_DYNAMIC_ENGINE
+
 /* Constructor */
 static ENGINE *
 ENGINE_padlock(void)
@@ -215,6 +219,8 @@ ENGINE_padlock(void)
        return eng;
 }
 
+#endif
+
 /* Check availability of the engine */
 static int
 padlock_init(ENGINE *e)

diff --git a/deps/openssl/openssl/makevms.com b/deps/openssl/openssl/makevms.com
index eb22f20..de1dbd9 100755 (executable)
--- a/deps/openssl/openssl/makevms.com
+++ b/deps/openssl/openssl/makevms.com
@@ -263,8 +263,10 @@ $ CONFIG_LOGICALS := AES,-
                     DH,-
                     DSA,-
                     EC,-
+                    EC2M,-
                     ECDH,-
                     ECDSA,-
+                    EC_NISTP_64_GCC_128,-
                     ENGINE,-
                     ERR,-
                     EVP,-
@@ -296,7 +298,9 @@ $ CONFIG_LOGICALS := AES,-
                     SHA256,-
                     SHA512,-
                     SOCK,-
+                    SRP,-
                     SSL2,-
+                    SSL_INTERN,-
                     STACK,-
                     STATIC_ENGINE,-
                     STDIO,-
@@ -335,7 +339,8 @@ $ CONFIG_DISABLE_RULES := RIJNDAEL/AES;-
                          DSA/GOST;-
                          DH/GOST;-
                          /STATIC_ENGINE;-
-                         /KRB5
+                         /KRB5;-
+                         /EC_NISTP_64_GCC_128
 $ CONFIG_ENABLE_RULES := ZLIB_DYNAMIC/ZLIB;-
                         /THREADS
 $
@@ -498,6 +503,9 @@ $ WRITE H_FILE " *       value _IONBF is not supported."
 $ WRITE H_FILE " * So, skip it on VMS."
 $ WRITE H_FILE " */"
 $ WRITE H_FILE "#define OPENSSL_NO_SETVBUF_IONBF"
+$ WRITE H_FILE "/* STCP support comes with TCPIP 5.7 ECO 2 "
+$ WRITE H_FILE " * enable on newer systems / 2012-02-24 arpadffy */"
+$ WRITE H_FILE "#define OPENSSL_NO_SCTP"
 $ WRITE H_FILE ""
 $!
 $! Add in the common "crypto/opensslconf.h.in".
@@ -704,7 +712,7 @@ $ SDIRS := , -
    BUFFER, BIO, STACK, LHASH, RAND, ERR, -
    EVP, ASN1, PEM, X509, X509V3, CONF, TXT_DB, PKCS7, PKCS12, -
    COMP, OCSP, UI, KRB5, -
-   STORE, CMS, PQUEUE, TS, JPAKE
+   CMS, PQUEUE, TS, JPAKE, SRP, STORE, CMAC
 $!
 $ EXHEADER_ := crypto.h, opensslv.h, ebcdic.h, symhacks.h, ossl_typ.h
 $ EXHEADER_'ARCHD' := opensslconf.h
@@ -756,12 +764,14 @@ $ EXHEADER_COMP := comp.h
 $ EXHEADER_OCSP := ocsp.h
 $ EXHEADER_UI := ui.h, ui_compat.h
 $ EXHEADER_KRB5 := krb5_asn.h
-$!!! EXHEADER_STORE := store.h, str_compat.h
-$ EXHEADER_STORE := store.h
 $ EXHEADER_CMS := cms.h
 $ EXHEADER_PQUEUE := pqueue.h
 $ EXHEADER_TS := ts.h
 $ EXHEADER_JPAKE := jpake.h
+$ EXHEADER_SRP := srp.h
+$!!! EXHEADER_STORE := store.h, str_compat.h
+$ EXHEADER_STORE := store.h
+$ EXHEADER_CMAC := cmac.h
 $!
 $ i = 0
 $ loop_sdirs:
@@ -777,7 +787,7 @@ $!
 $! Copy All The ".H" Files From The [.SSL] Directory.
 $!
 $! (keep these in the same order as ssl/Makefile)
-$ EXHEADER := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h
+$ EXHEADER := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h, srtp.h
 $ copy sys$disk:[.ssl]'exheader' sys$disk:[.include.openssl]
 $!
 $! Purge the [.include.openssl] header files.

diff --git a/deps/openssl/openssl/ms/do_win64a.bat b/deps/openssl/openssl/ms/do_win64a.bat
index 495f1ea..ff8b19c 100755 (executable)
--- a/deps/openssl/openssl/ms/do_win64a.bat
+++ b/deps/openssl/openssl/ms/do_win64a.bat
@@ -1,9 +1,19 @@
-
 perl util\mkfiles.pl >MINFO
-perl ms\uplink.pl win64a > ms\uptable.asm
+
+cmd /c "nasm -f win64 -v" >NUL: 2>&1
+if %errorlevel% neq 0 goto ml64
+
+perl ms\uplink-x86_64.pl nasm > ms\uptable.asm
+nasm -f win64 -o ms\uptable.obj ms\uptable.asm
+goto proceed
+
+:ml64
+perl ms\uplink-x86_64.pl masm > ms\uptable.asm
 ml64 -c -Foms\uptable.obj ms\uptable.asm
-perl util\mk1mf.pl no-asm VC-WIN64A >ms\nt.mak
-perl util\mk1mf.pl dll no-asm VC-WIN64A >ms\ntdll.mak
+
+:proceed
+perl util\mk1mf.pl VC-WIN64A >ms\nt.mak
+perl util\mk1mf.pl dll VC-WIN64A >ms\ntdll.mak
 
 perl util\mkdef.pl 32 libeay > ms\libeay32.def
 perl util\mkdef.pl 32 ssleay > ms\ssleay32.def

diff --git a/deps/openssl/openssl/ms/do_win64i.bat b/deps/openssl/openssl/ms/do_win64i.bat
index 15ebcaa..088f5e1 100755 (executable)
--- a/deps/openssl/openssl/ms/do_win64i.bat
+++ b/deps/openssl/openssl/ms/do_win64i.bat
@@ -1,9 +1,9 @@
 
 perl util\mkfiles.pl >MINFO
-perl ms\uplink.pl win64i > ms\uptable.asm
+perl ms\uplink-ia64.pl > ms\uptable.asm
 ias -o ms\uptable.obj ms\uptable.asm
-perl util\mk1mf.pl no-asm VC-WIN64I >ms\nt.mak
-perl util\mk1mf.pl dll no-asm VC-WIN64I >ms\ntdll.mak
+perl util\mk1mf.pl VC-WIN64I >ms\nt.mak
+perl util\mk1mf.pl dll VC-WIN64I >ms\ntdll.mak
 
 perl util\mkdef.pl 32 libeay > ms\libeay32.def
 perl util\mkdef.pl 32 ssleay > ms\ssleay32.def

diff --git a/deps/openssl/openssl/ms/uplink-common.pl b/deps/openssl/openssl/ms/uplink-common.pl
old mode 100644 (file)
new mode 100755 (executable)

diff --git a/deps/openssl/openssl/ms/uplink-ia64.pl b/deps/openssl/openssl/ms/uplink-ia64.pl
old mode 100644 (file)
new mode 100755 (executable)

diff --git a/deps/openssl/openssl/ms/uplink-x86.pl b/deps/openssl/openssl/ms/uplink-x86.pl
old mode 100644 (file)
new mode 100755 (executable)

diff --git a/deps/openssl/openssl/ms/uplink-x86_64.pl b/deps/openssl/openssl/ms/uplink-x86_64.pl
old mode 100644 (file)
new mode 100755 (executable)
index 9acbf6b..48bf559
--- a/deps/openssl/openssl/ms/uplink-x86_64.pl
+++ b/deps/openssl/openssl/ms/uplink-x86_64.pl
@@ -2,7 +2,8 @@
 
 $output=shift;
 $0 =~ m/(.*[\/\\])[^\/\\]+$/; $dir=$1;
-open STDOUT,"| $^X ${dir}../crypto/perlasm/x86_64-xlate.pl $output";
+open OUT,"| \"$^X\" ${dir}../crypto/perlasm/x86_64-xlate.pl $output";
+*STDOUT=*OUT;
 push(@INC,"${dir}.");
 
 require "uplink-common.pl";

diff --git a/deps/openssl/openssl/ms/uplink.h b/deps/openssl/openssl/ms/uplink.h
index a4a67d3..4881ba7 100644 (file)
--- a/deps/openssl/openssl/ms/uplink.h
+++ b/deps/openssl/openssl/ms/uplink.h
@@ -23,7 +23,7 @@ extern void *OPENSSL_UplinkTable[];
 #define UP_fileno (*(int (*)(void *))OPENSSL_UplinkTable[APPLINK_FILENO])
 
 #define UP_open   (*(int (*)(const char *,int,...))OPENSSL_UplinkTable[APPLINK_OPEN])
-#define UP_read   (*(ssize_t (*)(int,void *,size_t))OPENSSL_UplinkTable[APPLINK_READ])
-#define UP_write  (*(ssize_t (*)(int,const void *,size_t))OPENSSL_UplinkTable[APPLINK_WRITE])
+#define UP_read   (*(ossl_ssize_t (*)(int,void *,size_t))OPENSSL_UplinkTable[APPLINK_READ])
+#define UP_write  (*(ossl_ssize_t (*)(int,const void *,size_t))OPENSSL_UplinkTable[APPLINK_WRITE])
 #define UP_lseek  (*(long (*)(int,long,int))OPENSSL_UplinkTable[APPLINK_LSEEK])
 #define UP_close  (*(int (*)(int))OPENSSL_UplinkTable[APPLINK_CLOSE])

diff --git a/deps/openssl/openssl/openssl.spec b/deps/openssl/openssl/openssl.spec
index 703cea2..8ad98b3 100644 (file)
--- a/deps/openssl/openssl/openssl.spec
+++ b/deps/openssl/openssl/openssl.spec
@@ -1,8 +1,8 @@
 %define _unpackaged_files_terminate_build 0
 %define libmaj 1
 %define libmin 0
-%define librel 0
-%define librev f
+%define librel 1
+%define librev e
 Release: 1
 
 %define openssldir /var/ssl

diff --git a/deps/openssl/openssl/ssl/Makefile b/deps/openssl/openssl/ssl/Makefile
index 2b275fa..debe074 100644 (file)
--- a/deps/openssl/openssl/ssl/Makefile
+++ b/deps/openssl/openssl/ssl/Makefile
@@ -22,30 +22,30 @@ LIB=$(TOP)/libssl.a
 SHARED_LIB= libssl$(SHLIB_EXT)
 LIBSRC=        \
        s2_meth.c   s2_srvr.c s2_clnt.c  s2_lib.c  s2_enc.c s2_pkt.c \
-       s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c \
+       s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c s3_cbc.c \
        s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c          s23_pkt.c \
        t1_meth.c   t1_srvr.c t1_clnt.c  t1_lib.c  t1_enc.c \
        d1_meth.c   d1_srvr.c d1_clnt.c  d1_lib.c  d1_pkt.c \
-       d1_both.c d1_enc.c \
+       d1_both.c d1_enc.c d1_srtp.c \
        ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
        ssl_ciph.c ssl_stat.c ssl_rsa.c \
        ssl_asn1.c ssl_txt.c ssl_algs.c \
-       bio_ssl.c ssl_err.c kssl.c t1_reneg.c
+       bio_ssl.c ssl_err.c kssl.c tls_srp.c t1_reneg.c
 LIBOBJ= \
        s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
-       s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \
+       s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \
        s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o          s23_pkt.o \
        t1_meth.o   t1_srvr.o t1_clnt.o  t1_lib.o  t1_enc.o \
        d1_meth.o   d1_srvr.o d1_clnt.o  d1_lib.o  d1_pkt.o \
-       d1_both.o d1_enc.o \
+       d1_both.o d1_enc.o d1_srtp.o\
        ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
        ssl_ciph.o ssl_stat.o ssl_rsa.o \
        ssl_asn1.o ssl_txt.o ssl_algs.o \
-       bio_ssl.o ssl_err.o kssl.o t1_reneg.o
+       bio_ssl.o ssl_err.o kssl.o tls_srp.o t1_reneg.o
 
 SRC= $(LIBSRC)
 
-EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h kssl.h
+EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h kssl.h srtp.h
 HEADER=        $(EXHEADER) ssl_locl.h kssl_lcl.h
 
 ALL=    $(GENERAL) $(SRC) $(HEADER)
@@ -118,11 +118,11 @@ bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 bio_ssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 bio_ssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
 bio_ssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-bio_ssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-bio_ssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-bio_ssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-bio_ssl.o: ../include/openssl/x509_vfy.h bio_ssl.c
+bio_ssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+bio_ssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+bio_ssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h bio_ssl.c
 d1_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 d1_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 d1_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -137,12 +137,12 @@ d1_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 d1_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 d1_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 d1_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-d1_both.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-d1_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-d1_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_both.c
-d1_both.o: ssl_locl.h
+d1_both.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+d1_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+d1_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+d1_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+d1_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+d1_both.o: ../include/openssl/x509_vfy.h d1_both.c ssl_locl.h
 d1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 d1_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 d1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -159,11 +159,12 @@ d1_clnt.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 d1_clnt.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
 d1_clnt.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 d1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-d1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_clnt.o: ../include/openssl/x509_vfy.h d1_clnt.c kssl_lcl.h ssl_locl.h
+d1_clnt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+d1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+d1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_clnt.c
+d1_clnt.o: kssl_lcl.h ssl_locl.h
 d1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 d1_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 d1_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -179,11 +180,12 @@ d1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 d1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
 d1_enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 d1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-d1_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_enc.o: ../include/openssl/x509_vfy.h d1_enc.c ssl_locl.h
+d1_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+d1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+d1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_enc.c
+d1_enc.o: ssl_locl.h
 d1_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 d1_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 d1_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -198,11 +200,12 @@ d1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 d1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 d1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 d1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-d1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_lib.o: ../include/openssl/x509_vfy.h d1_lib.c ssl_locl.h
+d1_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+d1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+d1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_lib.c
+d1_lib.o: ssl_locl.h
 d1_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 d1_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 d1_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -217,11 +220,12 @@ d1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 d1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 d1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 d1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-d1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_meth.o: ../include/openssl/x509_vfy.h d1_meth.c ssl_locl.h
+d1_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+d1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+d1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_meth.c
+d1_meth.o: ssl_locl.h
 d1_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 d1_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 d1_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -236,12 +240,32 @@ d1_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 d1_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 d1_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 d1_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-d1_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-d1_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-d1_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-d1_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-d1_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_pkt.c
-d1_pkt.o: ssl_locl.h
+d1_pkt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+d1_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+d1_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+d1_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+d1_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+d1_pkt.o: ../include/openssl/x509_vfy.h d1_pkt.c ssl_locl.h
+d1_srtp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+d1_srtp.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+d1_srtp.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+d1_srtp.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+d1_srtp.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+d1_srtp.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+d1_srtp.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+d1_srtp.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+d1_srtp.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+d1_srtp.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+d1_srtp.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
+d1_srtp.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+d1_srtp.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
+d1_srtp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+d1_srtp.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+d1_srtp.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+d1_srtp.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_srtp.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_srtp.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srtp.c
+d1_srtp.o: srtp.h ssl_locl.h
 d1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 d1_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 d1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -258,11 +282,12 @@ d1_srvr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 d1_srvr.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
 d1_srvr.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 d1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-d1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-d1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-d1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-d1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-d1_srvr.o: ../include/openssl/x509_vfy.h d1_srvr.c ssl_locl.h
+d1_srvr.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+d1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+d1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+d1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+d1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h d1_srvr.c
+d1_srvr.o: ssl_locl.h
 kssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 kssl.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 kssl.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
@@ -276,11 +301,12 @@ kssl.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 kssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 kssl.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
 kssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-kssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-kssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-kssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-kssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-kssl.o: ../include/openssl/x509_vfy.h kssl.c kssl_lcl.h
+kssl.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+kssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+kssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+kssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+kssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl.c
+kssl.o: kssl_lcl.h
 s23_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s23_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s23_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -295,12 +321,12 @@ s23_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s23_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 s23_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s23_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_clnt.c
-s23_clnt.o: ssl_locl.h
+s23_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s23_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s23_clnt.o: ../include/openssl/x509_vfy.h s23_clnt.c ssl_locl.h
 s23_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s23_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s23_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -315,11 +341,12 @@ s23_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s23_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 s23_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s23_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s23_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_lib.o: ../include/openssl/x509_vfy.h s23_lib.c ssl_locl.h
+s23_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_lib.c
+s23_lib.o: ssl_locl.h
 s23_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s23_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s23_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -334,11 +361,12 @@ s23_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s23_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 s23_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s23_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s23_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_meth.o: ../include/openssl/x509_vfy.h s23_meth.c ssl_locl.h
+s23_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_meth.c
+s23_meth.o: ssl_locl.h
 s23_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s23_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s23_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -353,11 +381,12 @@ s23_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s23_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 s23_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s23_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s23_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s23_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s23_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s23_pkt.o: ../include/openssl/x509_vfy.h s23_pkt.c ssl_locl.h
+s23_pkt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s23_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s23_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_pkt.c
+s23_pkt.o: ssl_locl.h
 s23_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s23_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s23_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -372,12 +401,12 @@ s23_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s23_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 s23_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s23_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s23_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s23_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s23_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s23_srvr.c
-s23_srvr.o: ssl_locl.h
+s23_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s23_srvr.o: ../include/openssl/x509_vfy.h s23_srvr.c ssl_locl.h
 s2_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -392,12 +421,12 @@ s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s2_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_clnt.c
-s2_clnt.o: ssl_locl.h
+s2_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h
 s2_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s2_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s2_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -412,11 +441,12 @@ s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s2_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_enc.o: ../include/openssl/x509_vfy.h s2_enc.c ssl_locl.h
+s2_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c
+s2_enc.o: ssl_locl.h
 s2_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s2_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s2_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -431,12 +461,12 @@ s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
 s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_lib.c
-s2_lib.o: ssl_locl.h
+s2_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h
 s2_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s2_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s2_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -451,11 +481,12 @@ s2_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s2_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 s2_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_meth.o: ../include/openssl/x509_vfy.h s2_meth.c ssl_locl.h
+s2_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_meth.c
+s2_meth.o: ssl_locl.h
 s2_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s2_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -470,11 +501,12 @@ s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s2_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s2_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s2_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s2_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s2_pkt.o: ../include/openssl/x509_vfy.h s2_pkt.c ssl_locl.h
+s2_pkt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c
+s2_pkt.o: ssl_locl.h
 s2_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -489,12 +521,12 @@ s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s2_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s2_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s2_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s2_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s2_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_srvr.c
-s2_srvr.o: ssl_locl.h
+s2_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h
 s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s3_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -509,12 +541,32 @@ s3_both.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s3_both.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 s3_both.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_both.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_both.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_both.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_both.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_both.c
-s3_both.o: ssl_locl.h
+s3_both.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_both.o: ../include/openssl/x509_vfy.h s3_both.c ssl_locl.h
+s3_cbc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+s3_cbc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
+s3_cbc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
+s3_cbc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h
+s3_cbc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h
+s3_cbc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h
+s3_cbc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+s3_cbc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h
+s3_cbc.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h
+s3_cbc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+s3_cbc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+s3_cbc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+s3_cbc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+s3_cbc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_cbc.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s3_cbc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_cbc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_cbc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_cbc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_cbc.o: ../include/openssl/x509_vfy.h s3_cbc.c ssl_locl.h
 s3_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
 s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -531,12 +583,12 @@ s3_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s3_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 s3_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
-s3_clnt.o: s3_clnt.c ssl_locl.h
+s3_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_clnt.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_clnt.c ssl_locl.h
 s3_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s3_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -551,12 +603,12 @@ s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 s3_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 s3_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
 s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_enc.c
-s3_enc.o: ssl_locl.h
+s3_enc.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s3_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_enc.o: ../include/openssl/x509_vfy.h s3_enc.c ssl_locl.h
 s3_lib.o: ../crypto/ec/ec_lcl.h ../e_os.h ../include/openssl/asn1.h
 s3_lib.o: ../include/openssl/bio.h ../include/openssl/bn.h
 s3_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
@@ -573,11 +625,12 @@ s3_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s3_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 s3_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_lib.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_lib.c ssl_locl.h
+s3_lib.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
+s3_lib.o: s3_lib.c ssl_locl.h
 s3_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s3_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -592,11 +645,12 @@ s3_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s3_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 s3_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-s3_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-s3_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-s3_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-s3_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-s3_meth.o: ../include/openssl/x509_vfy.h s3_meth.c ssl_locl.h
+s3_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+s3_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+s3_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s3_meth.c
+s3_meth.o: ssl_locl.h
 s3_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 s3_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 s3_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -609,8 +663,9 @@ s3_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
 s3_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 s3_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-s3_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-s3_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+s3_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+s3_pkt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
 s3_pkt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 s3_pkt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 s3_pkt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -632,12 +687,12 @@ s3_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 s3_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 s3_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-s3_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-s3_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-s3_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-s3_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h kssl_lcl.h
-s3_srvr.o: s3_srvr.c ssl_locl.h
+s3_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+s3_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+s3_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+s3_srvr.o: ../include/openssl/x509_vfy.h kssl_lcl.h s3_srvr.c ssl_locl.h
 ssl_algs.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 ssl_algs.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -652,11 +707,12 @@ ssl_algs.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ssl_algs.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 ssl_algs.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_algs.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_algs.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_algs.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_algs.o: ../include/openssl/x509_vfy.h ssl_algs.c ssl_locl.h
+ssl_algs.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_algs.c
+ssl_algs.o: ssl_locl.h
 ssl_asn1.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
 ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/buffer.h
 ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h
@@ -671,12 +727,12 @@ ssl_asn1.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
 ssl_asn1.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_asn1.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_asn1.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_asn1.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_asn1.c
-ssl_asn1.o: ssl_locl.h
+ssl_asn1.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_asn1.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_asn1.o: ../include/openssl/x509_vfy.h ssl_asn1.c ssl_locl.h
 ssl_cert.o: ../crypto/o_dir.h ../e_os.h ../include/openssl/asn1.h
 ssl_cert.o: ../include/openssl/bio.h ../include/openssl/bn.h
 ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/comp.h
@@ -693,12 +749,12 @@ ssl_cert.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ssl_cert.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_cert.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_cert.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
-ssl_cert.o: ssl_cert.c ssl_locl.h
+ssl_cert.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+ssl_cert.o: ../include/openssl/x509v3.h ssl_cert.c ssl_locl.h
 ssl_ciph.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 ssl_ciph.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -713,12 +769,12 @@ ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ssl_ciph.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ssl_ciph.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
 ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_ciph.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_ciph.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_ciph.c
-ssl_ciph.o: ssl_locl.h
+ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+ssl_ciph.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_ciph.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_ciph.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_ciph.o: ../include/openssl/x509_vfy.h ssl_ciph.c ssl_locl.h
 ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_err.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 ssl_err.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
@@ -732,11 +788,11 @@ ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ssl_err.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ssl_err.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
 ssl_err.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_err.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_err.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_err.o: ../include/openssl/x509_vfy.h ssl_err.c
+ssl_err.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_err.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_err.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err.c
 ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_err2.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 ssl_err2.o: ../include/openssl/crypto.h ../include/openssl/dtls1.h
@@ -750,11 +806,11 @@ ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 ssl_err2.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ssl_err2.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
 ssl_err2.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_err2.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_err2.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_err2.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_err2.o: ../include/openssl/x509_vfy.h ssl_err2.c
+ssl_err2.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_err2.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_err2.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_err2.c
 ssl_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 ssl_lib.o: ../include/openssl/conf.h ../include/openssl/crypto.h
@@ -771,12 +827,13 @@ ssl_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ssl_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
-ssl_lib.o: ../include/openssl/x509v3.h kssl_lcl.h ssl_lib.c ssl_locl.h
+ssl_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h kssl_lcl.h
+ssl_lib.o: ssl_lib.c ssl_locl.h
 ssl_rsa.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 ssl_rsa.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -791,11 +848,12 @@ ssl_rsa.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ssl_rsa.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 ssl_rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_rsa.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_rsa.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_rsa.c
+ssl_rsa.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_rsa.o: ssl_rsa.c
 ssl_sess.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -811,11 +869,12 @@ ssl_sess.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 ssl_sess.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
 ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rsa.h
 ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_sess.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_sess.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_sess.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_sess.c
+ssl_sess.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_sess.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_sess.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_sess.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_sess.o: ssl_sess.c
 ssl_stat.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 ssl_stat.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -830,11 +889,12 @@ ssl_stat.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ssl_stat.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 ssl_stat.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_stat.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_stat.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_stat.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_stat.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_stat.c
+ssl_stat.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_stat.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_stat.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_stat.o: ssl_stat.c
 ssl_txt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 ssl_txt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -849,11 +909,12 @@ ssl_txt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 ssl_txt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 ssl_txt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-ssl_txt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-ssl_txt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-ssl_txt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-ssl_txt.o: ../include/openssl/x509_vfy.h ssl_locl.h ssl_txt.c
+ssl_txt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ssl_txt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ssl_txt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+ssl_txt.o: ssl_txt.c
 t1_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 t1_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -868,12 +929,12 @@ t1_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 t1_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 t1_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_clnt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-t1_clnt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_clnt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_clnt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_clnt.o: t1_clnt.c
+t1_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_clnt.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_clnt.c
 t1_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 t1_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 t1_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -887,8 +948,9 @@ t1_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
 t1_enc.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
 t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
 t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
-t1_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+t1_enc.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
 t1_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
 t1_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
 t1_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
@@ -907,8 +969,9 @@ t1_lib.o: ../include/openssl/objects.h ../include/openssl/ocsp.h
 t1_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
 t1_lib.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
-t1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
-t1_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+t1_lib.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
+t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+t1_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h
 t1_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
 t1_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
 t1_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
@@ -929,11 +992,12 @@ t1_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 t1_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 t1_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_meth.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_meth.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_meth.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_meth.c
+t1_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_meth.o: t1_meth.c
 t1_reneg.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 t1_reneg.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 t1_reneg.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -948,11 +1012,12 @@ t1_reneg.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 t1_reneg.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 t1_reneg.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h
 t1_reneg.o: ../include/openssl/safestack.h ../include/openssl/sha.h
-t1_reneg.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
-t1_reneg.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
-t1_reneg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
-t1_reneg.o: ../include/openssl/tls1.h ../include/openssl/x509.h
-t1_reneg.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_reneg.c
+t1_reneg.o: ../include/openssl/srtp.h ../include/openssl/ssl.h
+t1_reneg.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+t1_reneg.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+t1_reneg.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+t1_reneg.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+t1_reneg.o: t1_reneg.c
 t1_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
 t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h
 t1_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h
@@ -967,9 +1032,30 @@ t1_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h
 t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
 t1_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h
 t1_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
-t1_srvr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
-t1_srvr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
-t1_srvr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
-t1_srvr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
-t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
-t1_srvr.o: t1_srvr.c
+t1_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h
+t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+t1_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+t1_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+t1_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h t1_srvr.c
+tls_srp.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+tls_srp.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+tls_srp.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+tls_srp.o: ../include/openssl/dsa.h ../include/openssl/dtls1.h
+tls_srp.o: ../include/openssl/e_os2.h ../include/openssl/ec.h
+tls_srp.o: ../include/openssl/ecdh.h ../include/openssl/ecdsa.h
+tls_srp.o: ../include/openssl/err.h ../include/openssl/evp.h
+tls_srp.o: ../include/openssl/hmac.h ../include/openssl/kssl.h
+tls_srp.o: ../include/openssl/lhash.h ../include/openssl/obj_mac.h
+tls_srp.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+tls_srp.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h
+tls_srp.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+tls_srp.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h
+tls_srp.o: ../include/openssl/rand.h ../include/openssl/rsa.h
+tls_srp.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+tls_srp.o: ../include/openssl/srp.h ../include/openssl/srtp.h
+tls_srp.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+tls_srp.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+tls_srp.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+tls_srp.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+tls_srp.o: ../include/openssl/x509_vfy.h ssl_locl.h tls_srp.c

diff --git a/deps/openssl/openssl/ssl/d1_both.c b/deps/openssl/openssl/ssl/d1_both.c
index 9f898d6..de8bab8 100644 (file)
--- a/deps/openssl/openssl/ssl/d1_both.c
+++ b/deps/openssl/openssl/ssl/d1_both.c
@@ -227,14 +227,14 @@ int dtls1_do_write(SSL *s, int type)
        unsigned int len, frag_off, mac_size, blocksize;
 
        /* AHA!  Figure out the MTU, and stick to the right size */
-       if ( ! (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
+       if (s->d1->mtu < dtls1_min_mtu() && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU))
                {
                s->d1->mtu = 
                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
 
                /* I've seen the kernel return bogus numbers when it doesn't know
                 * (initial write), so just make sure we have a reasonable number */
-               if ( s->d1->mtu < dtls1_min_mtu())
+               if (s->d1->mtu < dtls1_min_mtu())
                        {
                        s->d1->mtu = 0;
                        s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
@@ -1084,7 +1084,11 @@ int dtls1_read_failed(SSL *s, int code)
                return code;
                }
 
-       if ( ! SSL_in_init(s))  /* done, no need to send a retransmit */
+#ifndef OPENSSL_NO_HEARTBEATS
+       if (!SSL_in_init(s) && !s->tlsext_hb_pending)  /* done, no need to send a retransmit */
+#else
+       if (!SSL_in_init(s))  /* done, no need to send a retransmit */
+#endif
                {
                BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
                return code;
@@ -1417,3 +1421,171 @@ dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr)
 
        ccs_hdr->type = *(data++);
        }
+
+int dtls1_shutdown(SSL *s)
+       {
+       int ret;
+#ifndef OPENSSL_NO_SCTP
+       if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
+           !(s->shutdown & SSL_SENT_SHUTDOWN))
+               {
+               ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+               if (ret < 0) return -1;
+
+               if (ret == 0)
+                       BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1, NULL);
+               }
+#endif
+       ret = ssl3_shutdown(s);
+#ifndef OPENSSL_NO_SCTP
+       BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
+#endif
+       return ret;
+       }
+
+#ifndef OPENSSL_NO_HEARTBEATS
+int
+dtls1_process_heartbeat(SSL *s)
+       {
+       unsigned char *p = &s->s3->rrec.data[0], *pl;
+       unsigned short hbtype;
+       unsigned int payload;
+       unsigned int padding = 16; /* Use minimum padding */
+
+       /* Read type and payload length first */
+       hbtype = *p++;
+       n2s(p, payload);
+       pl = p;
+
+       if (s->msg_callback)
+               s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+                       &s->s3->rrec.data[0], s->s3->rrec.length,
+                       s, s->msg_callback_arg);
+
+       if (hbtype == TLS1_HB_REQUEST)
+               {
+               unsigned char *buffer, *bp;
+               int r;
+
+               /* Allocate memory for the response, size is 1 byte
+                * message type, plus 2 bytes payload length, plus
+                * payload, plus padding
+                */
+               buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+               bp = buffer;
+
+               /* Enter response type, length and copy payload */
+               *bp++ = TLS1_HB_RESPONSE;
+               s2n(payload, bp);
+               memcpy(bp, pl, payload);
+               bp += payload;
+               /* Random padding */
+               RAND_pseudo_bytes(bp, padding);
+
+               r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
+
+               if (r >= 0 && s->msg_callback)
+                       s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+                               buffer, 3 + payload + padding,
+                               s, s->msg_callback_arg);
+
+               OPENSSL_free(buffer);
+
+               if (r < 0)
+                       return r;
+               }
+       else if (hbtype == TLS1_HB_RESPONSE)
+               {
+               unsigned int seq;
+
+               /* We only send sequence numbers (2 bytes unsigned int),
+                * and 16 random bytes, so we just try to read the
+                * sequence number */
+               n2s(pl, seq);
+
+               if (payload == 18 && seq == s->tlsext_hb_seq)
+                       {
+                       dtls1_stop_timer(s);
+                       s->tlsext_hb_seq++;
+                       s->tlsext_hb_pending = 0;
+                       }
+               }
+
+       return 0;
+       }
+
+int
+dtls1_heartbeat(SSL *s)
+       {
+       unsigned char *buf, *p;
+       int ret;
+       unsigned int payload = 18; /* Sequence number + random bytes */
+       unsigned int padding = 16; /* Use minimum padding */
+
+       /* Only send if peer supports and accepts HB requests... */
+       if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
+           s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS)
+               {
+               SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
+               return -1;
+               }
+
+       /* ...and there is none in flight yet... */
+       if (s->tlsext_hb_pending)
+               {
+               SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PENDING);
+               return -1;
+               }
+
+       /* ...and no handshake in progress. */
+       if (SSL_in_init(s) || s->in_handshake)
+               {
+               SSLerr(SSL_F_DTLS1_HEARTBEAT,SSL_R_UNEXPECTED_MESSAGE);
+               return -1;
+               }
+
+       /* Check if padding is too long, payload and padding
+        * must not exceed 2^14 - 3 = 16381 bytes in total.
+        */
+       OPENSSL_assert(payload + padding <= 16381);
+
+       /* Create HeartBeat message, we just use a sequence number
+        * as payload to distuingish different messages and add
+        * some random stuff.
+        *  - Message Type, 1 byte
+        *  - Payload Length, 2 bytes (unsigned int)
+        *  - Payload, the sequence number (2 bytes uint)
+        *  - Payload, random bytes (16 bytes uint)
+        *  - Padding
+        */
+       buf = OPENSSL_malloc(1 + 2 + payload + padding);
+       p = buf;
+       /* Message Type */
+       *p++ = TLS1_HB_REQUEST;
+       /* Payload length (18 bytes here) */
+       s2n(payload, p);
+       /* Sequence number */
+       s2n(s->tlsext_hb_seq, p);
+       /* 16 random bytes */
+       RAND_pseudo_bytes(p, 16);
+       p += 16;
+       /* Random padding */
+       RAND_pseudo_bytes(p, padding);
+
+       ret = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
+       if (ret >= 0)
+               {
+               if (s->msg_callback)
+                       s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+                               buf, 3 + payload + padding,
+                               s, s->msg_callback_arg);
+
+               dtls1_start_timer(s);
+               s->tlsext_hb_pending = 1;
+               }
+
+       OPENSSL_free(buf);
+
+       return ret;
+       }
+#endif

diff --git a/deps/openssl/openssl/ssl/d1_clnt.c b/deps/openssl/openssl/ssl/d1_clnt.c
index 5776671..a6ed09c 100644 (file)
--- a/deps/openssl/openssl/ssl/d1_clnt.c
+++ b/deps/openssl/openssl/ssl/d1_clnt.c
@@ -150,7 +150,11 @@ int dtls1_connect(SSL *s)
        unsigned long Time=(unsigned long)time(NULL);
        void (*cb)(const SSL *ssl,int type,int val)=NULL;
        int ret= -1;
-       int new_state,state,skip=0;;
+       int new_state,state,skip=0;
+#ifndef OPENSSL_NO_SCTP
+       unsigned char sctpauthkey[64];
+       char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+#endif
 
        RAND_add(&Time,sizeof(Time),0);
        ERR_clear_error();
@@ -164,6 +168,27 @@ int dtls1_connect(SSL *s)
        s->in_handshake++;
        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
 
+#ifndef OPENSSL_NO_SCTP
+       /* Notify SCTP BIO socket to enter handshake
+        * mode and prevent stream identifier other
+        * than 0. Will be ignored if no SCTP is used.
+        */
+       BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
+#endif
+
+#ifndef OPENSSL_NO_HEARTBEATS
+       /* If we're awaiting a HeartbeatResponse, pretend we
+        * already got and don't await it anymore, because
+        * Heartbeats don't make sense during handshakes anyway.
+        */
+       if (s->tlsext_hb_pending)
+               {
+               dtls1_stop_timer(s);
+               s->tlsext_hb_pending = 0;
+               s->tlsext_hb_seq++;
+               }
+#endif
+
        for (;;)
                {
                state=s->state;
@@ -171,7 +196,7 @@ int dtls1_connect(SSL *s)
                switch(s->state)
                        {
                case SSL_ST_RENEGOTIATE:
-                       s->new_session=1;
+                       s->renegotiate=1;
                        s->state=SSL_ST_CONNECT;
                        s->ctx->stats.sess_connect_renegotiate++;
                        /* break */
@@ -226,6 +251,42 @@ int dtls1_connect(SSL *s)
                        s->hit = 0;
                        break;
 
+#ifndef OPENSSL_NO_SCTP
+               case DTLS1_SCTP_ST_CR_READ_SOCK:
+
+                       if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
+                       {
+                               s->s3->in_read_app_data=2;
+                               s->rwstate=SSL_READING;
+                               BIO_clear_retry_flags(SSL_get_rbio(s));
+                               BIO_set_retry_read(SSL_get_rbio(s));
+                               ret = -1;
+                               goto end;
+                       }
+
+                       s->state=s->s3->tmp.next_state;
+                       break;
+
+               case DTLS1_SCTP_ST_CW_WRITE_SOCK:
+                       /* read app data until dry event */
+
+                       ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+                       if (ret < 0) goto end;
+
+                       if (ret == 0)
+                       {
+                               s->s3->in_read_app_data=2;
+                               s->rwstate=SSL_READING;
+                               BIO_clear_retry_flags(SSL_get_rbio(s));
+                               BIO_set_retry_read(SSL_get_rbio(s));
+                               ret = -1;
+                               goto end;
+                       }
+
+                       s->state=s->d1->next_state;
+                       break;
+#endif
+
                case SSL3_ST_CW_CLNT_HELLO_A:
                case SSL3_ST_CW_CLNT_HELLO_B:
 
@@ -248,9 +309,17 @@ int dtls1_connect(SSL *s)
 
                        s->init_num=0;
 
-                       /* turn on buffering for the next lot of output */
-                       if (s->bbio != s->wbio)
-                               s->wbio=BIO_push(s->bbio,s->wbio);
+#ifndef OPENSSL_NO_SCTP
+                       /* Disable buffering for SCTP */
+                       if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
+                               {
+#endif
+                               /* turn on buffering for the next lot of output */
+                               if (s->bbio != s->wbio)
+                                       s->wbio=BIO_push(s->bbio,s->wbio);
+#ifndef OPENSSL_NO_SCTP
+                               }
+#endif
 
                        break;
 
@@ -260,9 +329,25 @@ int dtls1_connect(SSL *s)
                        if (ret <= 0) goto end;
                        else
                                {
-                               dtls1_stop_timer(s);
                                if (s->hit)
+                                       {
+#ifndef OPENSSL_NO_SCTP
+                                       /* Add new shared key for SCTP-Auth,
+                                        * will be ignored if no SCTP used.
+                                        */
+                                       snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
+                                                DTLS1_SCTP_AUTH_LABEL);
+
+                                       SSL_export_keying_material(s, sctpauthkey,
+                                                                  sizeof(sctpauthkey), labelbuffer,
+                                                                  sizeof(labelbuffer), NULL, 0, 0);
+
+                                       BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                                                        sizeof(sctpauthkey), sctpauthkey);
+#endif
+
                                        s->state=SSL3_ST_CR_FINISHED_A;
+                                       }
                                else
                                        s->state=DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
                                }
@@ -354,12 +439,20 @@ int dtls1_connect(SSL *s)
                case SSL3_ST_CR_SRVR_DONE_B:
                        ret=ssl3_get_server_done(s);
                        if (ret <= 0) goto end;
+                       dtls1_stop_timer(s);
                        if (s->s3->tmp.cert_req)
-                               s->state=SSL3_ST_CW_CERT_A;
+                               s->s3->tmp.next_state=SSL3_ST_CW_CERT_A;
                        else
-                               s->state=SSL3_ST_CW_KEY_EXCH_A;
+                               s->s3->tmp.next_state=SSL3_ST_CW_KEY_EXCH_A;
                        s->init_num=0;
 
+#ifndef OPENSSL_NO_SCTP                        
+                       if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
+                           state == SSL_ST_RENEGOTIATE)
+                               s->state=DTLS1_SCTP_ST_CR_READ_SOCK;
+                       else
+#endif                 
+                       s->state=s->s3->tmp.next_state;
                        break;
 
                case SSL3_ST_CW_CERT_A:
@@ -378,6 +471,22 @@ int dtls1_connect(SSL *s)
                        dtls1_start_timer(s);
                        ret=dtls1_send_client_key_exchange(s);
                        if (ret <= 0) goto end;
+
+#ifndef OPENSSL_NO_SCTP
+                       /* Add new shared key for SCTP-Auth,
+                        * will be ignored if no SCTP used.
+                        */
+                       snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
+                                DTLS1_SCTP_AUTH_LABEL);
+
+                       SSL_export_keying_material(s, sctpauthkey,
+                                                  sizeof(sctpauthkey), labelbuffer,
+                                                  sizeof(labelbuffer), NULL, 0, 0);
+
+                       BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                                        sizeof(sctpauthkey), sctpauthkey);
+#endif
+
                        /* EAY EAY EAY need to check for DH fix cert
                         * sent back */
                        /* For TLS, cert_req is set to 2, so a cert chain
@@ -388,7 +497,15 @@ int dtls1_connect(SSL *s)
                                }
                        else
                                {
-                               s->state=SSL3_ST_CW_CHANGE_A;
+#ifndef OPENSSL_NO_SCTP
+                               if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
+                                       {
+                                       s->d1->next_state=SSL3_ST_CW_CHANGE_A;
+                                       s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
+                                       }
+                               else
+#endif
+                                       s->state=SSL3_ST_CW_CHANGE_A;
                                s->s3->change_cipher_spec=0;
                                }
 
@@ -400,7 +517,15 @@ int dtls1_connect(SSL *s)
                        dtls1_start_timer(s);
                        ret=dtls1_send_client_verify(s);
                        if (ret <= 0) goto end;
-                       s->state=SSL3_ST_CW_CHANGE_A;
+#ifndef OPENSSL_NO_SCTP
+                       if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
+                       {
+                               s->d1->next_state=SSL3_ST_CW_CHANGE_A;
+                               s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
+                       }
+                       else
+#endif
+                               s->state=SSL3_ST_CW_CHANGE_A;
                        s->init_num=0;
                        s->s3->change_cipher_spec=0;
                        break;
@@ -412,6 +537,14 @@ int dtls1_connect(SSL *s)
                        ret=dtls1_send_change_cipher_spec(s,
                                SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
                        if (ret <= 0) goto end;
+
+#ifndef OPENSSL_NO_SCTP
+                       /* Change to new shared key of SCTP-Auth,
+                        * will be ignored if no SCTP used.
+                        */
+                       BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+
                        s->state=SSL3_ST_CW_FINISHED_A;
                        s->init_num=0;
 
@@ -457,9 +590,23 @@ int dtls1_connect(SSL *s)
                        if (s->hit)
                                {
                                s->s3->tmp.next_state=SSL_ST_OK;
+#ifndef OPENSSL_NO_SCTP
+                               if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
+                                       {
+                                               s->d1->next_state = s->s3->tmp.next_state;
+                                               s->s3->tmp.next_state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
+                                       }
+#endif
                                if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
                                        {
                                        s->state=SSL_ST_OK;
+#ifndef OPENSSL_NO_SCTP
+                                       if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
+                                               {
+                                                       s->d1->next_state = SSL_ST_OK;
+                                                       s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
+                                               }
+#endif
                                        s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
                                        s->s3->delay_buf_pop_ret=0;
                                        }
@@ -508,6 +655,16 @@ int dtls1_connect(SSL *s)
                                s->state=SSL3_ST_CW_CHANGE_A;
                        else
                                s->state=SSL_ST_OK;
+
+#ifndef OPENSSL_NO_SCTP
+                       if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
+                               state == SSL_ST_RENEGOTIATE)
+                               {
+                               s->d1->next_state=s->state;
+                               s->state=DTLS1_SCTP_ST_CW_WRITE_SOCK;
+                               }
+#endif
+
                        s->init_num=0;
                        break;
 
@@ -515,6 +672,13 @@ int dtls1_connect(SSL *s)
                        s->rwstate=SSL_WRITING;
                        if (BIO_flush(s->wbio) <= 0)
                                {
+                               /* If the write error was fatal, stop trying */
+                               if (!BIO_should_retry(s->wbio))
+                                       {
+                                       s->rwstate=SSL_NOTHING;
+                                       s->state=s->s3->tmp.next_state;
+                                       }
+                               
                                ret= -1;
                                goto end;
                                }
@@ -541,6 +705,7 @@ int dtls1_connect(SSL *s)
                        /* else do it later in ssl3_write */
 
                        s->init_num=0;
+                       s->renegotiate=0;
                        s->new_session=0;
 
                        ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
@@ -587,6 +752,15 @@ int dtls1_connect(SSL *s)
                }
 end:
        s->in_handshake--;
+       
+#ifndef OPENSSL_NO_SCTP
+       /* Notify SCTP BIO socket to leave handshake
+        * mode and allow stream identifier other
+        * than 0. Will be ignored if no SCTP is used.
+        */
+       BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
+#endif
+
        if (buf != NULL)
                BUF_MEM_free(buf);
        if (cb != NULL)
@@ -615,12 +789,6 @@ int dtls1_client_hello(SSL *s)
 #endif
                        (s->session->not_resumable))
                        {
-                       if (!s->session_creation_enabled)
-                               {
-                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-                               SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-                               goto err;
-                               }
                        if (!ssl_get_new_session(s,0))
                                goto err;
                        }

diff --git a/deps/openssl/openssl/ssl/d1_enc.c b/deps/openssl/openssl/ssl/d1_enc.c
index becbab9..712c464 100644 (file)
--- a/deps/openssl/openssl/ssl/d1_enc.c
+++ b/deps/openssl/openssl/ssl/d1_enc.c
@@ -126,20 +126,28 @@
 #include <openssl/des.h>
 #endif
 
+/* dtls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ *       an internal error occured. */
 int dtls1_enc(SSL *s, int send)
        {
        SSL3_RECORD *rec;
        EVP_CIPHER_CTX *ds;
        unsigned long l;
-       int bs,i,ii,j,k,n=0;
+       int bs,i,j,k,mac_size=0;
        const EVP_CIPHER *enc;
 
        if (send)
                {
                if (EVP_MD_CTX_md(s->write_hash))
                        {
-                       n=EVP_MD_CTX_size(s->write_hash);
-                       if (n < 0)
+                       mac_size=EVP_MD_CTX_size(s->write_hash);
+                       if (mac_size < 0)
                                return -1;
                        }
                ds=s->enc_write_ctx;
@@ -164,9 +172,8 @@ int dtls1_enc(SSL *s, int send)
                {
                if (EVP_MD_CTX_md(s->read_hash))
                        {
-                       n=EVP_MD_CTX_size(s->read_hash);
-                       if (n < 0)
-                               return -1;
+                       mac_size=EVP_MD_CTX_size(s->read_hash);
+                       OPENSSL_assert(mac_size >= 0);
                        }
                ds=s->enc_read_ctx;
                rec= &(s->s3->rrec);
@@ -231,7 +238,7 @@ int dtls1_enc(SSL *s, int send)
                if (!send)
                        {
                        if (l == 0 || l%bs != 0)
-                               return -1;
+                               return 0;
                        }
                
                EVP_Cipher(ds,rec->data,rec->input,l);
@@ -246,43 +253,7 @@ int dtls1_enc(SSL *s, int send)
 #endif /* KSSL_DEBUG */
 
                if ((bs != 1) && !send)
-                       {
-                       ii=i=rec->data[l-1]; /* padding_length */
-                       i++;
-                       if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
-                               {
-                               /* First packet is even in size, so check */
-                               if ((memcmp(s->s3->read_sequence,
-                                       "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
-                                       s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
-                               if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
-                                       i--;
-                               }
-                       /* TLS 1.0 does not bound the number of padding bytes by the block size.
-                        * All of them must have value 'padding_length'. */
-                       if (i > (int)rec->length)
-                               {
-                               /* Incorrect padding. SSLerr() and ssl3_alert are done
-                                * by caller: we don't want to reveal whether this is
-                                * a decryption error or a MAC verification failure
-                                * (see http://www.openssl.org/~bodo/tls-cbc.txt) 
-                                */
-                               return -1;
-                               }
-                       for (j=(int)(l-i); j<(int)l; j++)
-                               {
-                               if (rec->data[j] != ii)
-                                       {
-                                       /* Incorrect padding */
-                                       return -1;
-                                       }
-                               }
-                       rec->length-=i;
-
-                       rec->data += bs;    /* skip the implicit IV */
-                       rec->input += bs;
-                       rec->length -= bs;
-                       }
+                       return tls1_cbc_remove_padding(s, rec, bs, mac_size);
                }
        return(1);
        }

diff --git a/deps/openssl/openssl/ssl/d1_lib.c b/deps/openssl/openssl/ssl/d1_lib.c
index a94290a..f61f718 100644 (file)
--- a/deps/openssl/openssl/ssl/d1_lib.c
+++ b/deps/openssl/openssl/ssl/d1_lib.c
@@ -292,6 +292,15 @@ const SSL_CIPHER *dtls1_get_cipher(unsigned int u)
 
 void dtls1_start_timer(SSL *s)
        {
+#ifndef OPENSSL_NO_SCTP
+       /* Disable timer for SCTP */
+       if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
+               {
+               memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
+               return;
+               }
+#endif
+
        /* If timer is not set, initialize duration with 1 second */
        if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0)
                {
@@ -382,6 +391,7 @@ void dtls1_double_timeout(SSL *s)
 void dtls1_stop_timer(SSL *s)
        {
        /* Reset everything */
+       memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
        memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
        s->d1->timeout_duration = 1;
        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
@@ -389,10 +399,28 @@ void dtls1_stop_timer(SSL *s)
        dtls1_clear_record_buffer(s);
        }
 
-int dtls1_handle_timeout(SSL *s)
+int dtls1_check_timeout_num(SSL *s)
        {
-       DTLS1_STATE *state;
+       s->d1->timeout.num_alerts++;
+
+       /* Reduce MTU after 2 unsuccessful retransmissions */
+       if (s->d1->timeout.num_alerts > 2)
+               {
+               s->d1->mtu = BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);               
+               }
 
+       if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
+               {
+               /* fail the connection, enough alerts have been sent */
+               SSLerr(SSL_F_DTLS1_CHECK_TIMEOUT_NUM,SSL_R_READ_TIMEOUT_EXPIRED);
+               return -1;
+               }
+
+       return 0;
+       }
+
+int dtls1_handle_timeout(SSL *s)
+       {
        /* if no timer is expired, don't do anything */
        if (!dtls1_is_timer_expired(s))
                {
@@ -400,20 +428,23 @@ int dtls1_handle_timeout(SSL *s)
                }
 
        dtls1_double_timeout(s);
-       state = s->d1;
-       state->timeout.num_alerts++;
-       if ( state->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT)
-               {
-               /* fail the connection, enough alerts have been sent */
-               SSLerr(SSL_F_DTLS1_HANDLE_TIMEOUT,SSL_R_READ_TIMEOUT_EXPIRED);
+
+       if (dtls1_check_timeout_num(s) < 0)
                return -1;
+
+       s->d1->timeout.read_timeouts++;
+       if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
+               {
+               s->d1->timeout.read_timeouts = 1;
                }
 
-       state->timeout.read_timeouts++;
-       if ( state->timeout.read_timeouts > DTLS1_TMO_READ_COUNT)
+#ifndef OPENSSL_NO_HEARTBEATS
+       if (s->tlsext_hb_pending)
                {
-               state->timeout.read_timeouts = 1;
+               s->tlsext_hb_pending = 0;
+               return dtls1_heartbeat(s);
                }
+#endif
 
        dtls1_start_timer(s);
        return dtls1_retransmit_buffered_messages(s);

diff --git a/deps/openssl/openssl/ssl/d1_pkt.c b/deps/openssl/openssl/ssl/d1_pkt.c
index 3927dad..0bf87be 100644 (file)
--- a/deps/openssl/openssl/ssl/d1_pkt.c
+++ b/deps/openssl/openssl/ssl/d1_pkt.c
@@ -179,7 +179,6 @@ static int dtls1_record_needs_buffering(SSL *s, SSL3_RECORD *rr,
 static int dtls1_buffer_record(SSL *s, record_pqueue *q,
        unsigned char *priority);
 static int dtls1_process_record(SSL *s);
-static void dtls1_clear_timeouts(SSL *s);
 
 /* copy buffered record into SSL structure */
 static int
@@ -232,6 +231,14 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
 
        item->data = rdata;
 
+#ifndef OPENSSL_NO_SCTP
+       /* Store bio_dgram_sctp_rcvinfo struct */
+       if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+           (s->state == SSL3_ST_SR_FINISHED_A || s->state == SSL3_ST_CR_FINISHED_A)) {
+               BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
+       }
+#endif
+
        /* insert should not fail, since duplicates are dropped */
        if (pqueue_insert(queue->q, item) == NULL)
                {
@@ -369,14 +376,11 @@ static int
 dtls1_process_record(SSL *s)
 {
        int i,al;
-       int clear=0;
        int enc_err;
        SSL_SESSION *sess;
        SSL3_RECORD *rr;
-       unsigned int mac_size;
+       unsigned int mac_size, orig_len;
        unsigned char md[EVP_MAX_MD_SIZE];
-       int decryption_failed_or_bad_record_mac = 0;
-
 
        rr= &(s->s3->rrec);
        sess = s->session;
@@ -408,12 +412,16 @@ dtls1_process_record(SSL *s)
        rr->data=rr->input;
 
        enc_err = s->method->ssl3_enc->enc(s,0);
-       if (enc_err <= 0)
+       /* enc_err is:
+        *    0: (in non-constant time) if the record is publically invalid.
+        *    1: if the padding is valid
+        *    -1: if the padding is invalid */
+       if (enc_err == 0)
                {
-               /* To minimize information leaked via timing, we will always
-                * perform all computations before discarding the message.
-                */
-               decryption_failed_or_bad_record_mac = 1;
+               /* For DTLS we simply ignore bad packets. */
+               rr->length = 0;
+               s->packet_length = 0;
+               goto err;
                }
 
 #ifdef TLS_DEBUG
@@ -423,49 +431,62 @@ printf("\n");
 #endif
 
        /* r->length is now the compressed data plus mac */
-       if (    (sess == NULL) ||
-               (s->enc_read_ctx == NULL) ||
-               (s->read_hash == NULL))
-               clear=1;
-
-       if (!clear)
+       if ((sess != NULL) &&
+           (s->enc_read_ctx != NULL) &&
+           (EVP_MD_CTX_md(s->read_hash) != NULL))
                {
-               /* !clear => s->read_hash != NULL => mac_size != -1 */
-               int t;
-               t=EVP_MD_CTX_size(s->read_hash);
-               OPENSSL_assert(t >= 0);
-               mac_size=t;
-
-               if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
-                       {
-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
-                       al=SSL_AD_RECORD_OVERFLOW;
-                       SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
-                       goto f_err;
-#else
-                       decryption_failed_or_bad_record_mac = 1;
-#endif                 
-                       }
-               /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
-               if (rr->length < mac_size)
+               /* s->read_hash != NULL => mac_size != -1 */
+               unsigned char *mac = NULL;
+               unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+               mac_size=EVP_MD_CTX_size(s->read_hash);
+               OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
+
+               /* kludge: *_cbc_remove_padding passes padding length in rr->type */
+               orig_len = rr->length+((unsigned int)rr->type>>8);
+
+               /* orig_len is the length of the record before any padding was
+                * removed. This is public information, as is the MAC in use,
+                * therefore we can safely process the record in a different
+                * amount of time if it's too short to possibly contain a MAC.
+                */
+               if (orig_len < mac_size ||
+                   /* CBC records must have a padding length byte too. */
+                   (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+                    orig_len < mac_size+1))
                        {
-#if 0 /* OK only for stream ciphers */
                        al=SSL_AD_DECODE_ERROR;
                        SSLerr(SSL_F_DTLS1_PROCESS_RECORD,SSL_R_LENGTH_TOO_SHORT);
                        goto f_err;
-#else
-                       decryption_failed_or_bad_record_mac = 1;
-#endif
                        }
-               rr->length-=mac_size;
-               i=s->method->ssl3_enc->mac(s,md,0);
-               if (i < 0 || memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+
+               if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
                        {
-                       decryption_failed_or_bad_record_mac = 1;
+                       /* We update the length so that the TLS header bytes
+                        * can be constructed correctly but we need to extract
+                        * the MAC in constant time from within the record,
+                        * without leaking the contents of the padding bytes.
+                        * */
+                       mac = mac_tmp;
+                       ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
+                       rr->length -= mac_size;
                        }
+               else
+                       {
+                       /* In this case there's no padding, so |orig_len|
+                        * equals |rec->length| and we checked that there's
+                        * enough bytes for |mac_size| above. */
+                       rr->length -= mac_size;
+                       mac = &rr->data[rr->length];
+                       }
+
+               i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
+               if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
+                       enc_err = -1;
+               if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+mac_size)
+                       enc_err = -1;
                }
 
-       if (decryption_failed_or_bad_record_mac)
+       if (enc_err < 0)
                {
                /* decryption failed, silently discard message */
                rr->length = 0;
@@ -610,24 +631,6 @@ again:
                        goto again;
                        }
 
-               /* If we receive a valid record larger than the current buffer size,
-                * allocate some memory for it.
-                */
-               if (rr->length > s->s3->rbuf.len - DTLS1_RT_HEADER_LENGTH)
-                       {
-                       unsigned char *pp;
-                       unsigned int newlen = rr->length + DTLS1_RT_HEADER_LENGTH;
-                       if ((pp=OPENSSL_realloc(s->s3->rbuf.buf, newlen))==NULL)
-                               {
-                               SSLerr(SSL_F_DTLS1_GET_RECORD,ERR_R_MALLOC_FAILURE);
-                               return(-1);
-                               }
-                       p = pp + (p - s->s3->rbuf.buf);
-                       s->s3->rbuf.buf=pp;
-                       s->s3->rbuf.len=newlen;
-                       s->packet= &(s->s3->rbuf.buf[0]);
-                       }
-
                /* now s->rstate == SSL_ST_READ_BODY */
                }
 
@@ -662,20 +665,28 @@ again:
                goto again;   /* get another record */
                }
 
-       /* Check whether this is a repeat, or aged record.
-        * Don't check if we're listening and this message is
-        * a ClientHello. They can look as if they're replayed,
-        * since they arrive from different connections and
-        * would be dropped unnecessarily.
-        */
-       if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
-               *p == SSL3_MT_CLIENT_HELLO) &&
-               !dtls1_record_replay_check(s, bitmap))
-               {
-               rr->length = 0;
-               s->packet_length=0; /* dump this record */
-               goto again;     /* get another record */
-               }
+#ifndef OPENSSL_NO_SCTP
+       /* Only do replay check if no SCTP bio */
+       if (!BIO_dgram_is_sctp(SSL_get_rbio(s)))
+               {
+#endif
+               /* Check whether this is a repeat, or aged record.
+                * Don't check if we're listening and this message is
+                * a ClientHello. They can look as if they're replayed,
+                * since they arrive from different connections and
+                * would be dropped unnecessarily.
+                */
+               if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
+                   *p == SSL3_MT_CLIENT_HELLO) &&
+                   !dtls1_record_replay_check(s, bitmap))
+                       {
+                       rr->length = 0;
+                       s->packet_length=0; /* dump this record */
+                       goto again;     /* get another record */
+                       }
+#ifndef OPENSSL_NO_SCTP
+               }
+#endif
 
        /* just read a 0 length packet */
        if (rr->length == 0) goto again;
@@ -703,7 +714,6 @@ again:
                goto again;   /* get another record */
                }
 
-       dtls1_clear_timeouts(s);  /* done waiting */
        return(1);
 
        }
@@ -761,7 +771,17 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
 
        /* Now s->d1->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */
 
+#ifndef OPENSSL_NO_SCTP
+       /* Continue handshake if it had to be interrupted to read
+        * app data with SCTP.
+        */
+       if ((!s->in_handshake && SSL_in_init(s)) ||
+           (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+            (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK) &&
+            s->s3->in_read_app_data != 2))
+#else
        if (!s->in_handshake && SSL_in_init(s))
+#endif
                {
                /* type == SSL3_RT_APPLICATION_DATA */
                i=s->handshake_func(s);
@@ -792,6 +812,15 @@ start:
                item = pqueue_pop(s->d1->buffered_app_data.q);
                if (item)
                        {
+#ifndef OPENSSL_NO_SCTP
+                       /* Restore bio_dgram_sctp_rcvinfo struct */
+                       if (BIO_dgram_is_sctp(SSL_get_rbio(s)))
+                               {
+                               DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *) item->data;
+                               BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO, sizeof(rdata->recordinfo), &rdata->recordinfo);
+                               }
+#endif
+
                        dtls1_copy_record(s, item);
 
                        OPENSSL_free(item->data);
@@ -874,6 +903,31 @@ start:
                                rr->off=0;
                                }
                        }
+
+#ifndef OPENSSL_NO_SCTP
+                       /* We were about to renegotiate but had to read
+                        * belated application data first, so retry.
+                        */
+                       if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+                           rr->type == SSL3_RT_APPLICATION_DATA &&
+                           (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK))
+                               {
+                               s->rwstate=SSL_READING;
+                               BIO_clear_retry_flags(SSL_get_rbio(s));
+                               BIO_set_retry_read(SSL_get_rbio(s));
+                               }
+
+                       /* We might had to delay a close_notify alert because
+                        * of reordered app data. If there was an alert and there
+                        * is no message to read anymore, finally set shutdown.
+                        */
+                       if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+                           s->d1->shutdown_received && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
+                               {
+                               s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+                               return(0);
+                               }
+#endif                 
                return(n);
                }
 
@@ -901,6 +955,19 @@ start:
                        dest = s->d1->alert_fragment;
                        dest_len = &s->d1->alert_fragment_len;
                        }
+#ifndef OPENSSL_NO_HEARTBEATS
+               else if (rr->type == TLS1_RT_HEARTBEAT)
+                       {
+                       dtls1_process_heartbeat(s);
+
+                       /* Exit and notify application to read again */
+                       rr->length = 0;
+                       s->rwstate=SSL_READING;
+                       BIO_clear_retry_flags(SSL_get_rbio(s));
+                       BIO_set_retry_read(SSL_get_rbio(s));
+                       return(-1);
+                       }
+#endif
                /* else it's a CCS message, or application data or wrong */
                else if (rr->type != SSL3_RT_CHANGE_CIPHER_SPEC)
                        {
@@ -984,6 +1051,7 @@ start:
                        !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
                        !s->s3->renegotiate)
                        {
+                       s->new_session = 1;
                        ssl3_renegotiate(s);
                        if (ssl3_renegotiate_check(s))
                                {
@@ -1045,6 +1113,21 @@ start:
                        s->s3->warn_alert = alert_descr;
                        if (alert_descr == SSL_AD_CLOSE_NOTIFY)
                                {
+#ifndef OPENSSL_NO_SCTP
+                               /* With SCTP and streams the socket may deliver app data
+                                * after a close_notify alert. We have to check this
+                                * first so that nothing gets discarded.
+                                */
+                               if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+                                       BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))
+                                       {
+                                       s->d1->shutdown_received = 1;
+                                       s->rwstate=SSL_READING;
+                                       BIO_clear_retry_flags(SSL_get_rbio(s));
+                                       BIO_set_retry_read(SSL_get_rbio(s));
+                                       return -1;
+                                       }
+#endif
                                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
                                return(0);
                                }
@@ -1151,6 +1234,15 @@ start:
                if (s->version == DTLS1_BAD_VER)
                        s->d1->handshake_read_seq++;
 
+#ifndef OPENSSL_NO_SCTP
+               /* Remember that a CCS has been received,
+                * so that an old key of SCTP-Auth can be
+                * deleted when a CCS is sent. Will be ignored
+                * if no SCTP is used
+                */
+               BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
+#endif
+
                goto start;
                }
 
@@ -1173,6 +1265,9 @@ start:
                 */
                if (msg_hdr.type == SSL3_MT_FINISHED)
                        {
+                       if (dtls1_check_timeout_num(s) < 0)
+                               return -1;
+
                        dtls1_retransmit_buffered_messages(s);
                        rr->length = 0;
                        goto start;
@@ -1190,6 +1285,7 @@ start:
 #else
                        s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
 #endif
+                       s->renegotiate=1;
                        s->new_session=1;
                        }
                i=s->handshake_func(s);
@@ -1286,7 +1382,16 @@ dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
        {
        int i;
 
-       if (SSL_in_init(s) && !s->in_handshake)
+#ifndef OPENSSL_NO_SCTP
+               /* Check if we have to continue an interrupted handshake
+                * for reading belated app data with SCTP.
+                */
+               if ((SSL_in_init(s) && !s->in_handshake) ||
+                   (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
+                    (s->state == DTLS1_SCTP_ST_SR_READ_SOCK || s->state == DTLS1_SCTP_ST_CR_READ_SOCK)))
+#else
+               if (SSL_in_init(s) && !s->in_handshake)
+#endif
                {
                i=s->handshake_func(s);
                if (i < 0) return(i);
@@ -1364,7 +1469,6 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
        SSL3_BUFFER *wb;
        SSL_SESSION *sess;
        int bs;
-       unsigned int len_with_overhead = len + SSL3_RT_DEFAULT_WRITE_OVERHEAD;
 
        /* first check if there is a SSL3_BUFFER still being written
         * out.  This will happen with non blocking IO */
@@ -1374,16 +1478,6 @@ int do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len,
                return(ssl3_write_pending(s,type,buf,len));
                }
 
-       if (s->s3->wbuf.len < len_with_overhead)
-               {
-               if ((p=OPENSSL_realloc(s->s3->wbuf.buf, len_with_overhead)) == NULL) {
-                       SSLerr(SSL_F_DO_DTLS1_WRITE,ERR_R_MALLOC_FAILURE);
-                       goto err;
-               }
-               s->s3->wbuf.buf = p;
-               s->s3->wbuf.len = len_with_overhead;
-               }
-
        /* If we have an alert to send, lets send it */
        if (s->s3->alert_dispatch)
                {
@@ -1797,10 +1891,3 @@ dtls1_reset_seq_numbers(SSL *s, int rw)
 
        memset(seq, 0x00, seq_bytes);
        }
-
-
-static void
-dtls1_clear_timeouts(SSL *s)
-       {
-       memset(&(s->d1->timeout), 0x00, sizeof(struct dtls1_timeout_st));
-       }

diff --git a/deps/openssl/openssl/ssl/d1_srvr.c b/deps/openssl/openssl/ssl/d1_srvr.c
index 149983b..29421da 100644 (file)
--- a/deps/openssl/openssl/ssl/d1_srvr.c
+++ b/deps/openssl/openssl/ssl/d1_srvr.c
@@ -151,6 +151,10 @@ int dtls1_accept(SSL *s)
        int ret= -1;
        int new_state,state,skip=0;
        int listen;
+#ifndef OPENSSL_NO_SCTP
+       unsigned char sctpauthkey[64];
+       char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+#endif
 
        RAND_add(&Time,sizeof(Time),0);
        ERR_clear_error();
@@ -168,6 +172,13 @@ int dtls1_accept(SSL *s)
        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
        s->d1->listen = listen;
+#ifndef OPENSSL_NO_SCTP
+       /* Notify SCTP BIO socket to enter handshake
+        * mode and prevent stream identifier other
+        * than 0. Will be ignored if no SCTP is used.
+        */
+       BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
+#endif
 
        if (s->cert == NULL)
                {
@@ -175,6 +186,19 @@ int dtls1_accept(SSL *s)
                return(-1);
                }
 
+#ifndef OPENSSL_NO_HEARTBEATS
+       /* If we're awaiting a HeartbeatResponse, pretend we
+        * already got and don't await it anymore, because
+        * Heartbeats don't make sense during handshakes anyway.
+        */
+       if (s->tlsext_hb_pending)
+               {
+               dtls1_stop_timer(s);
+               s->tlsext_hb_pending = 0;
+               s->tlsext_hb_seq++;
+               }
+#endif
+
        for (;;)
                {
                state=s->state;
@@ -182,7 +206,7 @@ int dtls1_accept(SSL *s)
                switch (s->state)
                        {
                case SSL_ST_RENEGOTIATE:
-                       s->new_session=1;
+                       s->renegotiate=1;
                        /* s->state=SSL_ST_ACCEPT; */
 
                case SSL_ST_BEFORE:
@@ -227,8 +251,12 @@ int dtls1_accept(SSL *s)
                                {
                                /* Ok, we now need to push on a buffering BIO so that
                                 * the output is sent in a way that TCP likes :-)
+                                * ...but not with SCTP :-)
                                 */
-                               if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
+#ifndef OPENSSL_NO_SCTP
+                               if (!BIO_dgram_is_sctp(SSL_get_wbio(s)))
+#endif
+                                       if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
 
                                ssl3_init_finished_mac(s);
                                s->state=SSL3_ST_SR_CLNT_HELLO_A;
@@ -313,25 +341,75 @@ int dtls1_accept(SSL *s)
                                ssl3_init_finished_mac(s);
                        break;
                        
+#ifndef OPENSSL_NO_SCTP
+               case DTLS1_SCTP_ST_SR_READ_SOCK:
+                       
+                       if (BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s)))                
+                               {
+                               s->s3->in_read_app_data=2;
+                               s->rwstate=SSL_READING;
+                               BIO_clear_retry_flags(SSL_get_rbio(s));
+                               BIO_set_retry_read(SSL_get_rbio(s));
+                               ret = -1;
+                               goto end;
+                               }
+                       
+                       s->state=SSL3_ST_SR_FINISHED_A;
+                       break;
+                       
+               case DTLS1_SCTP_ST_SW_WRITE_SOCK:
+                       ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+                       if (ret < 0) goto end;
+                       
+                       if (ret == 0)
+                               {
+                               if (s->d1->next_state != SSL_ST_OK)
+                                       {
+                                       s->s3->in_read_app_data=2;
+                                       s->rwstate=SSL_READING;
+                                       BIO_clear_retry_flags(SSL_get_rbio(s));
+                                       BIO_set_retry_read(SSL_get_rbio(s));
+                                       ret = -1;
+                                       goto end;
+                                       }
+                               }
+
+                       s->state=s->d1->next_state;
+                       break;
+#endif
+
                case SSL3_ST_SW_SRVR_HELLO_A:
                case SSL3_ST_SW_SRVR_HELLO_B:
-                       s->new_session = 2;
+                       s->renegotiate = 2;
                        dtls1_start_timer(s);
                        ret=dtls1_send_server_hello(s);
                        if (ret <= 0) goto end;
 
-#ifndef OPENSSL_NO_TLSEXT
                        if (s->hit)
                                {
+#ifndef OPENSSL_NO_SCTP
+                               /* Add new shared key for SCTP-Auth,
+                                * will be ignored if no SCTP used.
+                                */
+                               snprintf((char*) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
+                                        DTLS1_SCTP_AUTH_LABEL);
+
+                               SSL_export_keying_material(s, sctpauthkey,
+                                                          sizeof(sctpauthkey), labelbuffer,
+                                                          sizeof(labelbuffer), NULL, 0, 0);
+                               
+                               BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                         sizeof(sctpauthkey), sctpauthkey);
+#endif
+#ifndef OPENSSL_NO_TLSEXT
                                if (s->tlsext_ticket_expected)
                                        s->state=SSL3_ST_SW_SESSION_TICKET_A;
                                else
                                        s->state=SSL3_ST_SW_CHANGE_A;
-                               }
 #else
-                       if (s->hit)
-                                       s->state=SSL3_ST_SW_CHANGE_A;
+                               s->state=SSL3_ST_SW_CHANGE_A;
 #endif
+                               }
                        else
                                s->state=SSL3_ST_SW_CERT_A;
                        s->init_num=0;
@@ -441,6 +519,13 @@ int dtls1_accept(SSL *s)
                                skip=1;
                                s->s3->tmp.cert_request=0;
                                s->state=SSL3_ST_SW_SRVR_DONE_A;
+#ifndef OPENSSL_NO_SCTP
+                               if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
+                                       {
+                                       s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
+                                       s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
+                                       }
+#endif
                                }
                        else
                                {
@@ -450,9 +535,23 @@ int dtls1_accept(SSL *s)
                                if (ret <= 0) goto end;
 #ifndef NETSCAPE_HANG_BUG
                                s->state=SSL3_ST_SW_SRVR_DONE_A;
+#ifndef OPENSSL_NO_SCTP
+                               if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
+                                       {
+                                       s->d1->next_state = SSL3_ST_SW_SRVR_DONE_A;
+                                       s->state = DTLS1_SCTP_ST_SW_WRITE_SOCK;
+                                       }
+#endif
 #else
                                s->state=SSL3_ST_SW_FLUSH;
                                s->s3->tmp.next_state=SSL3_ST_SR_CERT_A;
+#ifndef OPENSSL_NO_SCTP
+                               if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
+                                       {
+                                       s->d1->next_state = s->s3->tmp.next_state;
+                                       s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK;
+                                       }
+#endif
 #endif
                                s->init_num=0;
                                }
@@ -472,6 +571,13 @@ int dtls1_accept(SSL *s)
                        s->rwstate=SSL_WRITING;
                        if (BIO_flush(s->wbio) <= 0)
                                {
+                               /* If the write error was fatal, stop trying */
+                               if (!BIO_should_retry(s->wbio))
+                                       {
+                                       s->rwstate=SSL_NOTHING;
+                                       s->state=s->s3->tmp.next_state;
+                                       }
+                               
                                ret= -1;
                                goto end;
                                }
@@ -485,15 +591,16 @@ int dtls1_accept(SSL *s)
                        ret = ssl3_check_client_hello(s);
                        if (ret <= 0)
                                goto end;
-                       dtls1_stop_timer(s);
                        if (ret == 2)
+                               {
+                               dtls1_stop_timer(s);
                                s->state = SSL3_ST_SR_CLNT_HELLO_C;
+                               }
                        else {
                                /* could be sent for a DH cert, even if we
                                 * have not asked for it :-) */
                                ret=ssl3_get_client_certificate(s);
                                if (ret <= 0) goto end;
-                               dtls1_stop_timer(s);
                                s->init_num=0;
                                s->state=SSL3_ST_SR_KEY_EXCH_A;
                        }
@@ -503,7 +610,21 @@ int dtls1_accept(SSL *s)
                case SSL3_ST_SR_KEY_EXCH_B:
                        ret=ssl3_get_client_key_exchange(s);
                        if (ret <= 0) goto end;
-                       dtls1_stop_timer(s);
+#ifndef OPENSSL_NO_SCTP
+                       /* Add new shared key for SCTP-Auth,
+                        * will be ignored if no SCTP used.
+                        */
+                       snprintf((char *) labelbuffer, sizeof(DTLS1_SCTP_AUTH_LABEL),
+                                DTLS1_SCTP_AUTH_LABEL);
+
+                       SSL_export_keying_material(s, sctpauthkey,
+                                                  sizeof(sctpauthkey), labelbuffer,
+                                                  sizeof(labelbuffer), NULL, 0, 0);
+
+                       BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                                sizeof(sctpauthkey), sctpauthkey);
+#endif
+
                        s->state=SSL3_ST_SR_CERT_VRFY_A;
                        s->init_num=0;
 
@@ -540,9 +661,13 @@ int dtls1_accept(SSL *s)
                        /* we should decide if we expected this one */
                        ret=ssl3_get_cert_verify(s);
                        if (ret <= 0) goto end;
-                       dtls1_stop_timer(s);
-
-                       s->state=SSL3_ST_SR_FINISHED_A;
+#ifndef OPENSSL_NO_SCTP
+                       if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
+                           state == SSL_ST_RENEGOTIATE)
+                               s->state=DTLS1_SCTP_ST_SR_READ_SOCK;
+                       else
+#endif                 
+                               s->state=SSL3_ST_SR_FINISHED_A;
                        s->init_num=0;
                        break;
 
@@ -594,6 +719,14 @@ int dtls1_accept(SSL *s)
                                SSL3_ST_SW_CHANGE_A,SSL3_ST_SW_CHANGE_B);
 
                        if (ret <= 0) goto end;
+
+#ifndef OPENSSL_NO_SCTP
+                       /* Change to new shared key of SCTP-Auth,
+                        * will be ignored if no SCTP used.
+                        */
+                       BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY, 0, NULL);
+#endif
+
                        s->state=SSL3_ST_SW_FINISHED_A;
                        s->init_num=0;
 
@@ -618,7 +751,16 @@ int dtls1_accept(SSL *s)
                        if (s->hit)
                                s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
                        else
+                               {
                                s->s3->tmp.next_state=SSL_ST_OK;
+#ifndef OPENSSL_NO_SCTP
+                               if (BIO_dgram_is_sctp(SSL_get_wbio(s)))
+                                       {
+                                       s->d1->next_state = s->s3->tmp.next_state;
+                                       s->s3->tmp.next_state=DTLS1_SCTP_ST_SW_WRITE_SOCK;
+                                       }
+#endif
+                               }
                        s->init_num=0;
                        break;
 
@@ -636,11 +778,9 @@ int dtls1_accept(SSL *s)
 
                        s->init_num=0;
 
-                       if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
+                       if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
                                {
-                               /* actually not necessarily a 'new' session unless
-                                * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-                               
+                               s->renegotiate=0;
                                s->new_session=0;
                                
                                ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
@@ -692,6 +832,14 @@ end:
        /* BIO_flush(s->wbio); */
 
        s->in_handshake--;
+#ifndef OPENSSL_NO_SCTP
+               /* Notify SCTP BIO socket to leave handshake
+                * mode and prevent stream identifier other
+                * than 0. Will be ignored if no SCTP is used.
+                */
+               BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE, s->in_handshake, NULL);
+#endif
+
        if (cb != NULL)
                cb(s,SSL_CB_ACCEPT_EXIT,ret);
        return(ret);
@@ -772,7 +920,7 @@ int dtls1_send_server_hello(SSL *s)
                p=s->s3->server_random;
                Time=(unsigned long)time(NULL);                 /* Time */
                l2n(Time,p);
-               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time));
+               RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4);
                /* Do the message type and length last */
                d=p= &(buf[DTLS1_HM_HEADER_LENGTH]);
 
@@ -1147,7 +1295,7 @@ int dtls1_send_server_key_exchange(SSL *s)
                if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
                        && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
                        {
-                       if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
+                       if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher, NULL))
                                == NULL)
                                {
                                al=SSL_AD_DECODE_ERROR;

diff --git a/deps/openssl/openssl/ssl/dtls1.h b/deps/openssl/openssl/ssl/dtls1.h
index 2900d1d..e65d501 100644 (file)
--- a/deps/openssl/openssl/ssl/dtls1.h
+++ b/deps/openssl/openssl/ssl/dtls1.h
@@ -57,8 +57,8 @@
  *
  */
 
-#ifndef HEADER_DTLS1_H 
-#define HEADER_DTLS1_H 
+#ifndef HEADER_DTLS1_H
+#define HEADER_DTLS1_H
 
 #include <openssl/buffer.h>
 #include <openssl/pqueue.h>
@@ -72,8 +72,12 @@
 #elif defined(OPENSSL_SYS_NETWARE) && !defined(_WINSOCK2API_)
 #include <sys/timeval.h>
 #else
+#if defined(OPENSSL_SYS_VXWORKS)
+#include <sys/times.h>
+#else
 #include <sys/time.h>
 #endif
+#endif
 
 #ifdef  __cplusplus
 extern "C" {
@@ -105,6 +109,11 @@ extern "C" {
 #define DTLS1_AL_HEADER_LENGTH                   2
 #endif
 
+#ifndef OPENSSL_NO_SSL_INTERN
+
+#ifndef OPENSSL_NO_SCTP
+#define DTLS1_SCTP_AUTH_LABEL  "EXPORTER_DTLS_OVER_SCTP"
+#endif
 
 typedef struct dtls1_bitmap_st
        {
@@ -227,7 +236,7 @@ typedef struct dtls1_state_st
 
        struct dtls1_timeout_st timeout;
 
-       /* Indicates when the last handshake msg sent will timeout */
+       /* Indicates when the last handshake msg or heartbeat sent will timeout */
        struct timeval next_timeout;
 
        /* Timeout duration */
@@ -243,6 +252,13 @@ typedef struct dtls1_state_st
        unsigned int retransmitting;
        unsigned int change_cipher_spec_ok;
 
+#ifndef OPENSSL_NO_SCTP
+       /* used when SSL_ST_XX_FLUSH is entered */
+       int next_state;
+
+       int shutdown_received;
+#endif
+
        } DTLS1_STATE;
 
 typedef struct dtls1_record_data_st
@@ -251,8 +267,12 @@ typedef struct dtls1_record_data_st
        unsigned int   packet_length;
        SSL3_BUFFER    rbuf;
        SSL3_RECORD    rrec;
+#ifndef OPENSSL_NO_SCTP
+       struct bio_dgram_sctp_rcvinfo recordinfo;
+#endif
        } DTLS1_RECORD_DATA;
 
+#endif
 
 /* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
 #define DTLS1_TMO_READ_COUNT                      2

diff --git a/deps/openssl/openssl/ssl/install-ssl.com b/deps/openssl/openssl/ssl/install-ssl.com
old mode 100644 (file)
new mode 100755 (executable)
index 1bd6cca..afe6967
--- a/deps/openssl/openssl/ssl/install-ssl.com
+++ b/deps/openssl/openssl/ssl/install-ssl.com
@@ -73,7 +73,7 @@ $ if f$parse("wrk_sslxexe:") .eqs. "" then -
 $ if f$parse("wrk_sslxlib:") .eqs. "" then -
    create /directory /log wrk_sslxlib:
 $!
-$ exheader := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h
+$ exheader := ssl.h, ssl2.h, ssl3.h, ssl23.h, tls1.h, dtls1.h, kssl.h, srtp.h
 $ e_exe := ssl_task
 $ libs := ssl_libssl
 $!

diff --git a/deps/openssl/openssl/ssl/kssl.c b/deps/openssl/openssl/ssl/kssl.c
index b820e37..fd7c67b 100644 (file)
--- a/deps/openssl/openssl/ssl/kssl.c
+++ b/deps/openssl/openssl/ssl/kssl.c
@@ -2194,6 +2194,22 @@ krb5_error_code  kssl_build_principal_2(
        return ENOMEM;
        }
 
+void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx)
+       {
+       s->kssl_ctx = kctx;
+       } 
+
+KSSL_CTX * SSL_get0_kssl_ctx(SSL *s)
+       {
+       return s->kssl_ctx;
+       }
+
+char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx)
+       {
+       if (kctx)
+               return kctx->client_princ;
+       return NULL;
+       }
 
 #else /* !OPENSSL_NO_KRB5 */
 

diff --git a/deps/openssl/openssl/ssl/kssl.h b/deps/openssl/openssl/ssl/kssl.h
index a3d20e1..8242fd5 100644 (file)
--- a/deps/openssl/openssl/ssl/kssl.h
+++ b/deps/openssl/openssl/ssl/kssl.h
@@ -172,6 +172,10 @@ krb5_error_code  kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
                                    krb5_timestamp *atimep, KSSL_ERR *kssl_err);
 unsigned char  *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
 
+void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
+KSSL_CTX * SSL_get0_kssl_ctx(SSL *s);
+char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
+
 #ifdef  __cplusplus
 }
 #endif

diff --git a/deps/openssl/openssl/ssl/s23_clnt.c b/deps/openssl/openssl/ssl/s23_clnt.c
index f41fe3a..47673e7 100644 (file)
--- a/deps/openssl/openssl/ssl/s23_clnt.c
+++ b/deps/openssl/openssl/ssl/s23_clnt.c
@@ -129,6 +129,10 @@ static const SSL_METHOD *ssl23_get_client_method(int ver)
                return(SSLv3_client_method());
        else if (ver == TLS1_VERSION)
                return(TLSv1_client_method());
+       else if (ver == TLS1_1_VERSION)
+               return(TLSv1_1_client_method());
+       else if (ver == TLS1_2_VERSION)
+               return(TLSv1_2_client_method());
        else
                return(NULL);
        }
@@ -278,24 +282,51 @@ static int ssl23_client_hello(SSL *s)
        SSL_COMP *comp;
 #endif
        int ret;
+       unsigned long mask, options = s->options;
 
-       ssl2_compat = (s->options & SSL_OP_NO_SSLv2) ? 0 : 1;
+       ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1;
 
        if (ssl2_compat && ssl23_no_ssl2_ciphers(s))
                ssl2_compat = 0;
 
-       if (!(s->options & SSL_OP_NO_TLSv1))
-               {
+       /*
+        * SSL_OP_NO_X disables all protocols above X *if* there are
+        * some protocols below X enabled. This is required in order
+        * to maintain "version capability" vector contiguous. So
+        * that if application wants to disable TLS1.0 in favour of
+        * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the
+        * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
+        */
+       mask =  SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1
+#if !defined(OPENSSL_NO_SSL3)
+               |SSL_OP_NO_SSLv3
+#endif
+#if !defined(OPENSSL_NO_SSL2)
+               |(ssl2_compat?SSL_OP_NO_SSLv2:0)
+#endif
+               ;
+#if !defined(OPENSSL_NO_TLS1_2_CLIENT)
+       version = TLS1_2_VERSION;
+
+       if ((options & SSL_OP_NO_TLSv1_2) && (options & mask) != mask)
+               version = TLS1_1_VERSION;
+#else
+       version = TLS1_1_VERSION;
+#endif
+       mask &= ~SSL_OP_NO_TLSv1_1;
+       if ((options & SSL_OP_NO_TLSv1_1) && (options & mask) != mask)
                version = TLS1_VERSION;
-               }
-       else if (!(s->options & SSL_OP_NO_SSLv3))
-               {
+       mask &= ~SSL_OP_NO_TLSv1;
+#if !defined(OPENSSL_NO_SSL3)
+       if ((options & SSL_OP_NO_TLSv1) && (options & mask) != mask)
                version = SSL3_VERSION;
-               }
-       else if (!(s->options & SSL_OP_NO_SSLv2))
-               {
+       mask &= ~SSL_OP_NO_SSLv3;
+#endif
+#if !defined(OPENSSL_NO_SSL2)
+       if ((options & SSL_OP_NO_SSLv3) && (options & mask) != mask)
                version = SSL2_VERSION;
-               }
+#endif
+
 #ifndef OPENSSL_NO_TLSEXT
        if (version != SSL2_VERSION)
                {
@@ -329,11 +360,29 @@ static int ssl23_client_hello(SSL *s)
                if (RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-4) <= 0)
                        return -1;
 
-               if (version == TLS1_VERSION)
+               if (version == TLS1_2_VERSION)
+                       {
+                       version_major = TLS1_2_VERSION_MAJOR;
+                       version_minor = TLS1_2_VERSION_MINOR;
+                       }
+               else if (version == TLS1_1_VERSION)
+                       {
+                       version_major = TLS1_1_VERSION_MAJOR;
+                       version_minor = TLS1_1_VERSION_MINOR;
+                       }
+               else if (version == TLS1_VERSION)
                        {
                        version_major = TLS1_VERSION_MAJOR;
                        version_minor = TLS1_VERSION_MINOR;
                        }
+#ifdef OPENSSL_FIPS
+               else if(FIPS_mode())
+                       {
+                       SSLerr(SSL_F_SSL23_CLIENT_HELLO,
+                                       SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+                       return -1;
+                       }
+#endif
                else if (version == SSL3_VERSION)
                        {
                        version_major = SSL3_VERSION_MAJOR;
@@ -437,6 +486,15 @@ static int ssl23_client_hello(SSL *s)
                                SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
                                return -1;
                                }
+#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
+                       /* Some servers hang if client hello > 256 bytes
+                        * as hack workaround chop number of supported ciphers
+                        * to keep it well below this if we use TLS v1.2
+                        */
+                       if (TLS1_get_version(s) >= TLS1_2_VERSION
+                               && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
+                               i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
+#endif
                        s2n(i,p);
                        p+=i;
 
@@ -491,8 +549,13 @@ static int ssl23_client_hello(SSL *s)
                        d=buf;
                        *(d++) = SSL3_RT_HANDSHAKE;
                        *(d++) = version_major;
-                       *(d++) = version_minor; /* arguably we should send the *lowest* suported version here
-                                                * (indicating, e.g., TLS 1.0 in "SSL 3.0 format") */
+                       /* Some servers hang if we use long client hellos
+                        * and a record number > TLS 1.0.
+                        */
+                       if (TLS1_get_client_version(s) > TLS1_VERSION)
+                               *(d++) = 1;
+                       else
+                               *(d++) = version_minor;
                        s2n((int)l,d);
 
                        /* number of bytes to write */
@@ -608,7 +671,7 @@ static int ssl23_get_server_hello(SSL *s)
 #endif
                }
        else if (p[1] == SSL3_VERSION_MAJOR &&
-                (p[2] == SSL3_VERSION_MINOR || p[2] == TLS1_VERSION_MINOR) &&
+                p[2] <= TLS1_2_VERSION_MINOR &&
                 ((p[0] == SSL3_RT_HANDSHAKE && p[5] == SSL3_MT_SERVER_HELLO) ||
                  (p[0] == SSL3_RT_ALERT && p[3] == 0 && p[4] == 2)))
                {
@@ -617,6 +680,14 @@ static int ssl23_get_server_hello(SSL *s)
                if ((p[2] == SSL3_VERSION_MINOR) &&
                        !(s->options & SSL_OP_NO_SSLv3))
                        {
+#ifdef OPENSSL_FIPS
+                       if(FIPS_mode())
+                               {
+                               SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,
+                                       SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+                               goto err;
+                               }
+#endif
                        s->version=SSL3_VERSION;
                        s->method=SSLv3_client_method();
                        }
@@ -626,6 +697,18 @@ static int ssl23_get_server_hello(SSL *s)
                        s->version=TLS1_VERSION;
                        s->method=TLSv1_client_method();
                        }
+               else if ((p[2] == TLS1_1_VERSION_MINOR) &&
+                       !(s->options & SSL_OP_NO_TLSv1_1))
+                       {
+                       s->version=TLS1_1_VERSION;
+                       s->method=TLSv1_1_client_method();
+                       }
+               else if ((p[2] == TLS1_2_VERSION_MINOR) &&
+                       !(s->options & SSL_OP_NO_TLSv1_2))
+                       {
+                       s->version=TLS1_2_VERSION;
+                       s->method=TLSv1_2_client_method();
+                       }
                else
                        {
                        SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
@@ -687,13 +770,6 @@ static int ssl23_get_server_hello(SSL *s)
 
        /* Since, if we are sending a ssl23 client hello, we are not
         * reusing a session-id */
-        if (!s->session_creation_enabled)
-               {
-               if (!(s->client_version == SSL2_VERSION))
-                       ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-               SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-               goto err;
-               }
        if (!ssl_get_new_session(s,0))
                goto err;
 

diff --git a/deps/openssl/openssl/ssl/s23_meth.c b/deps/openssl/openssl/ssl/s23_meth.c
index c6099ef..40eae0f 100644 (file)
--- a/deps/openssl/openssl/ssl/s23_meth.c
+++ b/deps/openssl/openssl/ssl/s23_meth.c
@@ -76,6 +76,10 @@ static const SSL_METHOD *ssl23_get_method(int ver)
 #ifndef OPENSSL_NO_TLS1
        if (ver == TLS1_VERSION)
                return(TLSv1_method());
+       else if (ver == TLS1_1_VERSION)
+               return(TLSv1_1_method());
+       else if (ver == TLS1_2_VERSION)
+               return(TLSv1_2_method());
        else
 #endif
                return(NULL);

diff --git a/deps/openssl/openssl/ssl/s23_srvr.c b/deps/openssl/openssl/ssl/s23_srvr.c
index e22879c..4877849 100644 (file)
--- a/deps/openssl/openssl/ssl/s23_srvr.c
+++ b/deps/openssl/openssl/ssl/s23_srvr.c
@@ -115,6 +115,9 @@
 #include <openssl/rand.h>
 #include <openssl/objects.h>
 #include <openssl/evp.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 static const SSL_METHOD *ssl23_get_server_method(int ver);
 int ssl23_get_client_hello(SSL *s);
@@ -128,6 +131,10 @@ static const SSL_METHOD *ssl23_get_server_method(int ver)
                return(SSLv3_server_method());
        else if (ver == TLS1_VERSION)
                return(TLSv1_server_method());
+       else if (ver == TLS1_1_VERSION)
+               return(TLSv1_1_server_method());
+       else if (ver == TLS1_2_VERSION)
+               return(TLSv1_2_server_method());
        else
                return(NULL);
        }
@@ -283,7 +290,20 @@ int ssl23_get_client_hello(SSL *s)
                                /* SSLv3/TLSv1 */
                                if (p[4] >= TLS1_VERSION_MINOR)
                                        {
-                                       if (!(s->options & SSL_OP_NO_TLSv1))
+                                       if (p[4] >= TLS1_2_VERSION_MINOR &&
+                                          !(s->options & SSL_OP_NO_TLSv1_2))
+                                               {
+                                               s->version=TLS1_2_VERSION;
+                                               s->state=SSL23_ST_SR_CLNT_HELLO_B;
+                                               }
+                                       else if (p[4] >= TLS1_1_VERSION_MINOR &&
+                                          !(s->options & SSL_OP_NO_TLSv1_1))
+                                               {
+                                               s->version=TLS1_1_VERSION;
+                                               /* type=2; */ /* done later to survive restarts */
+                                               s->state=SSL23_ST_SR_CLNT_HELLO_B;
+                                               }
+                                       else if (!(s->options & SSL_OP_NO_TLSv1))
                                                {
                                                s->version=TLS1_VERSION;
                                                /* type=2; */ /* done later to survive restarts */
@@ -350,7 +370,19 @@ int ssl23_get_client_hello(SSL *s)
                                v[1]=p[10]; /* minor version according to client_version */
                        if (v[1] >= TLS1_VERSION_MINOR)
                                {
-                               if (!(s->options & SSL_OP_NO_TLSv1))
+                               if (v[1] >= TLS1_2_VERSION_MINOR &&
+                                       !(s->options & SSL_OP_NO_TLSv1_2))
+                                       {
+                                       s->version=TLS1_2_VERSION;
+                                       type=3;
+                                       }
+                               else if (v[1] >= TLS1_1_VERSION_MINOR &&
+                                       !(s->options & SSL_OP_NO_TLSv1_1))
+                                       {
+                                       s->version=TLS1_1_VERSION;
+                                       type=3;
+                                       }
+                               else if (!(s->options & SSL_OP_NO_TLSv1))
                                        {
                                        s->version=TLS1_VERSION;
                                        type=3;
@@ -393,6 +425,15 @@ int ssl23_get_client_hello(SSL *s)
                        }
                }
 
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && (s->version < TLS1_VERSION))
+               {
+               SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,
+                                       SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+               goto err;
+               }
+#endif
+
        if (s->state == SSL23_ST_SR_CLNT_HELLO_B)
                {
                /* we have SSLv3/TLSv1 in an SSLv2 header
@@ -403,13 +444,8 @@ int ssl23_get_client_hello(SSL *s)
                v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
                v[1] = p[4];
 
-/* The SSL2 protocol allows n to be larger, just pick
- * a reasonable buffer size. */
-#if SSL3_RT_DEFAULT_PACKET_SIZE < 1024*4 - SSL3_RT_DEFAULT_WRITE_OVERHEAD
-#error "SSL3_RT_DEFAULT_PACKET_SIZE is too small."
-#endif
                n=((p[0]&0x7f)<<8)|p[1];
-               if (n > SSL3_RT_DEFAULT_PACKET_SIZE - 2)
+               if (n > (1024*4))
                        {
                        SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
                        goto err;
@@ -572,8 +608,11 @@ int ssl23_get_client_hello(SSL *s)
                        s->s3->rbuf.left=0;
                        s->s3->rbuf.offset=0;
                        }
-
-               if (s->version == TLS1_VERSION)
+               if (s->version == TLS1_2_VERSION)
+                       s->method = TLSv1_2_server_method();
+               else if (s->version == TLS1_1_VERSION)
+                       s->method = TLSv1_1_server_method();
+               else if (s->version == TLS1_VERSION)
                        s->method = TLSv1_server_method();
                else
                        s->method = SSLv3_server_method();

diff --git a/deps/openssl/openssl/ssl/s2_clnt.c b/deps/openssl/openssl/ssl/s2_clnt.c
index 00ac158..03b6cf9 100644 (file)
--- a/deps/openssl/openssl/ssl/s2_clnt.c
+++ b/deps/openssl/openssl/ssl/s2_clnt.c
@@ -359,12 +359,14 @@ static int get_server_hello(SSL *s)
                                        SSL_R_PEER_ERROR);
                        return(-1);
                        }
-#ifdef __APPLE_CC__
-               /* The Rhapsody 5.5 (a.k.a. MacOS X) compiler bug
-                * workaround. <appro@fy.chalmers.se> */
-               s->hit=(i=*(p++))?1:0;
-#else
+#if 0
                s->hit=(*(p++))?1:0;
+               /* Some [PPC?] compilers fail to increment p in above
+                  statement, e.g. one provided with Rhapsody 5.5, but
+                  most recent example XL C 11.1 for AIX, even without
+                  optimization flag... */
+#else
+               s->hit=(*p)?1:0; p++;
 #endif
                s->s2->tmp.cert_type= *(p++);
                n2s(p,i);
@@ -937,7 +939,7 @@ static int get_server_verify(SSL *s)
                s->msg_callback(0, s->version, 0, p, len, s, s->msg_callback_arg); /* SERVER-VERIFY */
        p += 1;
 
-       if (memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
+       if (CRYPTO_memcmp(p,s->s2->challenge,s->s2->challenge_length) != 0)
                {
                ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
                SSLerr(SSL_F_GET_SERVER_VERIFY,SSL_R_CHALLENGE_IS_DIFFERENT);

diff --git a/deps/openssl/openssl/ssl/s2_pkt.c b/deps/openssl/openssl/ssl/s2_pkt.c
index ac963b2..8bb6ab8 100644 (file)
--- a/deps/openssl/openssl/ssl/s2_pkt.c
+++ b/deps/openssl/openssl/ssl/s2_pkt.c
@@ -269,8 +269,7 @@ static int ssl2_read_internal(SSL *s, void *buf, int len, int peek)
                        s->s2->ract_data_length-=mac_size;
                        ssl2_mac(s,mac,0);
                        s->s2->ract_data_length-=s->s2->padding;
-                       if (    (memcmp(mac,s->s2->mac_data,
-                               (unsigned int)mac_size) != 0) ||
+                       if (    (CRYPTO_memcmp(mac,s->s2->mac_data,mac_size) != 0) ||
                                (s->s2->rlength%EVP_CIPHER_CTX_block_size(s->enc_read_ctx) != 0))
                                {
                                SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_BAD_MAC_DECODE);

diff --git a/deps/openssl/openssl/ssl/s2_srvr.c b/deps/openssl/openssl/ssl/s2_srvr.c
index bc885e8..2cba426 100644 (file)
--- a/deps/openssl/openssl/ssl/s2_srvr.c
+++ b/deps/openssl/openssl/ssl/s2_srvr.c
@@ -1059,10 +1059,12 @@ static int request_certificate(SSL *s)
                EVP_PKEY *pkey=NULL;
 
                EVP_MD_CTX_init(&ctx);
-               EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL);
-               EVP_VerifyUpdate(&ctx,s->s2->key_material,
-                                s->s2->key_material_length);
-               EVP_VerifyUpdate(&ctx,ccd,SSL2_MIN_CERT_CHALLENGE_LENGTH);
+               if (!EVP_VerifyInit_ex(&ctx,s->ctx->rsa_md5, NULL)
+                   || !EVP_VerifyUpdate(&ctx,s->s2->key_material,
+                                        s->s2->key_material_length)
+                   || !EVP_VerifyUpdate(&ctx,ccd,
+                                        SSL2_MIN_CERT_CHALLENGE_LENGTH))
+                       goto msg_end;
 
                i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,NULL);
                buf2=OPENSSL_malloc((unsigned int)i);
@@ -1073,7 +1075,11 @@ static int request_certificate(SSL *s)
                        }
                p2=buf2;
                i=i2d_X509(s->cert->pkeys[SSL_PKEY_RSA_ENC].x509,&p2);
-               EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i);
+               if (!EVP_VerifyUpdate(&ctx,buf2,(unsigned int)i))
+                       {
+                       OPENSSL_free(buf2);
+                       goto msg_end;
+                       }
                OPENSSL_free(buf2);
 
                pkey=X509_get_pubkey(x509);

diff --git a/deps/openssl/openssl/ssl/s3_both.c b/deps/openssl/openssl/ssl/s3_both.c
index 508e390..ead01c8 100644 (file)
--- a/deps/openssl/openssl/ssl/s3_both.c
+++ b/deps/openssl/openssl/ssl/s3_both.c
@@ -233,7 +233,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
 
 #ifdef OPENSSL_NO_NEXTPROTONEG
        /* the mac has already been generated when we received the
-        * change cipher spec message and is in s->s3->tmp.peer_finish_md
+        * change cipher spec message and is in s->s3->tmp.peer_finish_md.
         */ 
 #endif
 
@@ -265,7 +265,7 @@ int ssl3_get_finished(SSL *s, int a, int b)
                goto f_err;
                }
 
-       if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
+       if (CRYPTO_memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
                {
                al=SSL_AD_DECRYPT_ERROR;
                SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
@@ -347,11 +347,8 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
        unsigned long l=7;
        BUF_MEM *buf;
        int no_chain;
-       STACK_OF(X509) *cert_chain;
 
-       cert_chain = SSL_get_certificate_chain(s, x);
-
-       if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs || cert_chain)
+       if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
                no_chain = 1;
        else
                no_chain = 0;
@@ -403,10 +400,6 @@ unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
                        return(0);
                }
 
-       for (i=0; i<sk_X509_num(cert_chain); i++)
-               if (ssl3_add_cert_to_buf(buf, &l, sk_X509_value(cert_chain,i)))
-                       return(0);
-
        l-=7;
        p=(unsigned char *)&(buf->data[4]);
        l2n3(l,p);
@@ -756,20 +749,13 @@ int ssl3_setup_read_buffer(SSL *s)
 
        if (s->s3->rbuf.buf == NULL)
                {
-               if (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS)
-                       {
-                       len = SSL3_RT_DEFAULT_PACKET_SIZE;
-                       }
-               else
+               len = SSL3_RT_MAX_PLAIN_LENGTH
+                       + SSL3_RT_MAX_ENCRYPTED_OVERHEAD
+                       + headerlen + align;
+               if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
                        {
-                       len = SSL3_RT_MAX_PLAIN_LENGTH
-                               + SSL3_RT_MAX_ENCRYPTED_OVERHEAD
-                               + headerlen + align;
-                       if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
-                               {
-                               s->s3->init_extra = 1;
-                               len += SSL3_RT_MAX_EXTRA;
-                               }
+                       s->s3->init_extra = 1;
+                       len += SSL3_RT_MAX_EXTRA;
                        }
 #ifndef OPENSSL_NO_COMP
                if (!(s->options & SSL_OP_NO_COMPRESSION))
@@ -805,15 +791,7 @@ int ssl3_setup_write_buffer(SSL *s)
 
        if (s->s3->wbuf.buf == NULL)
                {
-               if (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS)
-                       {
-                       len = SSL3_RT_DEFAULT_PACKET_SIZE;
-                       }
-               else
-                       {
-                       len = s->max_send_fragment;
-                       }
-               len += 0
+               len = s->max_send_fragment
                        + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
                        + headerlen + align;
 #ifndef OPENSSL_NO_COMP
@@ -823,6 +801,7 @@ int ssl3_setup_write_buffer(SSL *s)
                if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
                        len += headerlen + align
                                + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
+
                if ((p=freelist_extract(s->ctx, 0, len)) == NULL)
                        goto err;
                s->s3->wbuf.buf = p;
@@ -865,3 +844,4 @@ int ssl3_release_read_buffer(SSL *s)
                }
        return 1;
        }
+

diff --git a/deps/openssl/openssl/ssl/s3_clnt.c b/deps/openssl/openssl/ssl/s3_clnt.c
index 04d6e5b..344e2eb 100644 (file)
--- a/deps/openssl/openssl/ssl/s3_clnt.c
+++ b/deps/openssl/openssl/ssl/s3_clnt.c
@@ -156,6 +156,9 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #include <openssl/md5.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
@@ -199,16 +202,16 @@ int ssl3_connect(SSL *s)
        
        s->in_handshake++;
        if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
-#if 0  /* Send app data in separate packet, otherwise, some particular site
-        * (only one site so far) closes the socket.
-        * Note: there is a very small chance that two TCP packets
-        * could be arriving at server combined into a single TCP packet,
-        * then trigger that site to break. We haven't encounter that though.
+
+#ifndef OPENSSL_NO_HEARTBEATS
+       /* If we're awaiting a HeartbeatResponse, pretend we
+        * already got and don't await it anymore, because
+        * Heartbeats don't make sense during handshakes anyway.
         */
-       if (SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH)
+       if (s->tlsext_hb_pending)
                {
-               /* Send app data along with CCS/Finished */
-               s->s3->flags |= SSL3_FLAGS_DELAY_CLIENT_FINISHED;
+               s->tlsext_hb_pending = 0;
+               s->tlsext_hb_seq++;
                }
 #endif
 
@@ -219,7 +222,7 @@ int ssl3_connect(SSL *s)
                switch(s->state)
                        {
                case SSL_ST_RENEGOTIATE:
-                       s->new_session=1;
+                       s->renegotiate=1;
                        s->state=SSL_ST_CONNECT;
                        s->ctx->stats.sess_connect_renegotiate++;
                        /* break */
@@ -292,7 +295,16 @@ int ssl3_connect(SSL *s)
                        if (ret <= 0) goto end;
 
                        if (s->hit)
+                               {
                                s->state=SSL3_ST_CR_FINISHED_A;
+#ifndef OPENSSL_NO_TLSEXT
+                               if (s->tlsext_ticket_expected)
+                                       {
+                                       /* receive renewed session ticket */
+                                       s->state=SSL3_ST_CR_SESSION_TICKET_A;
+                                       }
+#endif
+                               }
                        else
                                s->state=SSL3_ST_CR_CERT_A;
                        s->init_num=0;
@@ -370,6 +382,17 @@ int ssl3_connect(SSL *s)
                case SSL3_ST_CR_SRVR_DONE_B:
                        ret=ssl3_get_server_done(s);
                        if (ret <= 0) goto end;
+#ifndef OPENSSL_NO_SRP
+                       if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP)
+                               {
+                               if ((ret = SRP_Calc_A_param(s))<=0)
+                                       {
+                                       SSLerr(SSL_F_SSL3_CONNECT,SSL_R_SRP_A_CALC);
+                                       ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_INTERNAL_ERROR);
+                                       goto end;
+                                       }
+                               }
+#endif
                        if (s->s3->tmp.cert_req)
                                s->state=SSL3_ST_CW_CERT_A;
                        else
@@ -439,12 +462,11 @@ int ssl3_connect(SSL *s)
 #if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
                        s->state=SSL3_ST_CW_FINISHED_A;
 #else
-                       if (s->next_proto_negotiated)
+                       if (s->s3->next_proto_neg_seen)
                                s->state=SSL3_ST_CW_NEXT_PROTO_A;
                        else
                                s->state=SSL3_ST_CW_FINISHED_A;
 #endif
-
                        s->init_num=0;
 
                        s->session->cipher=s->s3->tmp.new_cipher;
@@ -504,31 +526,14 @@ int ssl3_connect(SSL *s)
                                }
                        else
                                {
-                               if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && SSL_get_cipher_bits(s, NULL) >= 128
-                                   && s->s3->previous_server_finished_len == 0 /* no cutthrough on renegotiation (would complicate the state machine) */
-                                  )
-                                       {
-                                       if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
-                                               {
-                                               s->state=SSL3_ST_CUTTHROUGH_COMPLETE;
-                                               s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
-                                               s->s3->delay_buf_pop_ret=0;
-                                               }
-                                       else
-                                               {
-                                               s->s3->tmp.next_state=SSL3_ST_CUTTHROUGH_COMPLETE;
-                                               }
-                                       }
-                               else
-                                       {
 #ifndef OPENSSL_NO_TLSEXT
-                                       /* Allow NewSessionTicket if ticket expected */
-                                       if (s->tlsext_ticket_expected)
-                                               s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
-                                       else
+                               /* Allow NewSessionTicket if ticket expected */
+                               if (s->tlsext_ticket_expected)
+                                       s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
+                               else
 #endif
-                                               s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
-                                       }
+                               
+                               s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
                                }
                        s->init_num=0;
                        break;
@@ -576,24 +581,6 @@ int ssl3_connect(SSL *s)
                        s->state=s->s3->tmp.next_state;
                        break;
 
-               case SSL3_ST_CUTTHROUGH_COMPLETE:
-#ifndef OPENSSL_NO_TLSEXT
-                       /* Allow NewSessionTicket if ticket expected */
-                       if (s->tlsext_ticket_expected)
-                               s->state=SSL3_ST_CR_SESSION_TICKET_A;
-                       else
-#endif
-                               s->state=SSL3_ST_CR_FINISHED_A;
-
-                       /* SSL_write() will take care of flushing buffered data if
-                        * DELAY_CLIENT_FINISHED is set.
-                        */
-                       if (!(s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED))
-                               ssl_free_wbio_buffer(s);
-                       ret = 1;
-                       goto end;
-                       /* break; */
-
                case SSL_ST_OK:
                        /* clean a few things up */
                        ssl3_cleanup_key_block(s);
@@ -611,6 +598,7 @@ int ssl3_connect(SSL *s)
                        /* else do it later in ssl3_write */
 
                        s->init_num=0;
+                       s->renegotiate=0;
                        s->new_session=0;
 
                        ssl_update_cache(s,SSL_SESS_CACHE_CLIENT);
@@ -686,12 +674,6 @@ int ssl3_client_hello(SSL *s)
 #endif
                        (sess->not_resumable))
                        {
-                       if (!s->session_creation_enabled)
-                               {
-                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-                               SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-                               goto err;
-                               }
                        if (!ssl_get_new_session(s,0))
                                goto err;
                        }
@@ -706,9 +688,43 @@ int ssl3_client_hello(SSL *s)
                /* Do the message type and length last */
                d=p= &(buf[4]);
 
+               /* version indicates the negotiated version: for example from
+                * an SSLv2/v3 compatible client hello). The client_version
+                * field is the maximum version we permit and it is also
+                * used in RSA encrypted premaster secrets. Some servers can
+                * choke if we initially report a higher version then
+                * renegotiate to a lower one in the premaster secret. This
+                * didn't happen with TLS 1.0 as most servers supported it
+                * but it can with TLS 1.1 or later if the server only supports
+                * 1.0.
+                *
+                * Possible scenario with previous logic:
+                *      1. Client hello indicates TLS 1.2
+                *      2. Server hello says TLS 1.0
+                *      3. RSA encrypted premaster secret uses 1.2.
+                *      4. Handhaked proceeds using TLS 1.0.
+                *      5. Server sends hello request to renegotiate.
+                *      6. Client hello indicates TLS v1.0 as we now
+                *         know that is maximum server supports.
+                *      7. Server chokes on RSA encrypted premaster secret
+                *         containing version 1.0.
+                *
+                * For interoperability it should be OK to always use the
+                * maximum version we support in client hello and then rely
+                * on the checking of version to ensure the servers isn't
+                * being inconsistent: for example initially negotiating with
+                * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
+                * client_version in client hello and not resetting it to
+                * the negotiated version.
+                */
+#if 0
                *(p++)=s->version>>8;
                *(p++)=s->version&0xff;
                s->client_version=s->version;
+#else
+               *(p++)=s->client_version>>8;
+               *(p++)=s->client_version&0xff;
+#endif
 
                /* Random stuff */
                memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE);
@@ -738,6 +754,15 @@ int ssl3_client_hello(SSL *s)
                        SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE);
                        goto err;
                        }
+#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
+                       /* Some servers hang if client hello > 256 bytes
+                        * as hack workaround chop number of supported ciphers
+                        * to keep it well below this if we use TLS v1.2
+                        */
+                       if (TLS1_get_version(s) >= TLS1_2_VERSION
+                               && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH)
+                               i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
+#endif
                s2n(i,p);
                p+=i;
 
@@ -900,12 +925,6 @@ int ssl3_get_server_hello(SSL *s)
                s->hit=0;
                if (s->session->session_id_length > 0)
                        {
-                       if (!s->session_creation_enabled)
-                               {
-                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-                               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-                               goto err;
-                               }
                        if (!ssl_get_new_session(s,0))
                                {
                                al=SSL_AD_INTERNAL_ERROR;
@@ -924,6 +943,14 @@ int ssl3_get_server_hello(SSL *s)
                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNKNOWN_CIPHER_RETURNED);
                goto f_err;
                }
+       /* TLS v1.2 only ciphersuites require v1.2 or later */
+       if ((c->algorithm_ssl & SSL_TLSV1_2) && 
+               (TLS1_get_version(s) < TLS1_2_VERSION))
+               {
+               al=SSL_AD_ILLEGAL_PARAMETER;
+               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_WRONG_CIPHER_RETURNED);
+               goto f_err;
+               }
        p+=ssl_put_cipher_by_char(s,NULL,NULL);
 
        sk=ssl_get_ciphers_by_id(s);
@@ -955,9 +982,14 @@ int ssl3_get_server_hello(SSL *s)
                        }
                }
        s->s3->tmp.new_cipher=c;
-       if (!ssl3_digest_cached_records(s))
+       /* Don't digest cached records if TLS v1.2: we may need them for
+        * client authentication.
+        */
+       if (TLS1_get_version(s) < TLS1_2_VERSION && !ssl3_digest_cached_records(s))
+               {
+               al = SSL_AD_INTERNAL_ERROR;
                goto f_err;
-
+               }
        /* lets get the compression algorithm */
        /* COMPRESSION */
 #ifdef OPENSSL_NO_COMP
@@ -1236,6 +1268,7 @@ int ssl3_get_key_exchange(SSL *s)
        int al,i,j,param_len,ok;
        long n,alg_k,alg_a;
        EVP_PKEY *pkey=NULL;
+       const EVP_MD *md = NULL;
 #ifndef OPENSSL_NO_RSA
        RSA *rsa=NULL;
 #endif
@@ -1359,6 +1392,86 @@ int ssl3_get_key_exchange(SSL *s)
                }
        else
 #endif /* !OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+       if (alg_k & SSL_kSRP)
+               {
+               n2s(p,i);
+               param_len=i+2;
+               if (param_len > n)
+                       {
+                       al=SSL_AD_DECODE_ERROR;
+                       SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_N_LENGTH);
+                       goto f_err;
+                       }
+               if (!(s->srp_ctx.N=BN_bin2bn(p,i,NULL)))
+                       {
+                       SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+                       goto err;
+                       }
+               p+=i;
+
+               n2s(p,i);
+               param_len+=i+2;
+               if (param_len > n)
+                       {
+                       al=SSL_AD_DECODE_ERROR;
+                       SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_G_LENGTH);
+                       goto f_err;
+                       }
+               if (!(s->srp_ctx.g=BN_bin2bn(p,i,NULL)))
+                       {
+                       SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+                       goto err;
+                       }
+               p+=i;
+
+               i = (unsigned int)(p[0]);
+               p++;
+               param_len+=i+1;
+               if (param_len > n)
+                       {
+                       al=SSL_AD_DECODE_ERROR;
+                       SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_S_LENGTH);
+                       goto f_err;
+                       }
+               if (!(s->srp_ctx.s=BN_bin2bn(p,i,NULL)))
+                       {
+                       SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+                       goto err;
+                       }
+               p+=i;
+
+               n2s(p,i);
+               param_len+=i+2;
+               if (param_len > n)
+                       {
+                       al=SSL_AD_DECODE_ERROR;
+                       SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SRP_B_LENGTH);
+                       goto f_err;
+                       }
+               if (!(s->srp_ctx.B=BN_bin2bn(p,i,NULL)))
+                       {
+                       SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_BN_LIB);
+                       goto err;
+                       }
+               p+=i;
+               n-=param_len;
+
+/* We must check if there is a certificate */
+#ifndef OPENSSL_NO_RSA
+               if (alg_a & SSL_aRSA)
+                       pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+#else
+               if (0)
+                       ;
+#endif
+#ifndef OPENSSL_NO_DSA
+               else if (alg_a & SSL_aDSS)
+                       pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509);
+#endif
+               }
+       else
+#endif /* !OPENSSL_NO_SRP */
 #ifndef OPENSSL_NO_RSA
        if (alg_k & SSL_kRSA)
                {
@@ -1606,6 +1719,38 @@ int ssl3_get_key_exchange(SSL *s)
        /* if it was signed, check the signature */
        if (pkey != NULL)
                {
+               if (TLS1_get_version(s) >= TLS1_2_VERSION)
+                       {
+                       int sigalg = tls12_get_sigid(pkey);
+                       /* Should never happen */
+                       if (sigalg == -1)
+                               {
+                               SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                               goto err;
+                               }
+                       /* Check key type is consistent with signature */
+                       if (sigalg != (int)p[1])
+                               {
+                               SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_TYPE);
+                               al=SSL_AD_DECODE_ERROR;
+                               goto f_err;
+                               }
+                       md = tls12_get_hash(p[0]);
+                       if (md == NULL)
+                               {
+                               SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNKNOWN_DIGEST);
+                               al=SSL_AD_DECODE_ERROR;
+                               goto f_err;
+                               }
+#ifdef SSL_DEBUG
+fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
+#endif
+                       p += 2;
+                       n -= 2;
+                       }
+               else
+                       md = EVP_sha1();
+                       
                n2s(p,i);
                n-=2;
                j=EVP_PKEY_size(pkey);
@@ -1619,7 +1764,7 @@ int ssl3_get_key_exchange(SSL *s)
                        }
 
 #ifndef OPENSSL_NO_RSA
-               if (pkey->type == EVP_PKEY_RSA)
+               if (pkey->type == EVP_PKEY_RSA && TLS1_get_version(s) < TLS1_2_VERSION)
                        {
                        int num;
 
@@ -1627,6 +1772,8 @@ int ssl3_get_key_exchange(SSL *s)
                        q=md_buf;
                        for (num=2; num > 0; num--)
                                {
+                               EVP_MD_CTX_set_flags(&md_ctx,
+                                       EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
                                EVP_DigestInit_ex(&md_ctx,(num == 2)
                                        ?s->ctx->md5:s->ctx->sha1, NULL);
                                EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
@@ -1654,29 +1801,8 @@ int ssl3_get_key_exchange(SSL *s)
                        }
                else
 #endif
-#ifndef OPENSSL_NO_DSA
-                       if (pkey->type == EVP_PKEY_DSA)
-                       {
-                       /* lets do DSS */
-                       EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL);
-                       EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-                       EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-                       EVP_VerifyUpdate(&md_ctx,param,param_len);
-                       if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
-                               {
-                               /* bad signature */
-                               al=SSL_AD_DECRYPT_ERROR;
-                               SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_SIGNATURE);
-                               goto f_err;
-                               }
-                       }
-               else
-#endif
-#ifndef OPENSSL_NO_ECDSA
-                       if (pkey->type == EVP_PKEY_EC)
                        {
-                       /* let's do ECDSA */
-                       EVP_VerifyInit_ex(&md_ctx,EVP_ecdsa(), NULL);
+                       EVP_VerifyInit_ex(&md_ctx, md, NULL);
                        EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
                        EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
                        EVP_VerifyUpdate(&md_ctx,param,param_len);
@@ -1688,12 +1814,6 @@ int ssl3_get_key_exchange(SSL *s)
                                goto f_err;
                                }
                        }
-               else
-#endif
-                       {
-                       SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
-                       goto err;
-                       }
                }
        else
                {
@@ -1740,7 +1860,7 @@ int ssl3_get_certificate_request(SSL *s)
        {
        int ok,ret=0;
        unsigned long n,nc,l;
-       unsigned int llen,ctype_num,i;
+       unsigned int llen, ctype_num,i;
        X509_NAME *xn=NULL;
        const unsigned char *p,*q;
        unsigned char *d;
@@ -1760,6 +1880,14 @@ int ssl3_get_certificate_request(SSL *s)
        if (s->s3->tmp.message_type == SSL3_MT_SERVER_DONE)
                {
                s->s3->tmp.reuse_message=1;
+               /* If we get here we don't need any cached handshake records
+                * as we wont be doing client auth.
+                */
+               if (s->s3->handshake_buffer)
+                       {
+                       if (!ssl3_digest_cached_records(s))
+                               goto err;
+                       }
                return(1);
                }
 
@@ -1796,6 +1924,26 @@ int ssl3_get_certificate_request(SSL *s)
        for (i=0; i<ctype_num; i++)
                s->s3->tmp.ctype[i]= p[i];
        p+=ctype_num;
+       if (TLS1_get_version(s) >= TLS1_2_VERSION)
+               {
+               n2s(p, llen);
+               /* Check we have enough room for signature algorithms and
+                * following length value.
+                */
+               if ((unsigned long)(p - d + llen + 2) > n)
+                       {
+                       ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+                       SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_DATA_LENGTH_TOO_LONG);
+                       goto err;
+                       }
+               if ((llen & 1) || !tls1_process_sigalgs(s, p, llen))
+                       {
+                       ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+                       SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_SIGNATURE_ALGORITHMS_ERROR);
+                       goto err;
+                       }
+               p += llen;
+               }
 
        /* get the CA RDNs */
        n2s(p,llen);
@@ -1808,7 +1956,7 @@ fclose(out);
 }
 #endif
 
-       if ((llen+ctype_num+2+1) != n)
+       if ((unsigned long)(p - d + llen) != n)
                {
                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
                SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_LENGTH_MISMATCH);
@@ -2630,6 +2778,39 @@ int ssl3_send_client_key_exchange(SSL *s)
                        EVP_PKEY_free(pub_key);
 
                        }
+#ifndef OPENSSL_NO_SRP
+               else if (alg_k & SSL_kSRP)
+                       {
+                       if (s->srp_ctx.A != NULL)
+                               {
+                               /* send off the data */
+                               n=BN_num_bytes(s->srp_ctx.A);
+                               s2n(n,p);
+                               BN_bn2bin(s->srp_ctx.A,p);
+                               n+=2;
+                               }
+                       else
+                               {
+                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                               goto err;
+                               }
+                       if (s->session->srp_username != NULL)
+                               OPENSSL_free(s->session->srp_username);
+                       s->session->srp_username = BUF_strdup(s->srp_ctx.login);
+                       if (s->session->srp_username == NULL)
+                               {
+                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,
+                                       ERR_R_MALLOC_FAILURE);
+                               goto err;
+                               }
+
+                       if ((s->session->master_key_length = SRP_generate_client_master_secret(s,s->session->master_key))<0)
+                               {
+                               SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                               goto err;
+                               }
+                       }
+#endif
 #ifndef OPENSSL_NO_PSK
                else if (alg_k & SSL_kPSK)
                        {
@@ -2749,12 +2930,13 @@ int ssl3_send_client_verify(SSL *s)
        unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH];
        EVP_PKEY *pkey;
        EVP_PKEY_CTX *pctx=NULL;
-#ifndef OPENSSL_NO_RSA
+       EVP_MD_CTX mctx;
        unsigned u=0;
-#endif
        unsigned long n;
        int j;
 
+       EVP_MD_CTX_init(&mctx);
+
        if (s->state == SSL3_ST_CW_CERT_VRFY_A)
                {
                d=(unsigned char *)s->init_buf->data;
@@ -2765,7 +2947,8 @@ int ssl3_send_client_verify(SSL *s)
                EVP_PKEY_sign_init(pctx);
                if (EVP_PKEY_CTX_set_signature_md(pctx, EVP_sha1())>0)
                        {
-                       s->method->ssl3_enc->cert_verify_mac(s,
+                       if (TLS1_get_version(s) < TLS1_2_VERSION)
+                               s->method->ssl3_enc->cert_verify_mac(s,
                                                NID_sha1,
                                                &(data[MD5_DIGEST_LENGTH]));
                        }
@@ -2773,6 +2956,41 @@ int ssl3_send_client_verify(SSL *s)
                        {
                        ERR_clear_error();
                        }
+               /* For TLS v1.2 send signature algorithm and signature
+                * using agreed digest and cached handshake records.
+                */
+               if (TLS1_get_version(s) >= TLS1_2_VERSION)
+                       {
+                       long hdatalen = 0;
+                       void *hdata;
+                       const EVP_MD *md = s->cert->key->digest;
+                       hdatalen = BIO_get_mem_data(s->s3->handshake_buffer,
+                                                               &hdata);
+                       if (hdatalen <= 0 || !tls12_get_sigandhash(p, pkey, md))
+                               {
+                               SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
+                                               ERR_R_INTERNAL_ERROR);
+                               goto err;
+                               }
+                       p += 2;
+#ifdef SSL_DEBUG
+                       fprintf(stderr, "Using TLS 1.2 with client alg %s\n",
+                                                       EVP_MD_name(md));
+#endif
+                       if (!EVP_SignInit_ex(&mctx, md, NULL)
+                               || !EVP_SignUpdate(&mctx, hdata, hdatalen)
+                               || !EVP_SignFinal(&mctx, p + 2, &u, pkey))
+                               {
+                               SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,
+                                               ERR_R_EVP_LIB);
+                               goto err;
+                               }
+                       s2n(u,p);
+                       n = u + 4;
+                       if (!ssl3_digest_cached_records(s))
+                               goto err;
+                       }
+               else
 #ifndef OPENSSL_NO_RSA
                if (pkey->type == EVP_PKEY_RSA)
                        {
@@ -2855,9 +3073,11 @@ int ssl3_send_client_verify(SSL *s)
                s->init_num=(int)n+4;
                s->init_off=0;
                }
+       EVP_MD_CTX_cleanup(&mctx);
        EVP_PKEY_CTX_free(pctx);
        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
 err:
+       EVP_MD_CTX_cleanup(&mctx);
        EVP_PKEY_CTX_free(pctx);
        return(-1);
        }
@@ -2981,7 +3201,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
        if (idx == SSL_PKEY_ECC)
                {
                if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,
-                   s->s3->tmp.new_cipher) == 0) 
+                                                               s) == 0) 
                        { /* check failed */
                        SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);
                        goto f_err;
@@ -3077,13 +3297,7 @@ err:
        return(0);
        }
 
-/* Check to see if handshake is full or resumed. Usually this is just a
- * case of checking to see if a cache hit has occurred. In the case of
- * session tickets we have to check the next message to be sure.
- */
-
-#ifndef OPENSSL_NO_TLSEXT
-# ifndef OPENSSL_NO_NEXTPROTONEG
+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
 int ssl3_send_next_proto(SSL *s)
        {
        unsigned int len, padding_len;
@@ -3106,9 +3320,15 @@ int ssl3_send_next_proto(SSL *s)
                }
 
        return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
-       }
-# endif
+}
+#endif  /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
 
+/* Check to see if handshake is full or resumed. Usually this is just a
+ * case of checking to see if a cache hit has occurred. In the case of
+ * session tickets we have to check the next message to be sure.
+ */
+
+#ifndef OPENSSL_NO_TLSEXT
 int ssl3_check_finished(SSL *s)
        {
        int ok;

diff --git a/deps/openssl/openssl/ssl/s3_enc.c b/deps/openssl/openssl/ssl/s3_enc.c
index b145970..e3cd4f0 100644 (file)
--- a/deps/openssl/openssl/ssl/s3_enc.c
+++ b/deps/openssl/openssl/ssl/s3_enc.c
@@ -170,6 +170,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 #endif
        k=0;
        EVP_MD_CTX_init(&m5);
+       EVP_MD_CTX_set_flags(&m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
        EVP_MD_CTX_init(&s1);
        for (i=0; (int)i<num; i+=MD5_DIGEST_LENGTH)
                {
@@ -465,12 +466,21 @@ void ssl3_cleanup_key_block(SSL *s)
        s->s3->tmp.key_block_length=0;
        }
 
+/* ssl3_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding is invalid or, if sending, an internal error
+ *       occured.
+ */
 int ssl3_enc(SSL *s, int send)
        {
        SSL3_RECORD *rec;
        EVP_CIPHER_CTX *ds;
        unsigned long l;
-       int bs,i;
+       int bs,i,mac_size=0;
        const EVP_CIPHER *enc;
 
        if (send)
@@ -521,32 +531,16 @@ int ssl3_enc(SSL *s, int send)
                if (!send)
                        {
                        if (l == 0 || l%bs != 0)
-                               {
-                               SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
                                return 0;
-                               }
                        /* otherwise, rec->length >= bs */
                        }
                
                EVP_Cipher(ds,rec->data,rec->input,l);
 
+               if (EVP_MD_CTX_md(s->read_hash) != NULL)
+                       mac_size = EVP_MD_CTX_size(s->read_hash);
                if ((bs != 1) && !send)
-                       {
-                       i=rec->data[l-1]+1;
-                       /* SSL 3.0 bounds the number of padding bytes by the block size;
-                        * padding bytes (except the last one) are arbitrary */
-                       if (i > bs)
-                               {
-                               /* Incorrect padding. SSLerr() and ssl3_alert are done
-                                * by caller: we don't want to reveal whether this is
-                                * a decryption error or a MAC verification failure
-                                * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
-                               return -1;
-                               }
-                       /* now i <= bs <= rec->length */
-                       rec->length-=i;
-                       }
+                       return ssl3_cbc_remove_padding(s, rec, bs, mac_size);
                }
        return(1);
        }
@@ -571,12 +565,12 @@ void ssl3_free_digest_list(SSL *s)
        OPENSSL_free(s->s3->handshake_dgst);
        s->s3->handshake_dgst=NULL;
        }       
-               
+
 
 
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len)
        {
-       if (s->s3->handshake_buffer) 
+       if (s->s3->handshake_buffer && !(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE)) 
                {
                BIO_write (s->s3->handshake_buffer,(void *)buf,len);
                } 
@@ -613,9 +607,16 @@ int ssl3_digest_cached_records(SSL *s)
        /* Loop through bitso of algorithm2 field and create MD_CTX-es */
        for (i=0;ssl_get_handshake_digest(i,&mask,&md); i++) 
                {
-               if ((mask & s->s3->tmp.new_cipher->algorithm2) && md) 
+               if ((mask & ssl_get_algorithm2(s)) && md) 
                        {
                        s->s3->handshake_dgst[i]=EVP_MD_CTX_create();
+#ifdef OPENSSL_FIPS
+                       if (EVP_MD_nid(md) == NID_md5)
+                               {
+                               EVP_MD_CTX_set_flags(s->s3->handshake_dgst[i],
+                                               EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+                               }
+#endif
                        EVP_DigestInit_ex(s->s3->handshake_dgst[i],md,NULL);
                        EVP_DigestUpdate(s->s3->handshake_dgst[i],hdata,hdatalen);
                        } 
@@ -624,9 +625,12 @@ int ssl3_digest_cached_records(SSL *s)
                        s->s3->handshake_dgst[i]=NULL;
                        }
                }
-       /* Free handshake_buffer BIO */
-       BIO_free(s->s3->handshake_buffer);
-       s->s3->handshake_buffer = NULL;
+       if (!(s->s3->flags & TLS1_FLAGS_KEEP_HANDSHAKE))
+               {
+               /* Free handshake_buffer BIO */
+               BIO_free(s->s3->handshake_buffer);
+               s->s3->handshake_buffer = NULL;
+               }
 
        return 1;
        }
@@ -672,6 +676,7 @@ static int ssl3_handshake_mac(SSL *s, int md_nid,
                return 0;
        }       
        EVP_MD_CTX_init(&ctx);
+       EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
        EVP_MD_CTX_copy_ex(&ctx,d);
        n=EVP_MD_CTX_size(&ctx);
        if (n < 0)
@@ -704,7 +709,7 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
        EVP_MD_CTX md_ctx;
        const EVP_MD_CTX *hash;
        unsigned char *p,rec_char;
-       unsigned int md_size;
+       size_t md_size, orig_len;
        int npad;
        int t;
 
@@ -729,28 +734,72 @@ int n_ssl3_mac(SSL *ssl, unsigned char *md, int send)
        md_size=t;
        npad=(48/md_size)*md_size;
 
-       /* Chop the digest off the end :-) */
-       EVP_MD_CTX_init(&md_ctx);
-
-       EVP_MD_CTX_copy_ex( &md_ctx,hash);
-       EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
-       EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
-       EVP_DigestUpdate(&md_ctx,seq,8);
-       rec_char=rec->type;
-       EVP_DigestUpdate(&md_ctx,&rec_char,1);
-       p=md;
-       s2n(rec->length,p);
-       EVP_DigestUpdate(&md_ctx,md,2);
-       EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
-       EVP_DigestFinal_ex( &md_ctx,md,NULL);
-
-       EVP_MD_CTX_copy_ex( &md_ctx,hash);
-       EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
-       EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
-       EVP_DigestUpdate(&md_ctx,md,md_size);
-       EVP_DigestFinal_ex( &md_ctx,md,&md_size);
-
-       EVP_MD_CTX_cleanup(&md_ctx);
+       /* kludge: ssl3_cbc_remove_padding passes padding length in rec->type */
+       orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
+       rec->type &= 0xff;
+
+       if (!send &&
+           EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+           ssl3_cbc_record_digest_supported(hash))
+               {
+               /* This is a CBC-encrypted record. We must avoid leaking any
+                * timing-side channel information about how many blocks of
+                * data we are hashing because that gives an attacker a
+                * timing-oracle. */
+
+               /* npad is, at most, 48 bytes and that's with MD5:
+                *   16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
+                *
+                * With SHA-1 (the largest hash speced for SSLv3) the hash size
+                * goes up 4, but npad goes down by 8, resulting in a smaller
+                * total size. */
+               unsigned char header[75];
+               unsigned j = 0;
+               memcpy(header+j, mac_sec, md_size);
+               j += md_size;
+               memcpy(header+j, ssl3_pad_1, npad);
+               j += npad;
+               memcpy(header+j, seq, 8);
+               j += 8;
+               header[j++] = rec->type;
+               header[j++] = rec->length >> 8;
+               header[j++] = rec->length & 0xff;
+
+               ssl3_cbc_digest_record(
+                       hash,
+                       md, &md_size,
+                       header, rec->input,
+                       rec->length + md_size, orig_len,
+                       mac_sec, md_size,
+                       1 /* is SSLv3 */);
+               }
+       else
+               {
+               unsigned int md_size_u;
+               /* Chop the digest off the end :-) */
+               EVP_MD_CTX_init(&md_ctx);
+
+               EVP_MD_CTX_copy_ex( &md_ctx,hash);
+               EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
+               EVP_DigestUpdate(&md_ctx,ssl3_pad_1,npad);
+               EVP_DigestUpdate(&md_ctx,seq,8);
+               rec_char=rec->type;
+               EVP_DigestUpdate(&md_ctx,&rec_char,1);
+               p=md;
+               s2n(rec->length,p);
+               EVP_DigestUpdate(&md_ctx,md,2);
+               EVP_DigestUpdate(&md_ctx,rec->input,rec->length);
+               EVP_DigestFinal_ex( &md_ctx,md,NULL);
+
+               EVP_MD_CTX_copy_ex( &md_ctx,hash);
+               EVP_DigestUpdate(&md_ctx,mac_sec,md_size);
+               EVP_DigestUpdate(&md_ctx,ssl3_pad_2,npad);
+               EVP_DigestUpdate(&md_ctx,md,md_size);
+               EVP_DigestFinal_ex( &md_ctx,md,&md_size_u);
+               md_size = md_size_u;
+
+               EVP_MD_CTX_cleanup(&md_ctx);
+       }
 
        ssl3_record_sequence_update(seq);
        return(md_size);

diff --git a/deps/openssl/openssl/ssl/s3_lib.c b/deps/openssl/openssl/ssl/s3_lib.c
index 72d3f1f..e7c5dcb 100644 (file)
--- a/deps/openssl/openssl/ssl/s3_lib.c
+++ b/deps/openssl/openssl/ssl/s3_lib.c
@@ -1071,6 +1071,103 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        256,
        },
 
+       /* TLS v1.2 ciphersuites */
+       /* Cipher 3B */
+       {
+       1,
+       TLS1_TXT_RSA_WITH_NULL_SHA256,
+       TLS1_CK_RSA_WITH_NULL_SHA256,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_eNULL,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       0,
+       0,
+       },
+
+       /* Cipher 3C */
+       {
+       1,
+       TLS1_TXT_RSA_WITH_AES_128_SHA256,
+       TLS1_CK_RSA_WITH_AES_128_SHA256,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_AES128,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       128,
+       128,
+       },
+
+       /* Cipher 3D */
+       {
+       1,
+       TLS1_TXT_RSA_WITH_AES_256_SHA256,
+       TLS1_CK_RSA_WITH_AES_256_SHA256,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_AES256,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       256,
+       256,
+       },
+
+       /* Cipher 3E */
+       {
+       0, /* not implemented (non-ephemeral DH) */
+       TLS1_TXT_DH_DSS_WITH_AES_128_SHA256,
+       TLS1_CK_DH_DSS_WITH_AES_128_SHA256,
+       SSL_kDHd,
+       SSL_aDH,
+       SSL_AES128,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       128,
+       128,
+       },
+
+       /* Cipher 3F */
+       {
+       0, /* not implemented (non-ephemeral DH) */
+       TLS1_TXT_DH_RSA_WITH_AES_128_SHA256,
+       TLS1_CK_DH_RSA_WITH_AES_128_SHA256,
+       SSL_kDHr,
+       SSL_aDH,
+       SSL_AES128,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       128,
+       128,
+       },
+
+       /* Cipher 40 */
+       {
+       1,
+       TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
+       TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_AES128,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       128,
+       128,
+       },
+
 #ifndef OPENSSL_NO_CAMELLIA
        /* Camellia ciphersuites from RFC4132 (128-bit portion) */
 
@@ -1287,6 +1384,122 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        128,
        },
 #endif
+
+       /* TLS v1.2 ciphersuites */
+       /* Cipher 67 */
+       {
+       1,
+       TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
+       TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
+       SSL_kEDH,
+       SSL_aRSA,
+       SSL_AES128,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       128,
+       128,
+       },
+
+       /* Cipher 68 */
+       {
+       0, /* not implemented (non-ephemeral DH) */
+       TLS1_TXT_DH_DSS_WITH_AES_256_SHA256,
+       TLS1_CK_DH_DSS_WITH_AES_256_SHA256,
+       SSL_kDHd,
+       SSL_aDH,
+       SSL_AES256,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       256,
+       256,
+       },
+
+       /* Cipher 69 */
+       {
+       0, /* not implemented (non-ephemeral DH) */
+       TLS1_TXT_DH_RSA_WITH_AES_256_SHA256,
+       TLS1_CK_DH_RSA_WITH_AES_256_SHA256,
+       SSL_kDHr,
+       SSL_aDH,
+       SSL_AES256,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       256,
+       256,
+       },
+
+       /* Cipher 6A */
+       {
+       1,
+       TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
+       TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_AES256,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       256,
+       256,
+       },
+
+       /* Cipher 6B */
+       {
+       1,
+       TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
+       TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
+       SSL_kEDH,
+       SSL_aRSA,
+       SSL_AES256,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       256,
+       256,
+       },
+
+       /* Cipher 6C */
+       {
+       1,
+       TLS1_TXT_ADH_WITH_AES_128_SHA256,
+       TLS1_CK_ADH_WITH_AES_128_SHA256,
+       SSL_kEDH,
+       SSL_aNULL,
+       SSL_AES128,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       128,
+       128,
+       },
+
+       /* Cipher 6D */
+       {
+       1,
+       TLS1_TXT_ADH_WITH_AES_256_SHA256,
+       TLS1_CK_ADH_WITH_AES_256_SHA256,
+       SSL_kEDH,
+       SSL_aNULL,
+       SSL_AES256,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       256,
+       256,
+       },
+
+       /* GOST Ciphersuites */
+
        {
        1,
        "GOST94-GOST89-GOST89",
@@ -1610,6 +1823,200 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 
 #endif /* OPENSSL_NO_SEED */
 
+       /* GCM ciphersuites from RFC5288 */
+
+       /* Cipher 9C */
+       {
+       1,
+       TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher 9D */
+       {
+       1,
+       TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
+       SSL_kRSA,
+       SSL_aRSA,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
+       /* Cipher 9E */
+       {
+       1,
+       TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
+       SSL_kEDH,
+       SSL_aRSA,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher 9F */
+       {
+       1,
+       TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
+       SSL_kEDH,
+       SSL_aRSA,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
+       /* Cipher A0 */
+       {
+       0,
+       TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256,
+       SSL_kDHr,
+       SSL_aDH,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher A1 */
+       {
+       0,
+       TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384,
+       SSL_kDHr,
+       SSL_aDH,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
+       /* Cipher A2 */
+       {
+       1,
+       TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher A3 */
+       {
+       1,
+       TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
+       SSL_kEDH,
+       SSL_aDSS,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
+       /* Cipher A4 */
+       {
+       0,
+       TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256,
+       SSL_kDHd,
+       SSL_aDH,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher A5 */
+       {
+       0,
+       TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384,
+       SSL_kDHd,
+       SSL_aDH,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
+       /* Cipher A6 */
+       {
+       1,
+       TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
+       SSL_kEDH,
+       SSL_aNULL,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher A7 */
+       {
+       1,
+       TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
+       SSL_kEDH,
+       SSL_aNULL,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
 #ifndef OPENSSL_NO_ECDH
        /* Cipher C001 */
        {
@@ -1621,7 +2028,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_eNULL,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_STRONG_NONE,
+       SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
@@ -1653,7 +2060,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_3DES,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
@@ -1669,7 +2076,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES128,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
@@ -1685,7 +2092,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES256,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
@@ -1701,7 +2108,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_eNULL,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_STRONG_NONE,
+       SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
@@ -1733,7 +2140,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_3DES,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
@@ -1749,7 +2156,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES128,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
@@ -1765,7 +2172,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES256,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
@@ -1781,7 +2188,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_eNULL,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_STRONG_NONE,
+       SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
@@ -1803,214 +2210,624 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        128,
        },
 
-       /* Cipher C00D */
+       /* Cipher C00D */
+       {
+       1,
+       TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+       TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+       SSL_kECDHr,
+       SSL_aECDH,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       168,
+       168,
+       },
+
+       /* Cipher C00E */
+       {
+       1,
+       TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
+       TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
+       SSL_kECDHr,
+       SSL_aECDH,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       128,
+       128,
+       },
+
+       /* Cipher C00F */
+       {
+       1,
+       TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
+       TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
+       SSL_kECDHr,
+       SSL_aECDH,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       256,
+       256,
+       },
+
+       /* Cipher C010 */
+       {
+       1,
+       TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+       TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
+       SSL_kEECDH,
+       SSL_aRSA,
+       SSL_eNULL,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       0,
+       0,
+       },
+
+       /* Cipher C011 */
+       {
+       1,
+       TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+       TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
+       SSL_kEECDH,
+       SSL_aRSA,
+       SSL_RC4,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_MEDIUM,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       128,
+       128,
+       },
+
+       /* Cipher C012 */
+       {
+       1,
+       TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+       TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+       SSL_kEECDH,
+       SSL_aRSA,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       168,
+       168,
+       },
+
+       /* Cipher C013 */
+       {
+       1,
+       TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+       TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+       SSL_kEECDH,
+       SSL_aRSA,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       128,
+       128,
+       },
+
+       /* Cipher C014 */
+       {
+       1,
+       TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+       TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+       SSL_kEECDH,
+       SSL_aRSA,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       256,
+       256,
+       },
+
+       /* Cipher C015 */
+       {
+       1,
+       TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+       TLS1_CK_ECDH_anon_WITH_NULL_SHA,
+       SSL_kEECDH,
+       SSL_aNULL,
+       SSL_eNULL,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       0,
+       0,
+       },
+
+       /* Cipher C016 */
+       {
+       1,
+       TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+       TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
+       SSL_kEECDH,
+       SSL_aNULL,
+       SSL_RC4,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_MEDIUM,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       128,
+       128,
+       },
+
+       /* Cipher C017 */
+       {
+       1,
+       TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+       TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
+       SSL_kEECDH,
+       SSL_aNULL,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       168,
+       168,
+       },
+
+       /* Cipher C018 */
+       {
+       1,
+       TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+       TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
+       SSL_kEECDH,
+       SSL_aNULL,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       128,
+       128,
+       },
+
+       /* Cipher C019 */
+       {
+       1,
+       TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+       TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
+       SSL_kEECDH,
+       SSL_aNULL,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       256,
+       256,
+       },
+#endif /* OPENSSL_NO_ECDH */
+
+#ifndef OPENSSL_NO_SRP
+       /* Cipher C01A */
+       {
+       1,
+       TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+       TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+       SSL_kSRP,
+       SSL_aNULL,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       168,
+       168,
+       },
+
+       /* Cipher C01B */
+       {
+       1,
+       TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+       TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+       SSL_kSRP,
+       SSL_aRSA,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       168,
+       168,
+       },
+
+       /* Cipher C01C */
+       {
+       1,
+       TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+       TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+       SSL_kSRP,
+       SSL_aDSS,
+       SSL_3DES,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       168,
+       168,
+       },
+
+       /* Cipher C01D */
+       {
+       1,
+       TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
+       TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
+       SSL_kSRP,
+       SSL_aNULL,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       128,
+       128,
+       },
+
+       /* Cipher C01E */
+       {
+       1,
+       TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+       TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+       SSL_kSRP,
+       SSL_aRSA,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       128,
+       128,
+       },
+
+       /* Cipher C01F */
+       {
+       1,
+       TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+       TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+       SSL_kSRP,
+       SSL_aDSS,
+       SSL_AES128,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       128,
+       128,
+       },
+
+       /* Cipher C020 */
+       {
+       1,
+       TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
+       TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
+       SSL_kSRP,
+       SSL_aNULL,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       256,
+       256,
+       },
+
+       /* Cipher C021 */
+       {
+       1,
+       TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+       TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+       SSL_kSRP,
+       SSL_aRSA,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       256,
+       256,
+       },
+
+       /* Cipher C022 */
+       {
+       1,
+       TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+       TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+       SSL_kSRP,
+       SSL_aDSS,
+       SSL_AES256,
+       SSL_SHA1,
+       SSL_TLSV1,
+       SSL_NOT_EXP|SSL_HIGH,
+       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       256,
+       256,
+       },
+#endif  /* OPENSSL_NO_SRP */
+#ifndef OPENSSL_NO_ECDH
+
+       /* HMAC based TLS v1.2 ciphersuites from RFC5289 */
+
+       /* Cipher C023 */
+       {
+       1,
+       TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
+       TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
+       SSL_kEECDH,
+       SSL_aECDSA,
+       SSL_AES128,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
+       },
+
+       /* Cipher C024 */
        {
        1,
-       TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
-       TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA,
-       SSL_kECDHr,
-       SSL_aECDH,
-       SSL_3DES,
-       SSL_SHA1,
-       SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
-       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
-       168,
+       TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
+       TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
+       SSL_kEECDH,
+       SSL_aECDSA,
+       SSL_AES256,
+       SSL_SHA384,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
        },
 
-       /* Cipher C00E */
+       /* Cipher C025 */
        {
        1,
-       TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA,
-       TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA,
-       SSL_kECDHr,
+       TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256,
+       TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256,
+       SSL_kECDHe,
        SSL_aECDH,
        SSL_AES128,
-       SSL_SHA1,
-       SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
-       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
        128,
        128,
        },
 
-       /* Cipher C00F */
+       /* Cipher C026 */
        {
        1,
-       TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA,
-       TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA,
-       SSL_kECDHr,
+       TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384,
+       TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384,
+       SSL_kECDHe,
        SSL_aECDH,
        SSL_AES256,
-       SSL_SHA1,
-       SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
-       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       SSL_SHA384,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
        256,
        256,
        },
 
-       /* Cipher C010 */
+       /* Cipher C027 */
        {
        1,
-       TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
-       TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
+       TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
+       TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
        SSL_kEECDH,
        SSL_aRSA,
-       SSL_eNULL,
-       SSL_SHA1,
-       SSL_TLSV1,
-       SSL_NOT_EXP|SSL_STRONG_NONE,
-       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       0,
-       0,
+       SSL_AES128,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
        },
 
-       /* Cipher C011 */
+       /* Cipher C028 */
        {
        1,
-       TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
-       TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
+       TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
+       TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
        SSL_kEECDH,
        SSL_aRSA,
-       SSL_RC4,
-       SSL_SHA1,
-       SSL_TLSV1,
-       SSL_NOT_EXP|SSL_MEDIUM,
-       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       SSL_AES256,
+       SSL_SHA384,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
+       /* Cipher C029 */
+       {
+       1,
+       TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256,
+       TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256,
+       SSL_kECDHr,
+       SSL_aECDH,
+       SSL_AES128,
+       SSL_SHA256,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
        128,
        128,
        },
 
-       /* Cipher C012 */
+       /* Cipher C02A */
        {
        1,
-       TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-       TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-       SSL_kEECDH,
-       SSL_aRSA,
-       SSL_3DES,
-       SSL_SHA1,
-       SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
-       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
-       168,
+       TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384,
+       TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384,
+       SSL_kECDHr,
+       SSL_aECDH,
+       SSL_AES256,
+       SSL_SHA384,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
        },
 
-       /* Cipher C013 */
+       /* GCM based TLS v1.2 ciphersuites from RFC5289 */
+
+       /* Cipher C02B */
        {
        1,
-       TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-       TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+       TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
        SSL_kEECDH,
-       SSL_aRSA,
-       SSL_AES128,
-       SSL_SHA1,
-       SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
-       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       SSL_aECDSA,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
        128,
        128,
        },
 
-       /* Cipher C014 */
+       /* Cipher C02C */
        {
        1,
-       TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-       TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+       TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
        SSL_kEECDH,
-       SSL_aRSA,
-       SSL_AES256,
-       SSL_SHA1,
-       SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
-       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       SSL_aECDSA,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
        256,
        256,
        },
 
-       /* Cipher C015 */
+       /* Cipher C02D */
        {
        1,
-       TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
-       TLS1_CK_ECDH_anon_WITH_NULL_SHA,
-       SSL_kEECDH,
-       SSL_aNULL,
-       SSL_eNULL,
-       SSL_SHA1,
-       SSL_TLSV1,
-       SSL_NOT_EXP|SSL_STRONG_NONE,
-       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       0,
-       0,
+       TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
+       SSL_kECDHe,
+       SSL_aECDH,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+       128,
+       128,
        },
 
-       /* Cipher C016 */
+       /* Cipher C02E */
        {
        1,
-       TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
-       TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
+       TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
+       SSL_kECDHe,
+       SSL_aECDH,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
+       },
+
+       /* Cipher C02F */
+       {
+       1,
+       TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
        SSL_kEECDH,
-       SSL_aNULL,
-       SSL_RC4,
-       SSL_SHA1,
-       SSL_TLSV1,
-       SSL_NOT_EXP|SSL_MEDIUM,
-       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       SSL_aRSA,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
        128,
        128,
        },
 
-       /* Cipher C017 */
+       /* Cipher C030 */
        {
        1,
-       TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
-       TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
+       TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
        SSL_kEECDH,
-       SSL_aNULL,
-       SSL_3DES,
-       SSL_SHA1,
-       SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
-       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-       168,
-       168,
+       SSL_aRSA,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+       256,
+       256,
        },
 
-       /* Cipher C018 */
+       /* Cipher C031 */
        {
        1,
-       TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
-       TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
-       SSL_kEECDH,
-       SSL_aNULL,
-       SSL_AES128,
-       SSL_SHA1,
-       SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
-       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256,
+       TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256,
+       SSL_kECDHr,
+       SSL_aECDH,
+       SSL_AES128GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
        128,
        128,
        },
 
-       /* Cipher C019 */
+       /* Cipher C032 */
        {
        1,
-       TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
-       TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
-       SSL_kEECDH,
-       SSL_aNULL,
-       SSL_AES256,
-       SSL_SHA1,
-       SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
-       SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+       TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384,
+       TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384,
+       SSL_kECDHr,
+       SSL_aECDH,
+       SSL_AES256GCM,
+       SSL_AEAD,
+       SSL_TLSV1_2,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
+       SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
        256,
        256,
        },
-#endif /* OPENSSL_NO_ECDH */
+
+#endif /* OPENSSL_NO_ECDH */
+
 
 #ifdef TEMP_GOST_TLS
 /* Cipher FF00 */
@@ -2089,7 +2906,7 @@ SSL3_ENC_METHOD SSLv3_enc_data={
        ssl3_alert_code,
        (int (*)(SSL *, unsigned char *, size_t, const char *,
                 size_t, const unsigned char *, size_t,
-                int use_context)) ssl_undefined_function,
+                int use_context))ssl_undefined_function,
        };
 
 long ssl3_default_timeout(void)
@@ -2131,6 +2948,9 @@ int ssl3_new(SSL *s)
 
        s->s3=s3;
 
+#ifndef OPENSSL_NO_SRP
+       SSL_SRP_CTX_init(s);
+#endif
        s->method->ssl_clear(s);
        return(1);
 err:
@@ -2171,6 +2991,9 @@ void ssl3_free(SSL *s)
                BIO_free(s->s3->handshake_buffer);
        }
        if (s->s3->handshake_dgst) ssl3_free_digest_list(s);
+#ifndef OPENSSL_NO_SRP
+       SSL_SRP_CTX_free(s);
+#endif
        OPENSSL_cleanse(s->s3,sizeof *s->s3);
        OPENSSL_free(s->s3);
        s->s3=NULL;
@@ -2253,6 +3076,13 @@ void ssl3_clear(SSL *s)
 #endif
        }
 
+#ifndef OPENSSL_NO_SRP
+static char * MS_CALLBACK srp_password_from_info_cb(SSL *s, void *arg)
+       {
+       return BUF_strdup(s->srp_ctx.info) ;
+       }
+#endif
+
 long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
        {
        int ret=0;
@@ -2498,6 +3328,27 @@ long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
                ret = 1;
                break;
 
+#ifndef OPENSSL_NO_HEARTBEATS
+       case SSL_CTRL_TLS_EXT_SEND_HEARTBEAT:
+               if (SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
+                       ret = dtls1_heartbeat(s);
+               else
+                       ret = tls1_heartbeat(s);
+               break;
+
+       case SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING:
+               ret = s->tlsext_hb_pending;
+               break;
+
+       case SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS:
+               if (larg)
+                       s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
+               else
+                       s->tlsext_heartbeat &= ~SSL_TLSEXT_HB_DONT_RECV_REQUESTS;
+               ret = 1;
+               break;
+#endif
+
 #endif /* !OPENSSL_NO_TLSEXT */
        default:
                break;
@@ -2730,6 +3581,38 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                return 1;
                break;
 
+#ifndef OPENSSL_NO_SRP
+       case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
+               ctx->srp_ctx.srp_Mask|=SSL_kSRP;
+               if (ctx->srp_ctx.login != NULL)
+                       OPENSSL_free(ctx->srp_ctx.login);
+               ctx->srp_ctx.login = NULL;
+               if (parg == NULL)
+                       break;
+               if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1)
+                       {
+                       SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
+                       return 0;
+                       } 
+               if ((ctx->srp_ctx.login = BUF_strdup((char *)parg)) == NULL)
+                       {
+                       SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
+                       return 0;
+                       }
+               break;
+       case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
+               ctx->srp_ctx.SRP_give_srp_client_pwd_callback=srp_password_from_info_cb;
+               ctx->srp_ctx.info=parg;
+               break;
+       case SSL_CTRL_SET_SRP_ARG:
+               ctx->srp_ctx.srp_Mask|=SSL_kSRP;
+               ctx->srp_ctx.SRP_cb_arg=parg;
+               break;
+
+       case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
+               ctx->srp_ctx.strength=larg;
+               break;
+#endif
 #endif /* !OPENSSL_NO_TLSEXT */
 
        /* A Thawte special :-) */
@@ -2742,6 +3625,18 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
                sk_X509_push(ctx->extra_certs,(X509 *)parg);
                break;
 
+       case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
+               *(STACK_OF(X509) **)parg =  ctx->extra_certs;
+               break;
+
+       case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
+               if (ctx->extra_certs)
+                       {
+                       sk_X509_pop_free(ctx->extra_certs, X509_free);
+                       ctx->extra_certs = NULL;
+                       }
+               break;
+
        default:
                return(0);
                }
@@ -2799,6 +3694,20 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
                                                HMAC_CTX *, int))fp;
                break;
 
+#ifndef OPENSSL_NO_SRP
+       case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
+               ctx->srp_ctx.srp_Mask|=SSL_kSRP;
+               ctx->srp_ctx.SRP_verify_param_callback=(int (*)(SSL *,void *))fp;
+               break;
+       case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
+               ctx->srp_ctx.srp_Mask|=SSL_kSRP;
+               ctx->srp_ctx.TLS_ext_srp_username_callback=(int (*)(SSL *,int *,void *))fp;
+               break;
+       case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
+               ctx->srp_ctx.srp_Mask|=SSL_kSRP;
+               ctx->srp_ctx.SRP_give_srp_client_pwd_callback=(char *(*)(SSL *,void *))fp;
+               break;
+#endif
 #endif
        default:
                return(0);
@@ -2817,6 +3726,9 @@ const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
        id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
        c.id=id;
        cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
+#ifdef DEBUG_PRINT_UNKNOWN_CIPHERSUITES
+if (cp == NULL) fprintf(stderr, "Unknown cipher ID %x\n", (p[0] << 8) | p[1]);
+#endif
        if (cp == NULL || cp->valid == 0)
                return NULL;
        else
@@ -2894,11 +3806,20 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                {
                c=sk_SSL_CIPHER_value(prio,i);
 
+               /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
+               if ((c->algorithm_ssl & SSL_TLSV1_2) && 
+                       (TLS1_get_version(s) < TLS1_2_VERSION))
+                       continue;
+
                ssl_set_cert_masks(cert,c);
                mask_k = cert->mask_k;
                mask_a = cert->mask_a;
                emask_k = cert->export_mask_k;
                emask_a = cert->export_mask_a;
+#ifndef OPENSSL_NO_SRP
+               mask_k=cert->mask_k | s->srp_ctx.srp_Mask;
+               emask_k=cert->export_mask_k | s->srp_ctx.srp_Mask;
+#endif
                        
 #ifdef KSSL_DEBUG
 /*             printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms);*/
@@ -3278,22 +4199,9 @@ int ssl3_write(SSL *s, const void *buf, int len)
 
 static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
        {
-       int n,ret;
+       int ret;
        
        clear_sys_error();
-       if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
-               {
-               /* Deal with an application that calls SSL_read() when handshake data
-                * is yet to be written.
-                */
-               if (BIO_wpending(s->wbio) > 0)
-                       {
-                       s->rwstate=SSL_WRITING;
-                       n=BIO_flush(s->wbio);
-                       if (n <= 0) return(n);
-                       s->rwstate=SSL_NOTHING;
-                       }
-               }
        if (s->s3->renegotiate) ssl3_renegotiate_check(s);
        s->s3->in_read_app_data=1;
        ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
@@ -3360,4 +4268,15 @@ need to go to SSL_ST_ACCEPT.
                }
        return(ret);
        }
-
+/* If we are using TLS v1.2 or later and default SHA1+MD5 algorithms switch
+ * to new SHA256 PRF and handshake macs
+ */
+long ssl_get_algorithm2(SSL *s)
+       {
+       long alg2 = s->s3->tmp.new_cipher->algorithm2;
+       if (TLS1_get_version(s) >= TLS1_2_VERSION &&
+           alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
+               return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+       return alg2;
+       }
+               

diff --git a/deps/openssl/openssl/ssl/s3_pkt.c b/deps/openssl/openssl/ssl/s3_pkt.c
index 0d3874a..804291e 100644 (file)
--- a/deps/openssl/openssl/ssl/s3_pkt.c
+++ b/deps/openssl/openssl/ssl/s3_pkt.c
@@ -115,6 +115,7 @@
 #include "ssl_locl.h"
 #include <openssl/evp.h>
 #include <openssl/buffer.h>
+#include <openssl/rand.h>
 
 static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                         unsigned int len, int create_empty_fragment);
@@ -289,16 +290,8 @@ static int ssl3_get_record(SSL *s)
        unsigned char *p;
        unsigned char md[EVP_MAX_MD_SIZE];
        short version;
-       int mac_size;
-       int clear=0;
+       unsigned mac_size, orig_len;
        size_t extra;
-       int decryption_failed_or_bad_record_mac = 0;
-       unsigned char *mac = NULL;
-#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
-       long align=SSL3_ALIGN_PAYLOAD;
-#else
-       long align=0;
-#endif
 
        rr= &(s->s3->rrec);
        sess=s->session;
@@ -307,8 +300,7 @@ static int ssl3_get_record(SSL *s)
                extra=SSL3_RT_MAX_EXTRA;
        else
                extra=0;
-       if (!(SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS) &&
-               extra && !s->s3->init_extra)
+       if (extra && !s->s3->init_extra)
                {
                /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
                 * set after ssl3_setup_buffers() was done */
@@ -357,21 +349,6 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
                        goto err;
                        }
 
-               /* If we receive a valid record larger than the current buffer size,
-                * allocate some memory for it.
-                */
-               if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH - align)
-                       {
-                       if ((p=OPENSSL_realloc(s->s3->rbuf.buf, rr->length + SSL3_RT_HEADER_LENGTH + align))==NULL)
-                               {
-                               SSLerr(SSL_F_SSL3_GET_RECORD,ERR_R_MALLOC_FAILURE);
-                               goto err;
-                               }
-                       s->s3->rbuf.buf=p;
-                       s->s3->rbuf.len=rr->length + SSL3_RT_HEADER_LENGTH + align;
-                       s->packet= &(s->s3->rbuf.buf[0]);
-                       }
-
                if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH)
                        {
                        al=SSL_AD_RECORD_OVERFLOW;
@@ -423,17 +400,15 @@ fprintf(stderr, "Record type=%d, Length=%d\n", rr->type, rr->length);
        rr->data=rr->input;
 
        enc_err = s->method->ssl3_enc->enc(s,0);
-       if (enc_err <= 0)
+       /* enc_err is:
+        *    0: (in non-constant time) if the record is publically invalid.
+        *    1: if the padding is valid
+        *    -1: if the padding is invalid */
+       if (enc_err == 0)
                {
-               if (enc_err == 0)
-                       /* SSLerr() and ssl3_send_alert() have been called */
-                       goto err;
-
-               /* Otherwise enc_err == -1, which indicates bad padding
-                * (rec->length has not been changed in this case).
-                * To minimize information leaked via timing, we will perform
-                * the MAC computation anyway. */
-               decryption_failed_or_bad_record_mac = 1;
+               al=SSL_AD_DECRYPTION_FAILED;
+               SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+               goto f_err;
                }
 
 #ifdef TLS_DEBUG
@@ -443,53 +418,62 @@ printf("\n");
 #endif
 
        /* r->length is now the compressed data plus mac */
-       if (    (sess == NULL) ||
-               (s->enc_read_ctx == NULL) ||
-               (EVP_MD_CTX_md(s->read_hash) == NULL))
-               clear=1;
-
-       if (!clear)
+       if ((sess != NULL) &&
+           (s->enc_read_ctx != NULL) &&
+           (EVP_MD_CTX_md(s->read_hash) != NULL))
                {
-               /* !clear => s->read_hash != NULL => mac_size != -1 */
+               /* s->read_hash != NULL => mac_size != -1 */
+               unsigned char *mac = NULL;
+               unsigned char mac_tmp[EVP_MAX_MD_SIZE];
                mac_size=EVP_MD_CTX_size(s->read_hash);
-               OPENSSL_assert(mac_size >= 0);
+               OPENSSL_assert(mac_size <= EVP_MAX_MD_SIZE);
 
-               if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
+               /* kludge: *_cbc_remove_padding passes padding length in rr->type */
+               orig_len = rr->length+((unsigned int)rr->type>>8);
+
+               /* orig_len is the length of the record before any padding was
+                * removed. This is public information, as is the MAC in use,
+                * therefore we can safely process the record in a different
+                * amount of time if it's too short to possibly contain a MAC.
+                */
+               if (orig_len < mac_size ||
+                   /* CBC records must have a padding length byte too. */
+                   (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+                    orig_len < mac_size+1))
                        {
-#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
-                       al=SSL_AD_RECORD_OVERFLOW;
-                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+                       al=SSL_AD_DECODE_ERROR;
+                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
                        goto f_err;
-#else
-                       decryption_failed_or_bad_record_mac = 1;
-#endif                 
                        }
-               /* check the MAC for rr->input (it's in mac_size bytes at the tail) */
-               if (rr->length >= (unsigned int)mac_size)
+
+               if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE)
                        {
+                       /* We update the length so that the TLS header bytes
+                        * can be constructed correctly but we need to extract
+                        * the MAC in constant time from within the record,
+                        * without leaking the contents of the padding bytes.
+                        * */
+                       mac = mac_tmp;
+                       ssl3_cbc_copy_mac(mac_tmp, rr, mac_size, orig_len);
                        rr->length -= mac_size;
-                       mac = &rr->data[rr->length];
                        }
                else
                        {
-                       /* record (minus padding) is too short to contain a MAC */
-#if 0 /* OK only for stream ciphers */
-                       al=SSL_AD_DECODE_ERROR;
-                       SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
-                       goto f_err;
-#else
-                       decryption_failed_or_bad_record_mac = 1;
-                       rr->length = 0;
-#endif
-                       }
-               i=s->method->ssl3_enc->mac(s,md,0);
-               if (i < 0 || mac == NULL || memcmp(md, mac, (size_t)mac_size) != 0)
-                       {
-                       decryption_failed_or_bad_record_mac = 1;
+                       /* In this case there's no padding, so |orig_len|
+                        * equals |rec->length| and we checked that there's
+                        * enough bytes for |mac_size| above. */
+                       rr->length -= mac_size;
+                       mac = &rr->data[rr->length];
                        }
+
+               i=s->method->ssl3_enc->mac(s,md,0 /* not send */);
+               if (i < 0 || mac == NULL || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
+                       enc_err = -1;
+               if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
+                       enc_err = -1;
                }
 
-       if (decryption_failed_or_bad_record_mac)
+       if (enc_err < 0)
                {
                /* A separate 'decryption_failed' alert was introduced with TLS 1.0,
                 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
@@ -598,7 +582,6 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
        const unsigned char *buf=buf_;
        unsigned int tot,n,nw;
        int i;
-       unsigned int max_plain_length;
 
        s->rwstate=SSL_NOTHING;
        tot=s->s3->wnum;
@@ -618,13 +601,8 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
        n=(len-tot);
        for (;;)
                {
-               if (type == SSL3_RT_APPLICATION_DATA && (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS))
-                       max_plain_length = SSL3_RT_DEFAULT_PLAIN_LENGTH;
-               else
-                       max_plain_length = s->max_send_fragment;
-
-               if (n > max_plain_length)
-                       nw = max_plain_length;
+               if (n > s->max_send_fragment)
+                       nw=s->max_send_fragment;
                else
                        nw=n;
 
@@ -657,6 +635,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        unsigned char *p,*plen;
        int i,mac_size,clear=0;
        int prefix_len=0;
+       int eivlen;
        long align=0;
        SSL3_RECORD *wr;
        SSL3_BUFFER *wb=&(s->s3->wbuf);
@@ -689,10 +668,14 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        if (    (sess == NULL) ||
                (s->enc_write_ctx == NULL) ||
                (EVP_MD_CTX_md(s->write_hash) == NULL))
+               {
+#if 1
+               clear=s->enc_write_ctx?0:1;     /* must be AEAD cipher */
+#else
                clear=1;
-
-       if (clear)
+#endif
                mac_size=0;
+               }
        else
                {
                mac_size=EVP_MD_CTX_size(s->write_hash);
@@ -728,18 +711,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
                s->s3->empty_fragment_done = 1;
                }
 
-       /* resize if necessary to hold the data. */
-       if (len + SSL3_RT_DEFAULT_WRITE_OVERHEAD > wb->len)
-               {
-               if ((p=OPENSSL_realloc(wb->buf, len + SSL3_RT_DEFAULT_WRITE_OVERHEAD))==NULL)
-                       {
-                       SSLerr(SSL_F_DO_SSL3_WRITE,ERR_R_MALLOC_FAILURE);
-                       goto err;
-                       }
-               wb->buf = p;
-               wb->len = len + SSL3_RT_DEFAULT_WRITE_OVERHEAD;
-               }
-
        if (create_empty_fragment)
                {
 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
@@ -773,14 +744,40 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
        wr->type=type;
 
        *(p++)=(s->version>>8);
-       *(p++)=s->version&0xff;
+       /* Some servers hang if iniatial client hello is larger than 256
+        * bytes and record version number > TLS 1.0
+        */
+       if (s->state == SSL3_ST_CW_CLNT_HELLO_B
+                               && !s->renegotiate
+                               && TLS1_get_version(s) > TLS1_VERSION)
+               *(p++) = 0x1;
+       else
+               *(p++)=s->version&0xff;
 
        /* field where we are to write out packet length */
        plen=p; 
        p+=2;
+       /* Explicit IV length, block ciphers and TLS version 1.1 or later */
+       if (s->enc_write_ctx && s->version >= TLS1_1_VERSION)
+               {
+               int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
+               if (mode == EVP_CIPH_CBC_MODE)
+                       {
+                       eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
+                       if (eivlen <= 1)
+                               eivlen = 0;
+                       }
+               /* Need explicit part of IV for GCM mode */
+               else if (mode == EVP_CIPH_GCM_MODE)
+                       eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+               else
+                       eivlen = 0;
+               }
+       else 
+               eivlen = 0;
 
        /* lets setup the record stuff. */
-       wr->data=p;
+       wr->data=p + eivlen;
        wr->length=(int)len;
        wr->input=(unsigned char *)buf;
 
@@ -808,11 +805,19 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 
        if (mac_size != 0)
                {
-               if (s->method->ssl3_enc->mac(s,&(p[wr->length]),1) < 0)
+               if (s->method->ssl3_enc->mac(s,&(p[wr->length + eivlen]),1) < 0)
                        goto err;
                wr->length+=mac_size;
-               wr->input=p;
-               wr->data=p;
+               }
+
+       wr->input=p;
+       wr->data=p;
+
+       if (eivlen)
+               {
+       /*      if (RAND_pseudo_bytes(p, eivlen) <= 0)
+                       goto err; */
+               wr->length += eivlen;
                }
 
        /* ssl3_enc can only have an error on read */
@@ -1081,6 +1086,19 @@ start:
                        dest = s->s3->alert_fragment;
                        dest_len = &s->s3->alert_fragment_len;
                        }
+#ifndef OPENSSL_NO_HEARTBEATS
+               else if (rr->type == TLS1_RT_HEARTBEAT)
+                       {
+                       tls1_process_heartbeat(s);
+
+                       /* Exit and notify application to read again */
+                       rr->length = 0;
+                       s->rwstate=SSL_READING;
+                       BIO_clear_retry_flags(SSL_get_rbio(s));
+                       BIO_set_retry_read(SSL_get_rbio(s));
+                       return(-1);
+                       }
+#endif
 
                if (dest_maxlen > 0)
                        {
@@ -1224,6 +1242,10 @@ start:
                                SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_NO_RENEGOTIATION);
                                goto f_err;
                                }
+#ifdef SSL_AD_MISSING_SRP_USERNAME
+                       else if (alert_descr == SSL_AD_MISSING_SRP_USERNAME)
+                               return(0);
+#endif
                        }
                else if (alert_level == 2) /* fatal */
                        {
@@ -1302,6 +1324,7 @@ start:
 #else
                        s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT;
 #endif
+                       s->renegotiate=1;
                        s->new_session=1;
                        }
                i=s->handshake_func(s);
@@ -1335,8 +1358,10 @@ start:
                {
        default:
 #ifndef OPENSSL_NO_TLS
-               /* TLS just ignores unknown message types */
-               if (s->version == TLS1_VERSION)
+               /* TLS up to v1.1 just ignores unknown message types:
+                * TLS v1.2 give an unexpected message alert.
+                */
+               if (s->version >= TLS1_VERSION && s->version <= TLS1_1_VERSION)
                        {
                        rr->length = 0;
                        goto start;
@@ -1396,10 +1421,8 @@ err:
 int ssl3_do_change_cipher_spec(SSL *s)
        {
        int i;
-#ifdef OPENSSL_NO_NEXTPROTONEG
        const char *sender;
        int slen;
-#endif
 
        if (s->state & SSL_ST_ACCEPT)
                i=SSL3_CHANGE_CIPHER_SERVER_READ;
@@ -1422,7 +1445,6 @@ int ssl3_do_change_cipher_spec(SSL *s)
        if (!s->method->ssl3_enc->change_cipher_state(s,i))
                return(0);
 
-#ifdef OPENSSL_NO_NEXTPROTONEG
        /* we have to record the message digest at
         * this point so we can get it before we read
         * the finished message */
@@ -1439,7 +1461,6 @@ int ssl3_do_change_cipher_spec(SSL *s)
 
        s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
                sender,slen,s->s3->tmp.peer_finish_md);
-#endif
 
        return(1);
        }

diff --git a/deps/openssl/openssl/ssl/s3_srvr.c b/deps/openssl/openssl/ssl/s3_srvr.c
index 41e597f..bfb8480 100644 (file)
--- a/deps/openssl/openssl/ssl/s3_srvr.c
+++ b/deps/openssl/openssl/ssl/s3_srvr.c
@@ -179,6 +179,32 @@ static const SSL_METHOD *ssl3_get_server_method(int ver)
                return(NULL);
        }
 
+#ifndef OPENSSL_NO_SRP
+static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
+       {
+       int ret = SSL_ERROR_NONE;
+
+       *al = SSL_AD_UNRECOGNIZED_NAME;
+
+       if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
+           (s->srp_ctx.TLS_ext_srp_username_callback != NULL))
+               {
+               if(s->srp_ctx.login == NULL)
+                       {
+                       /* RFC 5054 says SHOULD reject, 
+                          we do so if There is no srp login name */
+                       ret = SSL3_AL_FATAL;
+                       *al = SSL_AD_UNKNOWN_PSK_IDENTITY;
+                       }
+               else
+                       {
+                       ret = SSL_srp_server_param_with_username(s,al);
+                       }
+               }
+       return ret;
+       }
+#endif
+
 IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
                        ssl3_accept,
                        ssl_undefined_function,
@@ -211,6 +237,18 @@ int ssl3_accept(SSL *s)
                return(-1);
                }
 
+#ifndef OPENSSL_NO_HEARTBEATS
+       /* If we're awaiting a HeartbeatResponse, pretend we
+        * already got and don't await it anymore, because
+        * Heartbeats don't make sense during handshakes anyway.
+        */
+       if (s->tlsext_hb_pending)
+               {
+               s->tlsext_hb_pending = 0;
+               s->tlsext_hb_seq++;
+               }
+#endif
+
        for (;;)
                {
                state=s->state;
@@ -218,7 +256,7 @@ int ssl3_accept(SSL *s)
                switch (s->state)
                        {
                case SSL_ST_RENEGOTIATE:
-                       s->new_session=1;
+                       s->renegotiate=1;
                        /* s->state=SSL_ST_ACCEPT; */
 
                case SSL_ST_BEFORE:
@@ -314,10 +352,35 @@ int ssl3_accept(SSL *s)
                case SSL3_ST_SR_CLNT_HELLO_C:
 
                        s->shutdown=0;
-                       ret=ssl3_get_client_hello(s);
-                       if (ret <= 0) goto end;
+                       if (s->rwstate != SSL_X509_LOOKUP)
+                       {
+                               ret=ssl3_get_client_hello(s);
+                               if (ret <= 0) goto end;
+                       }
+#ifndef OPENSSL_NO_SRP
+                       {
+                       int al;
+                       if ((ret = ssl_check_srp_ext_ClientHello(s,&al))  < 0)
+                                       {
+                                       /* callback indicates firther work to be done */
+                                       s->rwstate=SSL_X509_LOOKUP;
+                                       goto end;
+                                       }
+                       if (ret != SSL_ERROR_NONE)
+                               {
+                               ssl3_send_alert(s,SSL3_AL_FATAL,al);    
+                               /* This is not really an error but the only means to
+                                   for a client to detect whether srp is supported. */
+                                  if (al != TLS1_AD_UNKNOWN_PSK_IDENTITY)      
+                                       SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_CLIENTHELLO_TLSEXT);                     
+                               ret = SSL_TLSEXT_ERR_ALERT_FATAL;                       
+                               ret= -1;
+                               goto end;       
+                               }
+                       }
+#endif         
                        
-                       s->new_session = 2;
+                       s->renegotiate = 2;
                        s->state=SSL3_ST_SW_SRVR_HELLO_A;
                        s->init_num=0;
                        break;
@@ -346,7 +409,7 @@ int ssl3_accept(SSL *s)
                case SSL3_ST_SW_CERT_A:
                case SSL3_ST_SW_CERT_B:
                        /* Check if it is anon DH or anon ECDH, */
-                       /* normal PSK or KRB5 */
+                       /* normal PSK or KRB5 or SRP */
                        if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
                                && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
                                && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5))
@@ -411,6 +474,10 @@ int ssl3_accept(SSL *s)
 #ifndef OPENSSL_NO_PSK
                            || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
+#ifndef OPENSSL_NO_SRP
+                           /* SRP: send ServerKeyExchange */
+                           || (alg_k & SSL_kSRP)
+#endif
                            || (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH))
                            || (alg_k & SSL_kEECDH)
                            || ((alg_k & SSL_kRSA)
@@ -457,6 +524,9 @@ int ssl3_accept(SSL *s)
                                skip=1;
                                s->s3->tmp.cert_request=0;
                                s->state=SSL3_ST_SW_SRVR_DONE_A;
+                               if (s->s3->handshake_buffer)
+                                       if (!ssl3_digest_cached_records(s))
+                                               return -1;
                                }
                        else
                                {
@@ -549,6 +619,24 @@ int ssl3_accept(SSL *s)
 #endif
                                s->init_num = 0;
                                }
+                       else if (TLS1_get_version(s) >= TLS1_2_VERSION)
+                               {
+                               s->state=SSL3_ST_SR_CERT_VRFY_A;
+                               s->init_num=0;
+                               if (!s->session->peer)
+                                       break;
+                               /* For TLS v1.2 freeze the handshake buffer
+                                * at this point and digest cached records.
+                                */
+                               if (!s->s3->handshake_buffer)
+                                       {
+                                       SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_INTERNAL_ERROR);
+                                       return -1;
+                                       }
+                               s->s3->flags |= TLS1_FLAGS_KEEP_HANDSHAKE;
+                               if (!ssl3_digest_cached_records(s))
+                                       return -1;
+                               }
                        else
                                {
                                int offset=0;
@@ -615,14 +703,11 @@ int ssl3_accept(SSL *s)
                        ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
                                SSL3_ST_SR_FINISHED_B);
                        if (ret <= 0) goto end;
-#ifndef OPENSSL_NO_TLSEXT
-                       if (s->tlsext_ticket_expected)
-                               s->state=SSL3_ST_SW_SESSION_TICKET_A;
-                       else if (s->hit)
-                               s->state=SSL_ST_OK;
-#else
                        if (s->hit)
                                s->state=SSL_ST_OK;
+#ifndef OPENSSL_NO_TLSEXT
+                       else if (s->tlsext_ticket_expected)
+                               s->state=SSL3_ST_SW_SESSION_TICKET_A;
 #endif
                        else
                                s->state=SSL3_ST_SW_CHANGE_A;
@@ -707,11 +792,9 @@ int ssl3_accept(SSL *s)
 
                        s->init_num=0;
 
-                       if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
+                       if (s->renegotiate == 2) /* skipped if we just sent a HelloRequest */
                                {
-                               /* actually not necessarily a 'new' session unless
-                                * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-                               
+                               s->renegotiate=0;
                                s->new_session=0;
                                
                                ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
@@ -789,14 +872,6 @@ int ssl3_check_client_hello(SSL *s)
        int ok;
        long n;
 
-       /* We only allow the client to restart the handshake once per
-        * negotiation. */
-       if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
-               {
-               SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
-               return -1;
-               }
-
        /* this function is called when we really expect a Certificate message,
         * so permit appropriate message length */
        n=s->method->ssl_get_message(s,
@@ -809,6 +884,13 @@ int ssl3_check_client_hello(SSL *s)
        s->s3->tmp.reuse_message = 1;
        if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
                {
+               /* We only allow the client to restart the handshake once per
+                * negotiation. */
+               if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
+                       {
+                       SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
+                       return -1;
+                       }
                /* Throw away what we have done so far in the current handshake,
                 * which will now be aborted. (A full SSL_clear would be too much.) */
 #ifndef OPENSSL_NO_DH
@@ -850,7 +932,8 @@ int ssl3_get_client_hello(SSL *s)
         * If we are SSLv3, we will respond with SSLv3, even if prompted with
         * TLSv1.
         */
-       if (s->state == SSL3_ST_SR_CLNT_HELLO_A)
+       if (s->state == SSL3_ST_SR_CLNT_HELLO_A
+               )
                {
                s->state=SSL3_ST_SR_CLNT_HELLO_B;
                }
@@ -907,22 +990,19 @@ int ssl3_get_client_hello(SSL *s)
        j= *(p++);
 
        s->hit=0;
-       /* Versions before 0.9.7 always allow session reuse during renegotiation
-        * (i.e. when s->new_session is true), option
-        * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7.
-        * Maybe this optional behaviour should always have been the default,
-        * but we cannot safely change the default behaviour (or new applications
-        * might be written that become totally unsecure when compiled with
-        * an earlier library version)
+       /* Versions before 0.9.7 always allow clients to resume sessions in renegotiation.
+        * 0.9.7 and later allow this by default, but optionally ignore resumption requests
+        * with flag SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather
+        * than a change to default behavior so that applications relying on this for security
+        * won't even compile against older library versions).
+        *
+        * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to request
+        * renegotiation but not a new session (s->new_session remains unset): for servers,
+        * this essentially just means that the SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+        * setting will be ignored.
         */
        if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
                {
-               if (!s->session_creation_enabled)
-                       {
-                       ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-                       SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-                       goto err;
-               }
                if (!ssl_get_new_session(s,1))
                        goto err;
                }
@@ -937,12 +1017,6 @@ int ssl3_get_client_hello(SSL *s)
                        goto err;
                else /* i == 0 */
                        {
-                       if (!s->session_creation_enabled)
-                               {
-                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-                               SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-                               goto err;
-                               }
                        if (!ssl_get_new_session(s,1))
                                goto err;
                        }
@@ -1109,7 +1183,7 @@ int ssl3_get_client_hello(SSL *s)
                        goto f_err;
                        }
                }
-               if (ssl_check_clienthello_tlsext(s) <= 0) {
+               if (ssl_check_clienthello_tlsext_early(s) <= 0) {
                        SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_CLIENTHELLO_TLSEXT);
                        goto err;
                }
@@ -1314,8 +1388,14 @@ int ssl3_get_client_hello(SSL *s)
                s->s3->tmp.new_cipher=s->session->cipher;
                }
 
-       if (!ssl3_digest_cached_records(s))
-               goto f_err;
+       if (TLS1_get_version(s) < TLS1_2_VERSION || !(s->verify_mode & SSL_VERIFY_PEER))
+               {
+               if (!ssl3_digest_cached_records(s))
+                       {
+                       al = SSL_AD_INTERNAL_ERROR;
+                       goto f_err;
+                       }
+               }
        
        /* we now have the following setup. 
         * client_random
@@ -1328,6 +1408,16 @@ int ssl3_get_client_hello(SSL *s)
         * s->tmp.new_cipher    - the new cipher to use.
         */
 
+       /* Handles TLS extensions that we couldn't check earlier */
+       if (s->version >= SSL3_VERSION)
+               {
+               if (ssl_check_clienthello_tlsext_late(s) <= 0)
+                       {
+                       SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_CLIENTHELLO_TLSEXT);
+                       goto err;
+                       }
+               }
+
        if (ret < 0) ret=1;
        if (0)
                {
@@ -1370,20 +1460,20 @@ int ssl3_send_server_hello(SSL *s)
                memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE);
                p+=SSL3_RANDOM_SIZE;
 
-               /* now in theory we have 3 options to sending back the
-                * session id.  If it is a re-use, we send back the
-                * old session-id, if it is a new session, we send
-                * back the new session-id or we send back a 0 length
-                * session-id if we want it to be single use.
-                * Currently I will not implement the '0' length session-id
-                * 12-Jan-98 - I'll now support the '0' length stuff.
-                *
-                * We also have an additional case where stateless session
-                * resumption is successful: we always send back the old
-                * session id. In this case s->hit is non zero: this can
-                * only happen if stateless session resumption is succesful
-                * if session caching is disabled so existing functionality
-                * is unaffected.
+               /* There are several cases for the session ID to send
+                * back in the server hello:
+                * - For session reuse from the session cache,
+                *   we send back the old session ID.
+                * - If stateless session reuse (using a session ticket)
+                *   is successful, we send back the client's "session ID"
+                *   (which doesn't actually identify the session).
+                * - If it is a new session, we send back the new
+                *   session ID.
+                * - However, if we want the new session to be single-use,
+                *   we send back a 0-length session ID.
+                * s->hit is non-zero in either case of session reuse,
+                * so the following won't overwrite an ID that we're supposed
+                * to send back.
                 */
                if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
                        && !s->hit)
@@ -1484,6 +1574,7 @@ int ssl3_send_server_key_exchange(SSL *s)
        BN_CTX *bn_ctx = NULL; 
 #endif
        EVP_PKEY *pkey;
+       const EVP_MD *md = NULL;
        unsigned char *p,*d;
        int al,i;
        unsigned long type;
@@ -1724,21 +1815,44 @@ int ssl3_send_server_key_exchange(SSL *s)
                                }
                        else
 #endif /* !OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+               if (type & SSL_kSRP)
+                       {
+                       if ((s->srp_ctx.N == NULL) ||
+                               (s->srp_ctx.g == NULL) ||
+                               (s->srp_ctx.s == NULL) ||
+                               (s->srp_ctx.B == NULL))
+                               {
+                               SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_SRP_PARAM);
+                               goto err;
+                               }
+                       r[0]=s->srp_ctx.N;
+                       r[1]=s->srp_ctx.g;
+                       r[2]=s->srp_ctx.s;
+                       r[3]=s->srp_ctx.B;
+                       }
+               else 
+#endif
                        {
                        al=SSL_AD_HANDSHAKE_FAILURE;
                        SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
                        goto f_err;
                        }
-               for (i=0; r[i] != NULL; i++)
+               for (i=0; r[i] != NULL && i<4; i++)
                        {
                        nr[i]=BN_num_bytes(r[i]);
+#ifndef OPENSSL_NO_SRP
+                       if ((i == 2) && (type & SSL_kSRP))
+                               n+=1+nr[i];
+                       else
+#endif
                        n+=2+nr[i];
                        }
 
                if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
                        && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK))
                        {
-                       if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher))
+                       if ((pkey=ssl_get_sign_pkey(s,s->s3->tmp.new_cipher,&md))
                                == NULL)
                                {
                                al=SSL_AD_DECODE_ERROR;
@@ -1760,8 +1874,16 @@ int ssl3_send_server_key_exchange(SSL *s)
                d=(unsigned char *)s->init_buf->data;
                p= &(d[4]);
 
-               for (i=0; r[i] != NULL; i++)
+               for (i=0; r[i] != NULL && i<4; i++)
                        {
+#ifndef OPENSSL_NO_SRP
+                       if ((i == 2) && (type & SSL_kSRP))
+                               {
+                               *p = nr[i];
+                               p++;
+                               }
+                       else
+#endif
                        s2n(nr[i],p);
                        BN_bn2bin(r[i],p);
                        p+=nr[i];
@@ -1809,12 +1931,15 @@ int ssl3_send_server_key_exchange(SSL *s)
                        /* n is the length of the params, they start at &(d[4])
                         * and p points to the space at the end. */
 #ifndef OPENSSL_NO_RSA
-                       if (pkey->type == EVP_PKEY_RSA)
+                       if (pkey->type == EVP_PKEY_RSA
+                                       && TLS1_get_version(s) < TLS1_2_VERSION)
                                {
                                q=md_buf;
                                j=0;
                                for (num=2; num > 0; num--)
                                        {
+                                       EVP_MD_CTX_set_flags(&md_ctx,
+                                               EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
                                        EVP_DigestInit_ex(&md_ctx,(num == 2)
                                                ?s->ctx->md5:s->ctx->sha1, NULL);
                                        EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
@@ -1836,44 +1961,41 @@ int ssl3_send_server_key_exchange(SSL *s)
                                }
                        else
 #endif
-#if !defined(OPENSSL_NO_DSA)
-                               if (pkey->type == EVP_PKEY_DSA)
+                       if (md)
                                {
-                               /* lets do DSS */
-                               EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL);
-                               EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
-                               EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
-                               EVP_SignUpdate(&md_ctx,&(d[4]),n);
-                               if (!EVP_SignFinal(&md_ctx,&(p[2]),
-                                       (unsigned int *)&i,pkey))
+                               /* For TLS1.2 and later send signature
+                                * algorithm */
+                               if (TLS1_get_version(s) >= TLS1_2_VERSION)
                                        {
-                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_DSA);
-                                       goto err;
+                                       if (!tls12_get_sigandhash(p, pkey, md))
+                                               {
+                                               /* Should never happen */
+                                               al=SSL_AD_INTERNAL_ERROR;
+                                               SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                                               goto f_err;
+                                               }
+                                       p+=2;
                                        }
-                               s2n(i,p);
-                               n+=i+2;
-                               }
-                       else
+#ifdef SSL_DEBUG
+                               fprintf(stderr, "Using hash %s\n",
+                                                       EVP_MD_name(md));
 #endif
-#if !defined(OPENSSL_NO_ECDSA)
-                               if (pkey->type == EVP_PKEY_EC)
-                               {
-                               /* let's do ECDSA */
-                               EVP_SignInit_ex(&md_ctx,EVP_ecdsa(), NULL);
+                               EVP_SignInit_ex(&md_ctx, md, NULL);
                                EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
                                EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
                                EVP_SignUpdate(&md_ctx,&(d[4]),n);
                                if (!EVP_SignFinal(&md_ctx,&(p[2]),
                                        (unsigned int *)&i,pkey))
                                        {
-                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_ECDSA);
+                                       SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_EVP);
                                        goto err;
                                        }
                                s2n(i,p);
                                n+=i+2;
+                               if (TLS1_get_version(s) >= TLS1_2_VERSION)
+                                       n+= 2;
                                }
                        else
-#endif
                                {
                                /* Is this error check actually needed? */
                                al=SSL_AD_HANDSHAKE_FAILURE;
@@ -1926,6 +2048,14 @@ int ssl3_send_certificate_request(SSL *s)
                p+=n;
                n++;
 
+               if (TLS1_get_version(s) >= TLS1_2_VERSION)
+                       {
+                       nl = tls12_get_req_sig_algs(s, p + 2);
+                       s2n(nl, p);
+                       p += nl + 2;
+                       n += nl + 2;
+                       }
+
                off=n;
                p+=2;
                n+=2;
@@ -2645,6 +2775,44 @@ int ssl3_get_client_key_exchange(SSL *s)
                        }
                else
 #endif
+#ifndef OPENSSL_NO_SRP
+               if (alg_k & SSL_kSRP)
+                       {
+                       int param_len;
+
+                       n2s(p,i);
+                       param_len=i+2;
+                       if (param_len > n)
+                               {
+                               al=SSL_AD_DECODE_ERROR;
+                               SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_SRP_A_LENGTH);
+                               goto f_err;
+                               }
+                       if (!(s->srp_ctx.A=BN_bin2bn(p,i,NULL)))
+                               {
+                               SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_BN_LIB);
+                               goto err;
+                               }
+                       if (s->session->srp_username != NULL)
+                               OPENSSL_free(s->session->srp_username);
+                       s->session->srp_username = BUF_strdup(s->srp_ctx.login);
+                       if (s->session->srp_username == NULL)
+                               {
+                               SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+                                       ERR_R_MALLOC_FAILURE);
+                               goto err;
+                               }
+
+                       if ((s->session->master_key_length = SRP_generate_server_master_secret(s,s->session->master_key))<0)
+                               {
+                               SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);
+                               goto err;
+                               }
+
+                       p+=i;
+                       }
+               else
+#endif /* OPENSSL_NO_SRP */
                if (alg_k & SSL_kGOST) 
                        {
                        int ret = 0;
@@ -2728,7 +2896,7 @@ int ssl3_get_client_key_exchange(SSL *s)
        return(1);
 f_err:
        ssl3_send_alert(s,SSL3_AL_FATAL,al);
-#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH)
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_ECDH) || defined(OPENSSL_NO_SRP)
 err:
 #endif
 #ifndef OPENSSL_NO_ECDH
@@ -2749,12 +2917,15 @@ int ssl3_get_cert_verify(SSL *s)
        long n;
        int type=0,i,j;
        X509 *peer;
+       const EVP_MD *md = NULL;
+       EVP_MD_CTX mctx;
+       EVP_MD_CTX_init(&mctx);
 
        n=s->method->ssl_get_message(s,
                SSL3_ST_SR_CERT_VRFY_A,
                SSL3_ST_SR_CERT_VRFY_B,
                -1,
-               514, /* 514? */
+               516, /* Enough for 4096 bit RSA key with TLS v1.2 */
                &ok);
 
        if (!ok) return((int)n);
@@ -2774,7 +2945,7 @@ int ssl3_get_cert_verify(SSL *s)
        if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE_VERIFY)
                {
                s->s3->tmp.reuse_message=1;
-               if ((peer != NULL) && (type | EVP_PKT_SIGN))
+               if ((peer != NULL) && (type & EVP_PKT_SIGN))
                        {
                        al=SSL_AD_UNEXPECTED_MESSAGE;
                        SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_MISSING_VERIFY_MESSAGE);
@@ -2817,6 +2988,36 @@ int ssl3_get_cert_verify(SSL *s)
                } 
        else 
                {       
+               if (TLS1_get_version(s) >= TLS1_2_VERSION)
+                       {
+                       int sigalg = tls12_get_sigid(pkey);
+                       /* Should never happen */
+                       if (sigalg == -1)
+                               {
+                               SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);
+                               al=SSL_AD_INTERNAL_ERROR;
+                               goto f_err;
+                               }
+                       /* Check key type is consistent with signature */
+                       if (sigalg != (int)p[1])
+                               {
+                               SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_TYPE);
+                               al=SSL_AD_DECODE_ERROR;
+                               goto f_err;
+                               }
+                       md = tls12_get_hash(p[0]);
+                       if (md == NULL)
+                               {
+                               SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_UNKNOWN_DIGEST);
+                               al=SSL_AD_DECODE_ERROR;
+                               goto f_err;
+                               }
+#ifdef SSL_DEBUG
+fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
+#endif
+                       p += 2;
+                       n -= 2;
+                       }
                n2s(p,i);
                n-=2;
                if (i > n)
@@ -2834,6 +3035,37 @@ int ssl3_get_cert_verify(SSL *s)
                goto f_err;
                }
 
+       if (TLS1_get_version(s) >= TLS1_2_VERSION)
+               {
+               long hdatalen = 0;
+               void *hdata;
+               hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+               if (hdatalen <= 0)
+                       {
+                       SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_INTERNAL_ERROR);
+                       al=SSL_AD_INTERNAL_ERROR;
+                       goto f_err;
+                       }
+#ifdef SSL_DEBUG
+               fprintf(stderr, "Using TLS 1.2 with client verify alg %s\n",
+                                                       EVP_MD_name(md));
+#endif
+               if (!EVP_VerifyInit_ex(&mctx, md, NULL)
+                       || !EVP_VerifyUpdate(&mctx, hdata, hdatalen))
+                       {
+                       SSLerr(SSL_F_SSL3_GET_CERT_VERIFY, ERR_R_EVP_LIB);
+                       al=SSL_AD_INTERNAL_ERROR;
+                       goto f_err;
+                       }
+
+               if (EVP_VerifyFinal(&mctx, p , i, pkey) <= 0)
+                       {
+                       al=SSL_AD_DECRYPT_ERROR;
+                       SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_SIGNATURE);
+                       goto f_err;
+                       }
+               }
+       else
 #ifndef OPENSSL_NO_RSA 
        if (pkey->type == EVP_PKEY_RSA)
                {
@@ -2924,6 +3156,13 @@ f_err:
                ssl3_send_alert(s,SSL3_AL_FATAL,al);
                }
 end:
+       if (s->s3->handshake_buffer)
+               {
+               BIO_free(s->s3->handshake_buffer);
+               s->s3->handshake_buffer = NULL;
+               s->s3->flags &= ~TLS1_FLAGS_KEEP_HANDSHAKE;
+               }
+       EVP_MD_CTX_cleanup(&mctx);
        EVP_PKEY_free(pkey);
        return(ret);
        }
@@ -3036,6 +3275,12 @@ int ssl3_get_client_certificate(SSL *s)
                        al=SSL_AD_HANDSHAKE_FAILURE;
                        goto f_err;
                        }
+               /* No client certificate so digest cached records */
+               if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s))
+                       {
+                       al=SSL_AD_INTERNAL_ERROR;
+                       goto f_err;
+                       }
                }
        else
                {
@@ -3112,13 +3357,17 @@ int ssl3_send_server_certificate(SSL *s)
        /* SSL3_ST_SW_CERT_B */
        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
        }
+
 #ifndef OPENSSL_NO_TLSEXT
+/* send a new session ticket (not necessarily for a new session) */
 int ssl3_send_newsession_ticket(SSL *s)
        {
        if (s->state == SSL3_ST_SW_SESSION_TICKET_A)
                {
                unsigned char *p, *senc, *macstart;
-               int len, slen;
+               const unsigned char *const_p;
+               int len, slen_full, slen;
+               SSL_SESSION *sess;
                unsigned int hlen;
                EVP_CIPHER_CTX ctx;
                HMAC_CTX hctx;
@@ -3127,12 +3376,38 @@ int ssl3_send_newsession_ticket(SSL *s)
                unsigned char key_name[16];
 
                /* get session encoding length */
-               slen = i2d_SSL_SESSION(s->session, NULL);
+               slen_full = i2d_SSL_SESSION(s->session, NULL);
                /* Some length values are 16 bits, so forget it if session is
                 * too long
                 */
-               if (slen > 0xFF00)
+               if (slen_full > 0xFF00)
+                       return -1;
+               senc = OPENSSL_malloc(slen_full);
+               if (!senc)
+                       return -1;
+               p = senc;
+               i2d_SSL_SESSION(s->session, &p);
+
+               /* create a fresh copy (not shared with other threads) to clean up */
+               const_p = senc;
+               sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
+               if (sess == NULL)
+                       {
+                       OPENSSL_free(senc);
                        return -1;
+                       }
+               sess->session_id_length = 0; /* ID is irrelevant for the ticket */
+
+               slen = i2d_SSL_SESSION(sess, NULL);
+               if (slen > slen_full) /* shouldn't ever happen */
+                       {
+                       OPENSSL_free(senc);
+                       return -1;
+                       }
+               p = senc;
+               i2d_SSL_SESSION(sess, &p);
+               SSL_SESSION_free(sess);
+
                /* Grow buffer if need be: the length calculation is as
                 * follows 1 (size of message name) + 3 (message length
                 * bytes) + 4 (ticket lifetime hint) + 2 (ticket length) +
@@ -3144,11 +3419,6 @@ int ssl3_send_newsession_ticket(SSL *s)
                        26 + EVP_MAX_IV_LENGTH + EVP_MAX_BLOCK_LENGTH +
                        EVP_MAX_MD_SIZE + slen))
                        return -1;
-               senc = OPENSSL_malloc(slen);
-               if (!senc)
-                       return -1;
-               p = senc;
-               i2d_SSL_SESSION(s->session, &p);
 
                p=(unsigned char *)s->init_buf->data;
                /* do the header */
@@ -3179,7 +3449,13 @@ int ssl3_send_newsession_ticket(SSL *s)
                                        tlsext_tick_md(), NULL);
                        memcpy(key_name, tctx->tlsext_tick_key_name, 16);
                        }
-               l2n(s->session->tlsext_tick_lifetime_hint, p);
+
+               /* Ticket lifetime hint (advisory only):
+                * We leave this unspecified for resumed session (for simplicity),
+                * and guess that tickets for new sessions will live as long
+                * as their sessions. */
+               l2n(s->hit ? 0 : s->session->timeout, p);
+
                /* Skip ticket length for now */
                p += 2;
                /* Output key name */
@@ -3255,13 +3531,13 @@ int ssl3_send_cert_status(SSL *s)
        return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
        }
 
-# ifndef OPENSSL_NO_NPN
+# ifndef OPENSSL_NO_NEXTPROTONEG
 /* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It
  * sets the next_proto member in s if found */
 int ssl3_get_next_proto(SSL *s)
        {
        int ok;
-       unsigned proto_len, padding_len;
+       int proto_len, padding_len;
        long n;
        const unsigned char *p;
 

diff --git a/deps/openssl/openssl/ssl/ssl-lib.com b/deps/openssl/openssl/ssl/ssl-lib.com
index 180f3a2..a77f770 100644 (file)
--- a/deps/openssl/openssl/ssl/ssl-lib.com
+++ b/deps/openssl/openssl/ssl/ssl-lib.com
@@ -218,11 +218,11 @@ $ LIB_SSL = "s2_meth,s2_srvr,s2_clnt,s2_lib,s2_enc,s2_pkt,"+ -
            "s23_meth,s23_srvr,s23_clnt,s23_lib,s23_pkt,"+ -
            "t1_meth,t1_srvr,t1_clnt,t1_lib,t1_enc,"+ -
            "d1_meth,d1_srvr,d1_clnt,d1_lib,d1_pkt,"+ -
-           "d1_both,d1_enc,"+ -
+           "d1_both,d1_enc,d1_srtp,"+ -
            "ssl_lib,ssl_err2,ssl_cert,ssl_sess,"+ -
            "ssl_ciph,ssl_stat,ssl_rsa,"+ -
            "ssl_asn1,ssl_txt,ssl_algs,"+ -
-           "bio_ssl,ssl_err,kssl,t1_reneg"
+           "bio_ssl,ssl_err,kssl,tls_srp,t1_reneg"
 $!
 $ COMPILEWITH_CC5 = ""
 $!

diff --git a/deps/openssl/openssl/ssl/ssl.h b/deps/openssl/openssl/ssl/ssl.h
index fdcab6f..593579e 100644 (file)
--- a/deps/openssl/openssl/ssl/ssl.h
+++ b/deps/openssl/openssl/ssl/ssl.h
@@ -252,6 +252,7 @@ extern "C" {
 #define SSL_TXT_kEECDH         "kEECDH"
 #define SSL_TXT_kPSK            "kPSK"
 #define SSL_TXT_kGOST          "kGOST"
+#define SSL_TXT_kSRP           "kSRP"
 
 #define        SSL_TXT_aRSA            "aRSA"
 #define        SSL_TXT_aDSS            "aDSS"
@@ -275,6 +276,7 @@ extern "C" {
 #define SSL_TXT_ECDSA          "ECDSA"
 #define SSL_TXT_KRB5           "KRB5"
 #define SSL_TXT_PSK             "PSK"
+#define SSL_TXT_SRP            "SRP"
 
 #define SSL_TXT_DES            "DES"
 #define SSL_TXT_3DES           "3DES"
@@ -285,6 +287,7 @@ extern "C" {
 #define SSL_TXT_AES128         "AES128"
 #define SSL_TXT_AES256         "AES256"
 #define SSL_TXT_AES            "AES"
+#define SSL_TXT_AES_GCM                "AESGCM"
 #define SSL_TXT_CAMELLIA128    "CAMELLIA128"
 #define SSL_TXT_CAMELLIA256    "CAMELLIA256"
 #define SSL_TXT_CAMELLIA       "CAMELLIA"
@@ -294,10 +297,14 @@ extern "C" {
 #define SSL_TXT_SHA            "SHA" /* same as "SHA1" */
 #define SSL_TXT_GOST94         "GOST94" 
 #define SSL_TXT_GOST89MAC              "GOST89MAC" 
+#define SSL_TXT_SHA256         "SHA256"
+#define SSL_TXT_SHA384         "SHA384"
 
 #define SSL_TXT_SSLV2          "SSLv2"
 #define SSL_TXT_SSLV3          "SSLv3"
 #define SSL_TXT_TLSV1          "TLSv1"
+#define SSL_TXT_TLSV1_1                "TLSv1.1"
+#define SSL_TXT_TLSV1_2                "TLSv1.2"
 
 #define SSL_TXT_EXP            "EXP"
 #define SSL_TXT_EXPORT         "EXPORT"
@@ -356,9 +363,29 @@ extern "C" {
  * in SSL_CTX. */
 typedef struct ssl_st *ssl_crock_st;
 typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
+typedef struct ssl_method_st SSL_METHOD;
+typedef struct ssl_cipher_st SSL_CIPHER;
+typedef struct ssl_session_st SSL_SESSION;
+
+DECLARE_STACK_OF(SSL_CIPHER)
+
+/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
+typedef struct srtp_protection_profile_st
+       {
+       const char *name;
+       unsigned long id;
+       } SRTP_PROTECTION_PROFILE;
+
+DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
+
+typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
+typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
+
+
+#ifndef OPENSSL_NO_SSL_INTERN
 
 /* used to hold info on the particular ciphers used */
-typedef struct ssl_cipher_st
+struct ssl_cipher_st
        {
        int valid;
        const char *name;               /* text name */
@@ -375,15 +402,11 @@ typedef struct ssl_cipher_st
        unsigned long algorithm2;       /* Extra flags */
        int strength_bits;              /* Number of bits really used */
        int alg_bits;                   /* Number of bits for algorithm */
-       } SSL_CIPHER;
+       };
 
-DECLARE_STACK_OF(SSL_CIPHER)
-
-typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
-typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
 
 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
-typedef struct ssl_method_st
+struct ssl_method_st
        {
        int version;
        int (*ssl_new)(SSL *s);
@@ -416,7 +439,7 @@ typedef struct ssl_method_st
        int (*ssl_version)(void);
        long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
        long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
-       } SSL_METHOD;
+       };
 
 /* Lets make this into an ASN.1 type structure as follows
  * SSL_SESSION_ID ::= SEQUENCE {
@@ -433,14 +456,17 @@ typedef struct ssl_method_st
  *     Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
  *     Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
  *     HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension 
- *     ECPointFormatList [ 7 ] OCTET STRING,     -- optional EC point format list from TLS extension
- *     PSK_identity_hint [ 8 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
- *     PSK_identity [ 9 ] EXPLICIT OCTET STRING -- optional PSK identity
+ *     PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
+ *     PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
+ *     Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
+ *     Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
+ *     Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
+ *     SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
  *     }
  * Look in ssl/ssl_asn1.c for more details
  * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
  */
-typedef struct ssl_session_st
+struct ssl_session_st
        {
        int ssl_version;        /* what ssl version session info is
                                 * being kept in here? */
@@ -467,6 +493,9 @@ typedef struct ssl_session_st
        char *psk_identity_hint;
        char *psk_identity;
 #endif
+       /* Used to indicate that session resumption is not allowed.
+        * Applications can also set this bit for a new session via
+        * not_resumable_session_cb to disable session caching and tickets. */
        int not_resumable;
 
        /* The cert is the certificate used to establish this connection */
@@ -509,11 +538,15 @@ typedef struct ssl_session_st
 #endif /* OPENSSL_NO_EC */
        /* RFC4507 info */
        unsigned char *tlsext_tick;     /* Session ticket */
-       size_t  tlsext_ticklen;         /* Session ticket length */     
+       size_t tlsext_ticklen;          /* Session ticket length */
        long tlsext_tick_lifetime_hint; /* Session lifetime hint in seconds */
 #endif
-       } SSL_SESSION;
+#ifndef OPENSSL_NO_SRP
+       char *srp_username;
+#endif
+       };
 
+#endif
 
 #define SSL_OP_MICROSOFT_SESS_ID_BUG                   0x00000001L
 #define SSL_OP_NETSCAPE_CHALLENGE_BUG                  0x00000002L
@@ -536,7 +569,7 @@ typedef struct ssl_session_st
 
 /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
  *             This used to be 0x000FFFFFL before 0.9.7. */
-#define SSL_OP_ALL                                     0x80000FFFL
+#define SSL_OP_ALL                                     0x80000BFFL
 
 /* DTLS options */
 #define SSL_OP_NO_QUERY_MTU                 0x00001000L
@@ -572,11 +605,17 @@ typedef struct ssl_session_st
 #define SSL_OP_NO_SSLv2                                        0x01000000L
 #define SSL_OP_NO_SSLv3                                        0x02000000L
 #define SSL_OP_NO_TLSv1                                        0x04000000L
+#define SSL_OP_NO_TLSv1_2                              0x08000000L
+#define SSL_OP_NO_TLSv1_1                              0x10000000L
 
+/* These next two were never actually used for anything since SSLeay
+ * zap so we have some more flags.
+ */
 /* The next flag deliberately changes the ciphertest, this is a check
  * for the PKCS#1 attack */
-#define SSL_OP_PKCS1_CHECK_1                           0x08000000L
-#define SSL_OP_PKCS1_CHECK_2                           0x10000000L
+#define SSL_OP_PKCS1_CHECK_1                           0x0
+#define SSL_OP_PKCS1_CHECK_2                           0x0
+
 #define SSL_OP_NETSCAPE_CA_DN_BUG                      0x20000000L
 #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG         0x40000000L
 /* Make server add server-hello extension from early version of
@@ -602,13 +641,6 @@ typedef struct ssl_session_st
  * TLS only.)  "Released" buffers are put onto a free-list in the context
  * or just freed (depending on the context's setting for freelist_max_len). */
 #define SSL_MODE_RELEASE_BUFFERS 0x00000010L
-/* Use small read and write buffers: (a) lazy allocate read buffers for
- * large incoming records, and (b) limit the size of outgoing records. */
-#define SSL_MODE_SMALL_BUFFERS 0x00000020L
-/* When set, clients may send application data before receipt of CCS
- * and Finished.  This mode enables full-handshakes to 'complete' in
- * one RTT. */
-#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000040L
 
 /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
  * they cannot be used to clear bits. */
@@ -644,12 +676,53 @@ typedef struct ssl_session_st
 #define SSL_get_secure_renegotiation_support(ssl) \
        SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
 
+#ifndef OPENSSL_NO_HEARTBEATS
+#define SSL_heartbeat(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_TLS_EXT_SEND_HEARTBEAT,0,NULL)
+#endif
+
 void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
 void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
 #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 
+#ifndef OPENSSL_NO_SRP
 
+#ifndef OPENSSL_NO_SSL_INTERN
+
+typedef struct srp_ctx_st
+       {
+       /* param for all the callbacks */
+       void *SRP_cb_arg;
+       /* set client Hello login callback */
+       int (*TLS_ext_srp_username_callback)(SSL *, int *, void *);
+       /* set SRP N/g param callback for verification */
+       int (*SRP_verify_param_callback)(SSL *, void *);
+       /* set SRP client passwd callback */
+       char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);
+
+       char *login;
+       BIGNUM *N,*g,*s,*B,*A;
+       BIGNUM *a,*b,*v;
+       char *info;
+       int strength;
+
+       unsigned long srp_Mask;
+       } SRP_CTX;
+
+#endif
+
+/* see tls_srp.c */
+int SSL_SRP_CTX_init(SSL *s);
+int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
+int SSL_SRP_CTX_free(SSL *ctx);
+int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
+int SSL_srp_server_param_with_username(SSL *s, int *ad);
+int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key);
+int SRP_Calc_A_param(SSL *s);
+int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);
+
+#endif
 
 #if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
 #define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */
@@ -675,7 +748,11 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
 typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
                                unsigned int *id_len);
 
-typedef struct ssl_comp_st
+typedef struct ssl_comp_st SSL_COMP;
+
+#ifndef OPENSSL_NO_SSL_INTERN
+
+struct ssl_comp_st
        {
        int id;
        const char *name;
@@ -684,7 +761,7 @@ typedef struct ssl_comp_st
 #else
        char *method;
 #endif
-       } SSL_COMP;
+       };
 
 DECLARE_STACK_OF(SSL_COMP)
 DECLARE_LHASH_OF(SSL_SESSION);
@@ -857,6 +934,28 @@ struct ssl_ctx_st
        /* draft-rescorla-tls-opaque-prf-input-00.txt information */
        int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
        void *tlsext_opaque_prf_input_callback_arg;
+#endif
+
+#ifndef OPENSSL_NO_PSK
+       char *psk_identity_hint;
+       unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
+               unsigned int max_identity_len, unsigned char *psk,
+               unsigned int max_psk_len);
+       unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
+               unsigned char *psk, unsigned int max_psk_len);
+#endif
+
+#ifndef OPENSSL_NO_BUF_FREELISTS
+#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
+       unsigned int freelist_max_len;
+       struct ssl3_buf_freelist_st *wbuf_freelist;
+       struct ssl3_buf_freelist_st *rbuf_freelist;
+#endif
+#ifndef OPENSSL_NO_SRP
+       SRP_CTX srp_ctx; /* ctx for SRP authentication */
+#endif
+
+#ifndef OPENSSL_NO_TLSEXT
 
 # ifndef OPENSSL_NO_NEXTPROTONEG
        /* Next protocol negotiation information */
@@ -876,24 +975,12 @@ struct ssl_ctx_st
                                    void *arg);
        void *next_proto_select_cb_arg;
 # endif
+        /* SRTP profiles we are willing to do from RFC 5764 */
+        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  
 #endif
+       };
 
-#ifndef OPENSSL_NO_PSK
-       char *psk_identity_hint;
-       unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
-               unsigned int max_identity_len, unsigned char *psk,
-               unsigned int max_psk_len);
-       unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-               unsigned char *psk, unsigned int max_psk_len);
-#endif
-
-#ifndef OPENSSL_NO_BUF_FREELISTS
-#define SSL_MAX_BUF_FREELIST_LEN_DEFAULT 32
-       unsigned int freelist_max_len;
-       struct ssl3_buf_freelist_st *wbuf_freelist;
-       struct ssl3_buf_freelist_st *rbuf_freelist;
 #endif
-       };
 
 #define SSL_SESS_CACHE_OFF                     0x0000
 #define SSL_SESS_CACHE_CLIENT                  0x0001
@@ -952,24 +1039,26 @@ void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
                                           int (*cb) (SSL *ssl,
                                                      const unsigned char **out,
                                                      unsigned int *outlen,
-                                                     void *arg), void *arg);
+                                                     void *arg),
+                                          void *arg);
 void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
-                                     int (*cb) (SSL *ssl, unsigned char **out,
+                                     int (*cb) (SSL *ssl,
+                                                unsigned char **out,
                                                 unsigned char *outlen,
                                                 const unsigned char *in,
-                                                unsigned int inlen, void *arg),
+                                                unsigned int inlen,
+                                                void *arg),
                                      void *arg);
 
 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
                          const unsigned char *in, unsigned int inlen,
                          const unsigned char *client, unsigned int client_len);
-void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-                                   unsigned *len);
+void SSL_get0_next_proto_negotiated(const SSL *s,
+                                   const unsigned char **data, unsigned *len);
 
 #define OPENSSL_NPN_UNSUPPORTED        0
 #define OPENSSL_NPN_NEGOTIATED 1
 #define OPENSSL_NPN_NO_OVERLAP 2
-
 #endif
 
 #ifndef OPENSSL_NO_PSK
@@ -1011,6 +1100,8 @@ const char *SSL_get_psk_identity(const SSL *s);
 #define SSL_MAC_FLAG_READ_MAC_STREAM 1
 #define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
 
+#ifndef OPENSSL_NO_SSL_INTERN
+
 struct ssl_st
        {
        /* protocol version
@@ -1055,9 +1146,7 @@ struct ssl_st
 
        int server;     /* are we the server side? - mostly used by SSL_clear*/
 
-       int new_session;/* 1 if we are to use a new session.
-                        * 2 if we are a server and are inside a handshake
-                        *   (i.e. not just sending a HelloRequest)
+       int new_session;/* Generate a new session or reuse an old one.
                         * NB: For servers, the 'new' session may actually be a previously
                         * cached session or even the previous session unless
                         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
@@ -1133,9 +1222,6 @@ struct ssl_st
        /* This can also be in the session once a session is established */
        SSL_SESSION *session;
 
-        /* This can be disabled to prevent the use of uncached sessions */
-       int session_creation_enabled;
-
        /* Default generate session ID callback. */
        GEN_SESSION_CB generate_session_id;
 
@@ -1244,11 +1330,32 @@ struct ssl_st
 #endif
 
 #define session_ctx initial_ctx
+
+       STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  /* What we'll do */
+       SRTP_PROTECTION_PROFILE *srtp_profile;            /* What's been chosen */
+
+       unsigned int tlsext_heartbeat;  /* Is use of the Heartbeat extension negotiated?
+                                          0: disabled
+                                          1: enabled
+                                          2: enabled, but not allowed to send Requests
+                                        */
+       unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
+       unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
 #else
 #define session_ctx ctx
 #endif /* OPENSSL_NO_TLSEXT */
+
+       int renegotiate;/* 1 if we are renegotiating.
+                        * 2 if we are a server and are inside a handshake
+                        * (i.e. not just sending a HelloRequest) */
+
+#ifndef OPENSSL_NO_SRP
+       SRP_CTX srp_ctx; /* ctx for SRP authentication */
+#endif
        };
 
+#endif
+
 #ifdef __cplusplus
 }
 #endif
@@ -1258,6 +1365,7 @@ struct ssl_st
 #include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
 #include <openssl/dtls1.h> /* Datagram TLS */
 #include <openssl/ssl23.h>
+#include <openssl/srtp.h>  /* Support for the use_srtp extension */
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1303,12 +1411,10 @@ extern "C" {
 /* Is the SSL_connection established? */
 #define SSL_get_state(a)               SSL_state(a)
 #define SSL_is_init_finished(a)                (SSL_state(a) == SSL_ST_OK)
-#define SSL_in_init(a)                 ((SSL_state(a)&SSL_ST_INIT) && \
-                                  !SSL_cutthrough_complete(a))
+#define SSL_in_init(a)                 (SSL_state(a)&SSL_ST_INIT)
 #define SSL_in_before(a)               (SSL_state(a)&SSL_ST_BEFORE)
 #define SSL_in_connect_init(a)         (SSL_state(a)&SSL_ST_CONNECT)
 #define SSL_in_accept_init(a)          (SSL_state(a)&SSL_ST_ACCEPT)
-int SSL_cutthrough_complete(const SSL *s);
 
 /* The following 2 states are kept in ssl->rstate when reads fail,
  * you should not need these */
@@ -1476,6 +1582,20 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP       71
 
 #define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB      72
+
+#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB   75
+#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB               76
+#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB            77
+
+#define SSL_CTRL_SET_SRP_ARG           78
+#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME              79
+#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH              80
+#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD              81
+#ifndef OPENSSL_NO_HEARTBEATS
+#define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT                                85
+#define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING         86
+#define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS     87
+#endif
 #endif
 
 #define DTLS_CTRL_GET_TIMEOUT          73
@@ -1486,6 +1606,9 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #define SSL_CTRL_CLEAR_OPTIONS                 77
 #define SSL_CTRL_CLEAR_MODE                    78
 
+#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS         82
+#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS       83
+
 #define DTLSv1_get_timeout(ssl, arg) \
        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
 #define DTLSv1_handle_timeout(ssl) \
@@ -1522,6 +1645,10 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 #define SSL_CTX_add_extra_chain_cert(ctx,x509) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509)
+#define SSL_CTX_get_extra_chain_certs(ctx,px509) \
+       SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
+#define SSL_CTX_clear_extra_chain_certs(ctx) \
+       SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
 
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
@@ -1549,7 +1676,7 @@ const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
 int    SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
 char * SSL_CIPHER_get_version(const SSL_CIPHER *c);
 const char *   SSL_CIPHER_get_name(const SSL_CIPHER *c);
-const char *   SSL_CIPHER_authentication_method(const SSL_CIPHER *c);
+unsigned long  SSL_CIPHER_get_id(const SSL_CIPHER *c);
 
 int    SSL_get_fd(const SSL *s);
 int    SSL_get_rfd(const SSL *s);
@@ -1558,7 +1685,6 @@ const char  * SSL_get_cipher_list(const SSL *s,int n);
 char * SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
 int    SSL_get_read_ahead(const SSL * s);
 int    SSL_pending(const SSL *s);
-const char *   SSL_authentication_method(const SSL *c);
 #ifndef OPENSSL_NO_SOCK
 int    SSL_set_fd(SSL *s, int fd);
 int    SSL_set_rfd(SSL *s, int fd);
@@ -1570,7 +1696,6 @@ BIO *     SSL_get_rbio(const SSL *s);
 BIO *  SSL_get_wbio(const SSL *s);
 #endif
 int    SSL_set_cipher_list(SSL *s, const char *str);
-int    SSL_set_cipher_lists(SSL *s, STACK_OF(SSL_CIPHER) *sk);
 void   SSL_set_read_ahead(SSL *s, int yes);
 int    SSL_get_verify_mode(const SSL *s);
 int    SSL_get_verify_depth(const SSL *s);
@@ -1586,8 +1711,6 @@ int       SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
 int    SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
 int    SSL_use_certificate(SSL *ssl, X509 *x);
 int    SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
-int    SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain);
-STACK_OF(X509) * SSL_get_certificate_chain(SSL *ssl, X509 *x);
 
 #ifndef OPENSSL_NO_STDIO
 int    SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
@@ -1619,11 +1742,14 @@ long    SSL_SESSION_set_time(SSL_SESSION *s, long t);
 long   SSL_SESSION_get_timeout(const SSL_SESSION *s);
 long   SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
 void   SSL_copy_session_id(SSL *to,const SSL *from);
+X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
+int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
+                              unsigned int sid_ctx_len);
 
 SSL_SESSION *SSL_SESSION_new(void);
 const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
                                        unsigned int *len);
-const char *   SSL_SESSION_get_version(const SSL_SESSION *s);
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
 #ifndef OPENSSL_NO_FP_API
 int    SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
 #endif
@@ -1633,7 +1759,6 @@ int       SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
 void   SSL_SESSION_free(SSL_SESSION *ses);
 int    i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
 int    SSL_set_session(SSL *to, SSL_SESSION *session);
-void   SSL_set_session_creation_enabled(SSL *, int);
 int    SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
 int    SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
 int    SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
@@ -1687,6 +1812,30 @@ int SSL_set_trust(SSL *s, int trust);
 int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
 int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
 
+#ifndef OPENSSL_NO_SRP
+int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name);
+int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password);
+int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
+int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
+                                       char *(*cb)(SSL *,void *));
+int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
+                                         int (*cb)(SSL *,void *));
+int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
+                                     int (*cb)(SSL *,int *,void *));
+int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
+
+int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
+                            BIGNUM *sa, BIGNUM *v, char *info);
+int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
+                               const char *grp);
+
+BIGNUM *SSL_get_srp_g(SSL *s);
+BIGNUM *SSL_get_srp_N(SSL *s);
+
+char *SSL_get_srp_username(SSL *s);
+char *SSL_get_srp_userinfo(SSL *s);
+#endif
+
 void   SSL_free(SSL *ssl);
 int    SSL_accept(SSL *ssl);
 int    SSL_connect(SSL *ssl);
@@ -1722,6 +1871,15 @@ const SSL_METHOD *TLSv1_method(void);            /* TLSv1.0 */
 const SSL_METHOD *TLSv1_server_method(void);   /* TLSv1.0 */
 const SSL_METHOD *TLSv1_client_method(void);   /* TLSv1.0 */
 
+const SSL_METHOD *TLSv1_1_method(void);                /* TLSv1.1 */
+const SSL_METHOD *TLSv1_1_server_method(void); /* TLSv1.1 */
+const SSL_METHOD *TLSv1_1_client_method(void); /* TLSv1.1 */
+
+const SSL_METHOD *TLSv1_2_method(void);                /* TLSv1.2 */
+const SSL_METHOD *TLSv1_2_server_method(void); /* TLSv1.2 */
+const SSL_METHOD *TLSv1_2_client_method(void); /* TLSv1.2 */
+
+
 const SSL_METHOD *DTLSv1_method(void);         /* DTLSv1.0 */
 const SSL_METHOD *DTLSv1_server_method(void);  /* DTLSv1.0 */
 const SSL_METHOD *DTLSv1_client_method(void);  /* DTLSv1.0 */
@@ -1730,6 +1888,7 @@ STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
 
 int SSL_do_handshake(SSL *s);
 int SSL_renegotiate(SSL *s);
+int SSL_renegotiate_abbreviated(SSL *s);
 int SSL_renegotiate_pending(SSL *s);
 int SSL_shutdown(SSL *s);
 
@@ -1781,6 +1940,7 @@ void SSL_set_info_callback(SSL *ssl,
                           void (*cb)(const SSL *ssl,int type,int val));
 void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
 int SSL_state(const SSL *ssl);
+void SSL_set_state(SSL *ssl, int state);
 
 void SSL_set_verify_result(SSL *ssl,long v);
 long SSL_get_verify_result(const SSL *ssl);
@@ -1881,6 +2041,9 @@ int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
 /* Pre-shared secret session resumption functions */
 int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
 
+void SSL_set_debug(SSL *s, int debug);
+int SSL_cache_hit(SSL *s);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
@@ -1900,6 +2063,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_DTLS1_ACCEPT                              246
 #define SSL_F_DTLS1_ADD_CERT_TO_BUF                     295
 #define SSL_F_DTLS1_BUFFER_RECORD                       247
+#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM                   316
 #define SSL_F_DTLS1_CLIENT_HELLO                        248
 #define SSL_F_DTLS1_CONNECT                             249
 #define SSL_F_DTLS1_ENC                                         250
@@ -1908,6 +2072,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT                253
 #define SSL_F_DTLS1_GET_RECORD                          254
 #define SSL_F_DTLS1_HANDLE_TIMEOUT                      297
+#define SSL_F_DTLS1_HEARTBEAT                           305
 #define SSL_F_DTLS1_OUTPUT_CERT_CHAIN                   255
 #define SSL_F_DTLS1_PREPROCESS_FRAGMENT                         288
 #define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE          256
@@ -1976,7 +2141,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_GET_KEY_EXCHANGE                     141
 #define SSL_F_SSL3_GET_MESSAGE                          142
 #define SSL_F_SSL3_GET_NEW_SESSION_TICKET               283
-#define SSL_F_SSL3_GET_NEXT_PROTO                       304
+#define SSL_F_SSL3_GET_NEXT_PROTO                       306
 #define SSL_F_SSL3_GET_RECORD                           143
 #define SSL_F_SSL3_GET_SERVER_CERTIFICATE               144
 #define SSL_F_SSL3_GET_SERVER_DONE                      145
@@ -2001,10 +2166,12 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL3_WRITE_PENDING                        159
 #define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT       298
 #define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                277
+#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT          307
 #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK        215
 #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK       216
 #define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT       299
 #define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                278
+#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT          308
 #define SSL_F_SSL_BAD_METHOD                            160
 #define SSL_F_SSL_BYTES_TO_CIPHER_LIST                  161
 #define SSL_F_SSL_CERT_DUP                              221
@@ -2021,6 +2188,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_CREATE_CIPHER_LIST                    166
 #define SSL_F_SSL_CTRL                                  232
 #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                         168
+#define SSL_F_SSL_CTX_MAKE_PROFILES                     309
 #define SSL_F_SSL_CTX_NEW                               169
 #define SSL_F_SSL_CTX_SET_CIPHER_LIST                   269
 #define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE            290
@@ -2043,16 +2211,18 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_GET_NEW_SESSION                       181
 #define SSL_F_SSL_GET_PREV_SESSION                      217
 #define SSL_F_SSL_GET_SERVER_SEND_CERT                  182
+#define SSL_F_SSL_GET_SERVER_SEND_PKEY                  317
 #define SSL_F_SSL_GET_SIGN_PKEY                                 183
 #define SSL_F_SSL_INIT_WBIO_BUFFER                      184
 #define SSL_F_SSL_LOAD_CLIENT_CA_FILE                   185
 #define SSL_F_SSL_NEW                                   186
 #define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT     300
 #define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT              302
+#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT        310
 #define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT     301
 #define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT              303
+#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT        311
 #define SSL_F_SSL_PEEK                                  270
-#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL               312
 #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT            281
 #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT            282
 #define SSL_F_SSL_READ                                  223
@@ -2060,6 +2230,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT                    188
 #define SSL_F_SSL_SESSION_NEW                           189
 #define SSL_F_SSL_SESSION_PRINT_FP                      190
+#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT               312
 #define SSL_F_SSL_SESS_CERT_NEW                                 225
 #define SSL_F_SSL_SET_CERT                              191
 #define SSL_F_SSL_SET_CIPHER_LIST                       271
@@ -2073,12 +2244,12 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_SSL_SET_TRUST                             228
 #define SSL_F_SSL_SET_WFD                               196
 #define SSL_F_SSL_SHUTDOWN                              224
+#define SSL_F_SSL_SRP_CTX_INIT                          313
 #define SSL_F_SSL_UNDEFINED_CONST_FUNCTION              243
 #define SSL_F_SSL_UNDEFINED_FUNCTION                    197
 #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION               244
 #define SSL_F_SSL_USE_CERTIFICATE                       198
 #define SSL_F_SSL_USE_CERTIFICATE_ASN1                  199
-#define SSL_F_SSL_USE_CERTIFICATE_CHAIN                         2000
 #define SSL_F_SSL_USE_CERTIFICATE_FILE                  200
 #define SSL_F_SSL_USE_PRIVATEKEY                        201
 #define SSL_F_SSL_USE_PRIVATEKEY_ASN1                   202
@@ -2093,6 +2264,8 @@ void ERR_load_SSL_strings(void);
 #define SSL_F_TLS1_CHANGE_CIPHER_STATE                  209
 #define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT             274
 #define SSL_F_TLS1_ENC                                  210
+#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL               314
+#define SSL_F_TLS1_HEARTBEAT                            315
 #define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT           275
 #define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT           276
 #define SSL_F_TLS1_PRF                                  284
@@ -2132,6 +2305,13 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_BAD_RSA_MODULUS_LENGTH                    121
 #define SSL_R_BAD_RSA_SIGNATURE                                 122
 #define SSL_R_BAD_SIGNATURE                             123
+#define SSL_R_BAD_SRP_A_LENGTH                          347
+#define SSL_R_BAD_SRP_B_LENGTH                          348
+#define SSL_R_BAD_SRP_G_LENGTH                          349
+#define SSL_R_BAD_SRP_N_LENGTH                          350
+#define SSL_R_BAD_SRP_S_LENGTH                          351
+#define SSL_R_BAD_SRTP_MKI_VALUE                        352
+#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST          353
 #define SSL_R_BAD_SSL_FILETYPE                          124
 #define SSL_R_BAD_SSL_SESSION_ID_LENGTH                         125
 #define SSL_R_BAD_STATE                                         126
@@ -2170,14 +2350,15 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE        322
 #define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE       323
 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER              310
+#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST        354
 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                         150
 #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY              282
 #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST             151
 #define SSL_R_EXCESSIVE_MESSAGE_SIZE                    152
 #define SSL_R_EXTRA_DATA_IN_MESSAGE                     153
 #define SSL_R_GOT_A_FIN_BEFORE_A_CCS                    154
-#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS               346
-#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION          347
+#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS               355
+#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION          356
 #define SSL_R_HTTPS_PROXY_REQUEST                       155
 #define SSL_R_HTTP_REQUEST                              156
 #define SSL_R_ILLEGAL_PADDING                           283
@@ -2186,6 +2367,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_INVALID_COMMAND                           280
 #define SSL_R_INVALID_COMPRESSION_ALGORITHM             341
 #define SSL_R_INVALID_PURPOSE                           278
+#define SSL_R_INVALID_SRP_USERNAME                      357
 #define SSL_R_INVALID_STATUS_RESPONSE                   328
 #define SSL_R_INVALID_TICKET_KEYS_LENGTH                325
 #define SSL_R_INVALID_TRUST                             279
@@ -2215,6 +2397,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_MISSING_RSA_CERTIFICATE                   168
 #define SSL_R_MISSING_RSA_ENCRYPTING_CERT               169
 #define SSL_R_MISSING_RSA_SIGNING_CERT                  170
+#define SSL_R_MISSING_SRP_PARAM                                 358
 #define SSL_R_MISSING_TMP_DH_KEY                        171
 #define SSL_R_MISSING_TMP_ECDH_KEY                      311
 #define SSL_R_MISSING_TMP_RSA_KEY                       172
@@ -2244,6 +2427,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_NO_RENEGOTIATION                          339
 #define SSL_R_NO_REQUIRED_DIGEST                        324
 #define SSL_R_NO_SHARED_CIPHER                          193
+#define SSL_R_NO_SRTP_PROFILES                          359
 #define SSL_R_NO_VERIFY_CALLBACK                        194
 #define SSL_R_NULL_SSL_CTX                              195
 #define SSL_R_NULL_SSL_METHOD_PASSED                    196
@@ -2286,9 +2470,13 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING          345
 #define SSL_R_SERVERHELLO_TLSEXT                        275
 #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED          277
-#define SSL_R_SESSION_MAY_NOT_BE_CREATED                2000
 #define SSL_R_SHORT_READ                                219
+#define SSL_R_SIGNATURE_ALGORITHMS_ERROR                360
 #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE     220
+#define SSL_R_SRP_A_CALC                                361
+#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES          362
+#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG     363
+#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE           364
 #define SSL_R_SSL23_DOING_SESSION_ID_REUSE              221
 #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG               299
 #define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT            321
@@ -2333,6 +2521,8 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_TLSV1_UNRECOGNIZED_NAME                   1112
 #define SSL_R_TLSV1_UNSUPPORTED_EXTENSION               1110
 #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER      232
+#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT          365
+#define SSL_R_TLS_HEARTBEAT_PENDING                     366
 #define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                367
 #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST            157
 #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
@@ -2355,6 +2545,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_UNKNOWN_CERTIFICATE_TYPE                  247
 #define SSL_R_UNKNOWN_CIPHER_RETURNED                   248
 #define SSL_R_UNKNOWN_CIPHER_TYPE                       249
+#define SSL_R_UNKNOWN_DIGEST                            368
 #define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                         250
 #define SSL_R_UNKNOWN_PKEY_TYPE                                 251
 #define SSL_R_UNKNOWN_PROTOCOL                          252
@@ -2369,12 +2560,14 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_UNSUPPORTED_PROTOCOL                      258
 #define SSL_R_UNSUPPORTED_SSL_VERSION                   259
 #define SSL_R_UNSUPPORTED_STATUS_TYPE                   329
+#define SSL_R_USE_SRTP_NOT_NEGOTIATED                   369
 #define SSL_R_WRITE_BIO_NOT_SET                                 260
 #define SSL_R_WRONG_CIPHER_RETURNED                     261
 #define SSL_R_WRONG_MESSAGE_TYPE                        262
 #define SSL_R_WRONG_NUMBER_OF_KEY_BITS                  263
 #define SSL_R_WRONG_SIGNATURE_LENGTH                    264
 #define SSL_R_WRONG_SIGNATURE_SIZE                      265
+#define SSL_R_WRONG_SIGNATURE_TYPE                      370
 #define SSL_R_WRONG_SSL_VERSION                                 266
 #define SSL_R_WRONG_VERSION_NUMBER                      267
 #define SSL_R_X509_LIB                                  268

diff --git a/deps/openssl/openssl/ssl/ssl2.h b/deps/openssl/openssl/ssl/ssl2.h
index 99a52ea..eb25dcb 100644 (file)
--- a/deps/openssl/openssl/ssl/ssl2.h
+++ b/deps/openssl/openssl/ssl/ssl2.h
@@ -155,6 +155,8 @@ extern "C" {
 #define  CERT          char
 #endif
 
+#ifndef OPENSSL_NO_SSL_INTERN
+
 typedef struct ssl2_state_st
        {
        int three_byte_header;
@@ -219,6 +221,8 @@ typedef struct ssl2_state_st
                } tmp;
        } SSL2_STATE;
 
+#endif
+
 /* SSLv2 */
 /* client */
 #define SSL2_ST_SEND_CLIENT_HELLO_A            (0x10|SSL_ST_CONNECT)

diff --git a/deps/openssl/openssl/ssl/ssl3.h b/deps/openssl/openssl/ssl/ssl3.h
index d6425e5..247e88c 100644 (file)
--- a/deps/openssl/openssl/ssl/ssl3.h
+++ b/deps/openssl/openssl/ssl/ssl3.h
@@ -280,9 +280,6 @@ extern "C" {
 
 #define SSL3_RT_MAX_EXTRA                      (16384)
 
-/* Default buffer length used for writen records.  Thus a generated record
- * will contain plaintext no larger than this value. */
-#define SSL3_RT_DEFAULT_PLAIN_LENGTH   2048
 /* Maximum plaintext length: defined by SSL/TLS standards */
 #define SSL3_RT_MAX_PLAIN_LENGTH               16384
 /* Maximum compression overhead: defined by SSL/TLS standards */
@@ -314,13 +311,6 @@ extern "C" {
 #define SSL3_RT_MAX_PACKET_SIZE                \
                (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
 
-/* Extra space for empty fragment, headers, MAC, and padding. */
-#define SSL3_RT_DEFAULT_WRITE_OVERHEAD  256
-#define SSL3_RT_DEFAULT_PACKET_SIZE     4096 - SSL3_RT_DEFAULT_WRITE_OVERHEAD
-#if SSL3_RT_DEFAULT_PLAIN_LENGTH + SSL3_RT_DEFAULT_WRITE_OVERHEAD > SSL3_RT_DEFAULT_PACKET_SIZE
-#error "Insufficient space allocated for write buffers."
-#endif
-
 #define SSL3_MD_CLIENT_FINISHED_CONST  "\x43\x4C\x4E\x54"
 #define SSL3_MD_SERVER_FINISHED_CONST  "\x53\x52\x56\x52"
 
@@ -332,6 +322,7 @@ extern "C" {
 #define SSL3_RT_ALERT                  21
 #define SSL3_RT_HANDSHAKE              22
 #define SSL3_RT_APPLICATION_DATA       23
+#define TLS1_RT_HEARTBEAT              24
 
 #define SSL3_AL_WARNING                        1
 #define SSL3_AL_FATAL                  2
@@ -349,6 +340,11 @@ extern "C" {
 #define SSL3_AD_CERTIFICATE_UNKNOWN    46
 #define SSL3_AD_ILLEGAL_PARAMETER      47      /* fatal */
 
+#define TLS1_HB_REQUEST                1
+#define TLS1_HB_RESPONSE       2
+       
+#ifndef OPENSSL_NO_SSL_INTERN
+
 typedef struct ssl3_record_st
        {
 /*r */ int type;               /* type of record */
@@ -370,6 +366,8 @@ typedef struct ssl3_buffer_st
        int left;               /* how many bytes left */
        } SSL3_BUFFER;
 
+#endif
+
 #define SSL3_CT_RSA_SIGN                       1
 #define SSL3_CT_DSS_SIGN                       2
 #define SSL3_CT_RSA_FIXED_DH                   3
@@ -389,6 +387,7 @@ typedef struct ssl3_buffer_st
 #define SSL3_FLAGS_POP_BUFFER                  0x0004
 #define TLS1_FLAGS_TLS_PADDING_BUG             0x0008
 #define TLS1_FLAGS_SKIP_CERT_VERIFY            0x0010
+#define TLS1_FLAGS_KEEP_HANDSHAKE              0x0020
  
 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
  * restart a handshake because of MS SGC and so prevents us
@@ -401,6 +400,8 @@ typedef struct ssl3_buffer_st
  */
 #define SSL3_FLAGS_SGC_RESTART_DONE            0x0040
 
+#ifndef OPENSSL_NO_SSL_INTERN
+
 typedef struct ssl3_state_st
        {
        long flags;
@@ -476,12 +477,6 @@ typedef struct ssl3_state_st
        void *server_opaque_prf_input;
        size_t server_opaque_prf_input_len;
 
-#ifndef OPENSSL_NO_NEXTPROTONEG
-       /* Set if we saw the Next Protocol Negotiation extension from
-          our peer. */
-       int next_proto_neg_seen;
-#endif
-
        struct  {
                /* actually only needs to be 16+20 */
                unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
@@ -491,7 +486,7 @@ typedef struct ssl3_state_st
                int finish_md_len;
                unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2];
                int peer_finish_md_len;
-               
+
                unsigned long message_size;
                int message_type;
 
@@ -539,14 +534,23 @@ typedef struct ssl3_state_st
         unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
         unsigned char previous_server_finished_len;
         int send_connection_binding; /* TODOEKR */
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+       /* Set if we saw the Next Protocol Negotiation extension from our peer. */
+       int next_proto_neg_seen;
+#endif
        } SSL3_STATE;
 
+#endif
 
 /* SSLv3 */
 /*client */
 /* extra state */
 #define SSL3_ST_CW_FLUSH               (0x100|SSL_ST_CONNECT)
-#define SSL3_ST_CUTTHROUGH_COMPLETE    (0x101|SSL_ST_CONNECT)
+#ifndef OPENSSL_NO_SCTP
+#define DTLS1_SCTP_ST_CW_WRITE_SOCK                    (0x310|SSL_ST_CONNECT)
+#define DTLS1_SCTP_ST_CR_READ_SOCK                     (0x320|SSL_ST_CONNECT)
+#endif 
 /* write to server */
 #define SSL3_ST_CW_CLNT_HELLO_A                (0x110|SSL_ST_CONNECT)
 #define SSL3_ST_CW_CLNT_HELLO_B                (0x111|SSL_ST_CONNECT)
@@ -593,6 +597,10 @@ typedef struct ssl3_state_st
 /* server */
 /* extra state */
 #define SSL3_ST_SW_FLUSH               (0x100|SSL_ST_ACCEPT)
+#ifndef OPENSSL_NO_SCTP
+#define DTLS1_SCTP_ST_SW_WRITE_SOCK                    (0x310|SSL_ST_ACCEPT)
+#define DTLS1_SCTP_ST_SR_READ_SOCK                     (0x320|SSL_ST_ACCEPT)
+#endif 
 /* read from client */
 /* Do not change the number values, they do matter */
 #define SSL3_ST_SR_CLNT_HELLO_A                (0x110|SSL_ST_ACCEPT)
@@ -673,3 +681,4 @@ typedef struct ssl3_state_st
 }
 #endif
 #endif
+

diff --git a/deps/openssl/openssl/ssl/ssl_algs.c b/deps/openssl/openssl/ssl/ssl_algs.c
index 0967b2d..9c34d19 100644 (file)
--- a/deps/openssl/openssl/ssl/ssl_algs.c
+++ b/deps/openssl/openssl/ssl/ssl_algs.c
@@ -73,6 +73,9 @@ int SSL_library_init(void)
 #endif
 #ifndef OPENSSL_NO_RC4
        EVP_add_cipher(EVP_rc4());
+#if !defined(OPENSSL_NO_MD5) && (defined(__x86_64) || defined(__x86_64__))
+       EVP_add_cipher(EVP_rc4_hmac_md5());
+#endif
 #endif  
 #ifndef OPENSSL_NO_RC2
        EVP_add_cipher(EVP_rc2_cbc());
@@ -85,6 +88,13 @@ int SSL_library_init(void)
        EVP_add_cipher(EVP_aes_128_cbc());
        EVP_add_cipher(EVP_aes_192_cbc());
        EVP_add_cipher(EVP_aes_256_cbc());
+       EVP_add_cipher(EVP_aes_128_gcm());
+       EVP_add_cipher(EVP_aes_256_gcm());
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+       EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
+       EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
+#endif
+
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
        EVP_add_cipher(EVP_camellia_128_cbc());

diff --git a/deps/openssl/openssl/ssl/ssl_asn1.c b/deps/openssl/openssl/ssl/ssl_asn1.c
index d7f4c60..38540be 100644 (file)
--- a/deps/openssl/openssl/ssl/ssl_asn1.c
+++ b/deps/openssl/openssl/ssl/ssl_asn1.c
@@ -114,6 +114,9 @@ typedef struct ssl_session_asn1_st
        ASN1_OCTET_STRING psk_identity_hint;
        ASN1_OCTET_STRING psk_identity;
 #endif /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+       ASN1_OCTET_STRING srp_username;
+#endif /* OPENSSL_NO_SRP */
        } SSL_SESSION_ASN1;
 
 int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
@@ -130,6 +133,9 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
        unsigned char cbuf;
        int v11=0;
 #endif
+#ifndef OPENSSL_NO_SRP
+       int v12=0;
+#endif
        long l;
        SSL_SESSION_ASN1 a;
        M_ASN1_I2D_vars(in);
@@ -267,6 +273,14 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
                a.psk_identity.data=(unsigned char *)(in->psk_identity);
                }
 #endif /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+       if (in->srp_username)
+               {
+               a.srp_username.length=strlen(in->srp_username);
+               a.srp_username.type=V_ASN1_OCTET_STRING;
+               a.srp_username.data=(unsigned char *)(in->srp_username);
+               }
+#endif /* OPENSSL_NO_SRP */
 
        M_ASN1_I2D_len(&(a.version),            i2d_ASN1_INTEGER);
        M_ASN1_I2D_len(&(a.ssl_version),        i2d_ASN1_INTEGER);
@@ -307,6 +321,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
        if (in->psk_identity)
                M_ASN1_I2D_len_EXP_opt(&(a.psk_identity), i2d_ASN1_OCTET_STRING,8,v8);
 #endif /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+       if (in->srp_username)
+               M_ASN1_I2D_len_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12);
+#endif /* OPENSSL_NO_SRP */
 
        M_ASN1_I2D_seq_total();
 
@@ -351,6 +369,10 @@ int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
        if (in->compress_meth)
                M_ASN1_I2D_put_EXP_opt(&(a.comp_id), i2d_ASN1_OCTET_STRING,11,v11);
 #endif
+#ifndef OPENSSL_NO_SRP
+       if (in->srp_username)
+               M_ASN1_I2D_put_EXP_opt(&(a.srp_username), i2d_ASN1_OCTET_STRING,12,v12);
+#endif /* OPENSSL_NO_SRP */
        M_ASN1_I2D_finish();
        }
 
@@ -549,6 +571,19 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                }
        else
                ret->psk_identity_hint=NULL;
+
+       os.length=0;
+       os.data=NULL;
+       M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,8);
+       if (os.data)
+               {
+               ret->psk_identity = BUF_strndup((char *)os.data, os.length);
+               OPENSSL_free(os.data);
+               os.data = NULL;
+               os.length = 0;
+               }
+       else
+               ret->psk_identity=NULL;
 #endif /* OPENSSL_NO_PSK */
 
 #ifndef OPENSSL_NO_TLSEXT
@@ -588,5 +623,20 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
                }
 #endif
 
+#ifndef OPENSSL_NO_SRP
+       os.length=0;
+       os.data=NULL;
+       M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,12);
+       if (os.data)
+               {
+               ret->srp_username = BUF_strndup((char *)os.data, os.length);
+               OPENSSL_free(os.data);
+               os.data = NULL;
+               os.length = 0;
+               }
+       else
+               ret->srp_username=NULL;
+#endif /* OPENSSL_NO_SRP */
+
        M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION);
        }

diff --git a/deps/openssl/openssl/ssl/ssl_cert.c b/deps/openssl/openssl/ssl/ssl_cert.c
index 27256ee..5123a89 100644 (file)
--- a/deps/openssl/openssl/ssl/ssl_cert.c
+++ b/deps/openssl/openssl/ssl/ssl_cert.c
@@ -160,6 +160,21 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void)
        return ssl_x509_store_ctx_idx;
        }
 
+static void ssl_cert_set_default_md(CERT *cert)
+       {
+       /* Set digest values to defaults */
+#ifndef OPENSSL_NO_DSA
+       cert->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
+#endif
+#ifndef OPENSSL_NO_RSA
+       cert->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
+       cert->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
+#endif
+#ifndef OPENSSL_NO_ECDSA
+       cert->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
+#endif
+       }
+
 CERT *ssl_cert_new(void)
        {
        CERT *ret;
@@ -174,7 +189,7 @@ CERT *ssl_cert_new(void)
 
        ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]);
        ret->references=1;
-
+       ssl_cert_set_default_md(ret);
        return(ret);
        }
 
@@ -307,6 +322,10 @@ CERT *ssl_cert_dup(CERT *cert)
         * chain is held inside SSL_CTX */
 
        ret->references=1;
+       /* Set digests to defaults. NB: we don't copy existing values as they
+        * will be set during handshake.
+        */
+       ssl_cert_set_default_md(ret);
 
        return(ret);
        

diff --git a/deps/openssl/openssl/ssl/ssl_ciph.c b/deps/openssl/openssl/ssl/ssl_ciph.c
index 462c45a..0aba8e0 100644 (file)
--- a/deps/openssl/openssl/ssl/ssl_ciph.c
+++ b/deps/openssl/openssl/ssl/ssl_ciph.c
@@ -162,11 +162,13 @@
 #define SSL_ENC_CAMELLIA256_IDX        9
 #define SSL_ENC_GOST89_IDX     10
 #define SSL_ENC_SEED_IDX       11
-#define SSL_ENC_NUM_IDX                12
+#define SSL_ENC_AES128GCM_IDX  12
+#define SSL_ENC_AES256GCM_IDX  13
+#define SSL_ENC_NUM_IDX                14
 
 
 static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={
-       NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
+       NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
        };
 
 #define SSL_COMP_NULL_IDX      0
@@ -179,28 +181,32 @@ static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL;
 #define SSL_MD_SHA1_IDX        1
 #define SSL_MD_GOST94_IDX 2
 #define SSL_MD_GOST89MAC_IDX 3
+#define SSL_MD_SHA256_IDX 4
+#define SSL_MD_SHA384_IDX 5
 /*Constant SSL_MAX_DIGEST equal to size of digests array should be 
  * defined in the
  * ssl_locl.h */
 #define SSL_MD_NUM_IDX SSL_MAX_DIGEST 
 static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={
-       NULL,NULL,NULL,NULL
+       NULL,NULL,NULL,NULL,NULL,NULL
        };
 /* PKEY_TYPE for GOST89MAC is known in advance, but, because
  * implementation is engine-provided, we'll fill it only if
  * corresponding EVP_PKEY_METHOD is found 
  */
 static int  ssl_mac_pkey_id[SSL_MD_NUM_IDX]={
-       EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef
+       EVP_PKEY_HMAC,EVP_PKEY_HMAC,EVP_PKEY_HMAC,NID_undef,
+       EVP_PKEY_HMAC,EVP_PKEY_HMAC
        };
 
 static int ssl_mac_secret_size[SSL_MD_NUM_IDX]={
-       0,0,0,0
+       0,0,0,0,0,0
        };
 
 static int ssl_handshake_digest_flag[SSL_MD_NUM_IDX]={
        SSL_HANDSHAKE_MAC_MD5,SSL_HANDSHAKE_MAC_SHA,
-       SSL_HANDSHAKE_MAC_GOST94,0
+       SSL_HANDSHAKE_MAC_GOST94, 0, SSL_HANDSHAKE_MAC_SHA256,
+       SSL_HANDSHAKE_MAC_SHA384
        };
 
 #define CIPHER_ADD     1
@@ -247,6 +253,7 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
 
         {0,SSL_TXT_kPSK,0,    SSL_kPSK,  0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_kSRP,0,    SSL_kSRP,  0,0,0,0,0,0,0,0},
        {0,SSL_TXT_kGOST,0, SSL_kGOST,0,0,0,0,0,0,0,0},
 
        /* server authentication aliases */
@@ -273,6 +280,7 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_ADH,0,     SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
        {0,SSL_TXT_AECDH,0,   SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
         {0,SSL_TXT_PSK,0,     SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
+       {0,SSL_TXT_SRP,0,     SSL_kSRP,0,0,0,0,0,0,0,0},
 
 
        /* symmetric encryption aliases */
@@ -283,9 +291,10 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_IDEA,0,    0,0,SSL_IDEA,  0,0,0,0,0,0},
        {0,SSL_TXT_SEED,0,    0,0,SSL_SEED,  0,0,0,0,0,0},
        {0,SSL_TXT_eNULL,0,   0,0,SSL_eNULL, 0,0,0,0,0,0},
-       {0,SSL_TXT_AES128,0,  0,0,SSL_AES128,0,0,0,0,0,0},
-       {0,SSL_TXT_AES256,0,  0,0,SSL_AES256,0,0,0,0,0,0},
-       {0,SSL_TXT_AES,0,     0,0,SSL_AES128|SSL_AES256,0,0,0,0,0,0},
+       {0,SSL_TXT_AES128,0,  0,0,SSL_AES128|SSL_AES128GCM,0,0,0,0,0,0},
+       {0,SSL_TXT_AES256,0,  0,0,SSL_AES256|SSL_AES256GCM,0,0,0,0,0,0},
+       {0,SSL_TXT_AES,0,     0,0,SSL_AES,0,0,0,0,0,0},
+       {0,SSL_TXT_AES_GCM,0, 0,0,SSL_AES128GCM|SSL_AES256GCM,0,0,0,0,0,0},
        {0,SSL_TXT_CAMELLIA128,0,0,0,SSL_CAMELLIA128,0,0,0,0,0,0},
        {0,SSL_TXT_CAMELLIA256,0,0,0,SSL_CAMELLIA256,0,0,0,0,0,0},
        {0,SSL_TXT_CAMELLIA   ,0,0,0,SSL_CAMELLIA128|SSL_CAMELLIA256,0,0,0,0,0,0},
@@ -296,11 +305,14 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_SHA,0,     0,0,0,SSL_SHA1,  0,0,0,0,0},
        {0,SSL_TXT_GOST94,0,     0,0,0,SSL_GOST94,  0,0,0,0,0},
        {0,SSL_TXT_GOST89MAC,0,     0,0,0,SSL_GOST89MAC,  0,0,0,0,0},
+       {0,SSL_TXT_SHA256,0,    0,0,0,SSL_SHA256,  0,0,0,0,0},
+       {0,SSL_TXT_SHA384,0,    0,0,0,SSL_SHA384,  0,0,0,0,0},
 
        /* protocol version aliases */
        {0,SSL_TXT_SSLV2,0,   0,0,0,0,SSL_SSLV2, 0,0,0,0},
        {0,SSL_TXT_SSLV3,0,   0,0,0,0,SSL_SSLV3, 0,0,0,0},
        {0,SSL_TXT_TLSV1,0,   0,0,0,0,SSL_TLSV1, 0,0,0,0},
+       {0,SSL_TXT_TLSV1_2,0, 0,0,0,0,SSL_TLSV1_2, 0,0,0,0},
 
        /* export flag */
        {0,SSL_TXT_EXP,0,     0,0,0,0,0,SSL_EXPORT,0,0,0},
@@ -379,6 +391,11 @@ void ssl_load_ciphers(void)
        ssl_cipher_methods[SSL_ENC_SEED_IDX]=
          EVP_get_cipherbyname(SN_seed_cbc);
 
+       ssl_cipher_methods[SSL_ENC_AES128GCM_IDX]=
+         EVP_get_cipherbyname(SN_aes_128_gcm);
+       ssl_cipher_methods[SSL_ENC_AES256GCM_IDX]=
+         EVP_get_cipherbyname(SN_aes_256_gcm);
+
        ssl_digest_methods[SSL_MD_MD5_IDX]=
                EVP_get_digestbyname(SN_md5);
        ssl_mac_secret_size[SSL_MD_MD5_IDX]=
@@ -404,6 +421,14 @@ void ssl_load_ciphers(void)
                        ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX]=32;
                }               
 
+       ssl_digest_methods[SSL_MD_SHA256_IDX]=
+               EVP_get_digestbyname(SN_sha256);
+       ssl_mac_secret_size[SSL_MD_SHA256_IDX]=
+               EVP_MD_size(ssl_digest_methods[SSL_MD_SHA256_IDX]);
+       ssl_digest_methods[SSL_MD_SHA384_IDX]=
+               EVP_get_digestbyname(SN_sha384);
+       ssl_mac_secret_size[SSL_MD_SHA384_IDX]=
+               EVP_MD_size(ssl_digest_methods[SSL_MD_SHA384_IDX]);
        }
 #ifndef OPENSSL_NO_COMP
 
@@ -526,6 +551,12 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
        case SSL_SEED:
                i=SSL_ENC_SEED_IDX;
                break;
+       case SSL_AES128GCM:
+               i=SSL_ENC_AES128GCM_IDX;
+               break;
+       case SSL_AES256GCM:
+               i=SSL_ENC_AES256GCM_IDX;
+               break;
        default:
                i= -1;
                break;
@@ -549,6 +580,12 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
        case SSL_SHA1:
                i=SSL_MD_SHA1_IDX;
                break;
+       case SSL_SHA256:
+               i=SSL_MD_SHA256_IDX;
+               break;
+       case SSL_SHA384:
+               i=SSL_MD_SHA384_IDX;
+               break;
        case SSL_GOST94:
                i = SSL_MD_GOST94_IDX;
                break;
@@ -564,17 +601,45 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
                *md=NULL; 
                if (mac_pkey_type!=NULL) *mac_pkey_type = NID_undef;
                if (mac_secret_size!=NULL) *mac_secret_size = 0;
-
+               if (c->algorithm_mac == SSL_AEAD)
+                       mac_pkey_type = NULL;
        }
        else
        {
                *md=ssl_digest_methods[i];
                if (mac_pkey_type!=NULL) *mac_pkey_type = ssl_mac_pkey_id[i];
                if (mac_secret_size!=NULL) *mac_secret_size = ssl_mac_secret_size[i];
-       }       
+       }
+
+       if ((*enc != NULL) &&
+           (*md != NULL || (EVP_CIPHER_flags(*enc)&EVP_CIPH_FLAG_AEAD_CIPHER)) &&
+           (!mac_pkey_type||*mac_pkey_type != NID_undef))
+               {
+               const EVP_CIPHER *evp;
+
+               if (s->ssl_version>>8 != TLS1_VERSION_MAJOR ||
+                   s->ssl_version < TLS1_VERSION)
+                       return 1;
 
-       if ((*enc != NULL) && (*md != NULL) && (!mac_pkey_type||*mac_pkey_type != NID_undef))
+#ifdef OPENSSL_FIPS
+               if (FIPS_mode())
+                       return 1;
+#endif
+
+               if      (c->algorithm_enc == SSL_RC4 &&
+                        c->algorithm_mac == SSL_MD5 &&
+                        (evp=EVP_get_cipherbyname("RC4-HMAC-MD5")))
+                       *enc = evp, *md = NULL;
+               else if (c->algorithm_enc == SSL_AES128 &&
+                        c->algorithm_mac == SSL_SHA1 &&
+                        (evp=EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
+                       *enc = evp, *md = NULL;
+               else if (c->algorithm_enc == SSL_AES256 &&
+                        c->algorithm_mac == SSL_SHA1 &&
+                        (evp=EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+                       *enc = evp, *md = NULL;
                return(1);
+               }
        else
                return(0);
        }
@@ -585,9 +650,11 @@ int ssl_get_handshake_digest(int idx, long *mask, const EVP_MD **md)
                {
                return 0;
                }
-       if (ssl_handshake_digest_flag[idx]==0) return 0;
        *mask = ssl_handshake_digest_flag[idx];
-       *md = ssl_digest_methods[idx];
+       if (*mask)
+               *md = ssl_digest_methods[idx];
+       else
+               *md = NULL;
        return 1;
 }
 
@@ -662,6 +729,9 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
        *mkey |= SSL_kPSK;
        *auth |= SSL_aPSK;
 #endif
+#ifdef OPENSSL_NO_SRP
+       *mkey |= SSL_kSRP;
+#endif
        /* Check for presence of GOST 34.10 algorithms, and if they
         * do not present, disable  appropriate auth and key exchange */
        if (!get_optional_pkey_id("gost94")) {
@@ -687,6 +757,8 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
        *enc |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0;
        *enc |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES128:0;
        *enc |= (ssl_cipher_methods[SSL_ENC_AES256_IDX] == NULL) ? SSL_AES256:0;
+       *enc |= (ssl_cipher_methods[SSL_ENC_AES128GCM_IDX] == NULL) ? SSL_AES128GCM:0;
+       *enc |= (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM:0;
        *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128:0;
        *enc |= (ssl_cipher_methods[SSL_ENC_CAMELLIA256_IDX] == NULL) ? SSL_CAMELLIA256:0;
        *enc |= (ssl_cipher_methods[SSL_ENC_GOST89_IDX] == NULL) ? SSL_eGOST2814789CNT:0;
@@ -694,6 +766,8 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
 
        *mac |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0;
        *mac |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0;
+       *mac |= (ssl_digest_methods[SSL_MD_SHA256_IDX] == NULL) ? SSL_SHA256:0;
+       *mac |= (ssl_digest_methods[SSL_MD_SHA384_IDX] == NULL) ? SSL_SHA384:0;
        *mac |= (ssl_digest_methods[SSL_MD_GOST94_IDX] == NULL) ? SSL_GOST94:0;
        *mac |= (ssl_digest_methods[SSL_MD_GOST89MAC_IDX] == NULL || ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX]==NID_undef)? SSL_GOST89MAC:0;
 
@@ -724,6 +798,9 @@ static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
                c = ssl_method->get_cipher(i);
                /* drop those that use any of that is not available */
                if ((c != NULL) && c->valid &&
+#ifdef OPENSSL_FIPS
+                   (!FIPS_mode() || (c->algo_strength & SSL_FIPS)) &&
+#endif
                    !(c->algorithm_mkey & disabled_mkey) &&
                    !(c->algorithm_auth & disabled_auth) &&
                    !(c->algorithm_enc & disabled_enc) &&
@@ -1074,9 +1151,9 @@ static int ssl_cipher_process_rulestr(const char *rule_str,
                        while ( ((ch >= 'A') && (ch <= 'Z')) ||
                                ((ch >= '0') && (ch <= '9')) ||
                                ((ch >= 'a') && (ch <= 'z')) ||
-                                (ch == '-'))
+                                (ch == '-') || (ch == '.'))
 #else
-                       while ( isalnum(ch) || (ch == '-'))
+                       while ( isalnum(ch) || (ch == '-') || (ch == '.'))
 #endif
                                 {
                                 ch = *(++l);
@@ -1423,7 +1500,11 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
         */
        for (curr = head; curr != NULL; curr = curr->next)
                {
+#ifdef OPENSSL_FIPS
+               if (curr->active && (!FIPS_mode() || curr->cipher->algo_strength & SSL_FIPS))
+#else
                if (curr->active)
+#endif
                        {
                        sk_SSL_CIPHER_push(cipherstack, curr->cipher);
 #ifdef CIPHER_DEBUG
@@ -1480,6 +1561,8 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
                ver="SSLv2";
        else if (alg_ssl & SSL_SSLV3)
                ver="SSLv3";
+       else if (alg_ssl & SSL_TLSV1_2)
+               ver="TLSv1.2";
        else
                ver="unknown";
 
@@ -1512,6 +1595,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_kPSK:
                kx="PSK";
                break;
+       case SSL_kSRP:
+               kx="SRP";
+               break;
        default:
                kx="unknown";
                }
@@ -1574,6 +1660,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_AES256:
                enc="AES(256)";
                break;
+       case SSL_AES128GCM:
+               enc="AESGCM(128)";
+               break;
+       case SSL_AES256GCM:
+               enc="AESGCM(256)";
+               break;
        case SSL_CAMELLIA128:
                enc="Camellia(128)";
                break;
@@ -1596,6 +1688,15 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_SHA1:
                mac="SHA1";
                break;
+       case SSL_SHA256:
+               mac="SHA256";
+               break;
+       case SSL_SHA384:
+               mac="SHA384";
+               break;
+       case SSL_AEAD:
+               mac="AEAD";
+               break;
        default:
                mac="unknown";
                break;
@@ -1653,50 +1754,9 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
        return(ret);
        }
 
-/* return string version of key exchange algorithm */
-const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher)
+unsigned long SSL_CIPHER_get_id(const SSL_CIPHER *c)
        {
-       switch (cipher->algorithm_mkey)
-               {
-       case SSL_kRSA:
-               return SSL_TXT_RSA;
-       case SSL_kDHr:
-               return SSL_TXT_DH "_" SSL_TXT_RSA;
-       case SSL_kDHd:
-               return SSL_TXT_DH "_" SSL_TXT_DSS;
-       case SSL_kEDH:
-               switch (cipher->algorithm_auth)
-                       {
-               case SSL_aDSS:
-                       return "DHE_" SSL_TXT_DSS;
-               case SSL_aRSA:
-                       return "DHE_" SSL_TXT_RSA;
-               case SSL_aNULL:
-                       return SSL_TXT_DH "_anon";
-               default:
-                       return "UNKNOWN";
-                        }
-       case SSL_kKRB5:
-               return SSL_TXT_KRB5;
-       case SSL_kECDHr:
-               return SSL_TXT_ECDH "_" SSL_TXT_RSA;
-       case SSL_kECDHe:
-               return SSL_TXT_ECDH "_" SSL_TXT_ECDSA;
-       case SSL_kEECDH:
-               switch (cipher->algorithm_auth)
-                       {
-               case SSL_aECDSA:
-                       return "ECDHE_" SSL_TXT_ECDSA;
-               case SSL_aRSA:
-                       return "ECDHE_" SSL_TXT_RSA;
-               case SSL_aNULL:
-                       return SSL_TXT_ECDH "_anon";
-               default:
-                       return "UNKNOWN";
-                        }
-        default:
-               return "UNKNOWN";
-               }
+       return c->id;
        }
 
 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)

diff --git a/deps/openssl/openssl/ssl/ssl_err.c b/deps/openssl/openssl/ssl/ssl_err.c
index 4fcd5c0..370fb57 100644 (file)
--- a/deps/openssl/openssl/ssl/ssl_err.c
+++ b/deps/openssl/openssl/ssl/ssl_err.c
@@ -80,6 +80,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_DTLS1_ACCEPT), "DTLS1_ACCEPT"},
 {ERR_FUNC(SSL_F_DTLS1_ADD_CERT_TO_BUF),        "DTLS1_ADD_CERT_TO_BUF"},
 {ERR_FUNC(SSL_F_DTLS1_BUFFER_RECORD),  "DTLS1_BUFFER_RECORD"},
+{ERR_FUNC(SSL_F_DTLS1_CHECK_TIMEOUT_NUM),      "DTLS1_CHECK_TIMEOUT_NUM"},
 {ERR_FUNC(SSL_F_DTLS1_CLIENT_HELLO),   "DTLS1_CLIENT_HELLO"},
 {ERR_FUNC(SSL_F_DTLS1_CONNECT),        "DTLS1_CONNECT"},
 {ERR_FUNC(SSL_F_DTLS1_ENC),    "DTLS1_ENC"},
@@ -88,6 +89,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_DTLS1_GET_MESSAGE_FRAGMENT),   "DTLS1_GET_MESSAGE_FRAGMENT"},
 {ERR_FUNC(SSL_F_DTLS1_GET_RECORD),     "DTLS1_GET_RECORD"},
 {ERR_FUNC(SSL_F_DTLS1_HANDLE_TIMEOUT), "DTLS1_HANDLE_TIMEOUT"},
+{ERR_FUNC(SSL_F_DTLS1_HEARTBEAT),      "DTLS1_HEARTBEAT"},
 {ERR_FUNC(SSL_F_DTLS1_OUTPUT_CERT_CHAIN),      "DTLS1_OUTPUT_CERT_CHAIN"},
 {ERR_FUNC(SSL_F_DTLS1_PREPROCESS_FRAGMENT),    "DTLS1_PREPROCESS_FRAGMENT"},
 {ERR_FUNC(SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE),     "DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE"},
@@ -181,10 +183,12 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL3_WRITE_PENDING),   "SSL3_WRITE_PENDING"},
 {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT),  "SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT"},
 {ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT),   "SSL_ADD_CLIENTHELLO_TLSEXT"},
+{ERR_FUNC(SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT),     "SSL_ADD_CLIENTHELLO_USE_SRTP_EXT"},
 {ERR_FUNC(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK),   "SSL_add_dir_cert_subjects_to_stack"},
 {ERR_FUNC(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK),  "SSL_add_file_cert_subjects_to_stack"},
 {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT),  "SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT"},
 {ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT),   "SSL_ADD_SERVERHELLO_TLSEXT"},
+{ERR_FUNC(SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT),     "SSL_ADD_SERVERHELLO_USE_SRTP_EXT"},
 {ERR_FUNC(SSL_F_SSL_BAD_METHOD),       "SSL_BAD_METHOD"},
 {ERR_FUNC(SSL_F_SSL_BYTES_TO_CIPHER_LIST),     "SSL_BYTES_TO_CIPHER_LIST"},
 {ERR_FUNC(SSL_F_SSL_CERT_DUP), "SSL_CERT_DUP"},
@@ -201,6 +205,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_CREATE_CIPHER_LIST),       "SSL_CREATE_CIPHER_LIST"},
 {ERR_FUNC(SSL_F_SSL_CTRL),     "SSL_ctrl"},
 {ERR_FUNC(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY),    "SSL_CTX_check_private_key"},
+{ERR_FUNC(SSL_F_SSL_CTX_MAKE_PROFILES),        "SSL_CTX_MAKE_PROFILES"},
 {ERR_FUNC(SSL_F_SSL_CTX_NEW),  "SSL_CTX_new"},
 {ERR_FUNC(SSL_F_SSL_CTX_SET_CIPHER_LIST),      "SSL_CTX_set_cipher_list"},
 {ERR_FUNC(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE),       "SSL_CTX_set_client_cert_engine"},
@@ -223,14 +228,17 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_GET_NEW_SESSION),  "SSL_GET_NEW_SESSION"},
 {ERR_FUNC(SSL_F_SSL_GET_PREV_SESSION), "SSL_GET_PREV_SESSION"},
 {ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_CERT),     "SSL_GET_SERVER_SEND_CERT"},
+{ERR_FUNC(SSL_F_SSL_GET_SERVER_SEND_PKEY),     "SSL_GET_SERVER_SEND_PKEY"},
 {ERR_FUNC(SSL_F_SSL_GET_SIGN_PKEY),    "SSL_GET_SIGN_PKEY"},
 {ERR_FUNC(SSL_F_SSL_INIT_WBIO_BUFFER), "SSL_INIT_WBIO_BUFFER"},
 {ERR_FUNC(SSL_F_SSL_LOAD_CLIENT_CA_FILE),      "SSL_load_client_CA_file"},
 {ERR_FUNC(SSL_F_SSL_NEW),      "SSL_new"},
 {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT),        "SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT"},
 {ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT), "SSL_PARSE_CLIENTHELLO_TLSEXT"},
+{ERR_FUNC(SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT),   "SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT"},
 {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT),        "SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT"},
 {ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT), "SSL_PARSE_SERVERHELLO_TLSEXT"},
+{ERR_FUNC(SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT),   "SSL_PARSE_SERVERHELLO_USE_SRTP_EXT"},
 {ERR_FUNC(SSL_F_SSL_PEEK),     "SSL_peek"},
 {ERR_FUNC(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT),       "SSL_PREPARE_CLIENTHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT),       "SSL_PREPARE_SERVERHELLO_TLSEXT"},
@@ -239,6 +247,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_RSA_PUBLIC_ENCRYPT),       "SSL_RSA_PUBLIC_ENCRYPT"},
 {ERR_FUNC(SSL_F_SSL_SESSION_NEW),      "SSL_SESSION_new"},
 {ERR_FUNC(SSL_F_SSL_SESSION_PRINT_FP), "SSL_SESSION_print_fp"},
+{ERR_FUNC(SSL_F_SSL_SESSION_SET1_ID_CONTEXT),  "SSL_SESSION_set1_id_context"},
 {ERR_FUNC(SSL_F_SSL_SESS_CERT_NEW),    "SSL_SESS_CERT_NEW"},
 {ERR_FUNC(SSL_F_SSL_SET_CERT), "SSL_SET_CERT"},
 {ERR_FUNC(SSL_F_SSL_SET_CIPHER_LIST),  "SSL_set_cipher_list"},
@@ -252,6 +261,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_SSL_SET_TRUST),        "SSL_set_trust"},
 {ERR_FUNC(SSL_F_SSL_SET_WFD),  "SSL_set_wfd"},
 {ERR_FUNC(SSL_F_SSL_SHUTDOWN), "SSL_shutdown"},
+{ERR_FUNC(SSL_F_SSL_SRP_CTX_INIT),     "SSL_SRP_CTX_init"},
 {ERR_FUNC(SSL_F_SSL_UNDEFINED_CONST_FUNCTION), "SSL_UNDEFINED_CONST_FUNCTION"},
 {ERR_FUNC(SSL_F_SSL_UNDEFINED_FUNCTION),       "SSL_UNDEFINED_FUNCTION"},
 {ERR_FUNC(SSL_F_SSL_UNDEFINED_VOID_FUNCTION),  "SSL_UNDEFINED_VOID_FUNCTION"},
@@ -271,6 +281,8 @@ static ERR_STRING_DATA SSL_str_functs[]=
 {ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE),     "TLS1_CHANGE_CIPHER_STATE"},
 {ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT),        "TLS1_CHECK_SERVERHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_TLS1_ENC),     "TLS1_ENC"},
+{ERR_FUNC(SSL_F_TLS1_EXPORT_KEYING_MATERIAL),  "TLS1_EXPORT_KEYING_MATERIAL"},
+{ERR_FUNC(SSL_F_TLS1_HEARTBEAT),       "SSL_F_TLS1_HEARTBEAT"},
 {ERR_FUNC(SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT),      "TLS1_PREPARE_CLIENTHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT),      "TLS1_PREPARE_SERVERHELLO_TLSEXT"},
 {ERR_FUNC(SSL_F_TLS1_PRF),     "tls1_prf"},
@@ -313,6 +325,13 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH),"bad rsa modulus length"},
 {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE)     ,"bad rsa signature"},
 {ERR_REASON(SSL_R_BAD_SIGNATURE)         ,"bad signature"},
+{ERR_REASON(SSL_R_BAD_SRP_A_LENGTH)      ,"bad srp a length"},
+{ERR_REASON(SSL_R_BAD_SRP_B_LENGTH)      ,"bad srp b length"},
+{ERR_REASON(SSL_R_BAD_SRP_G_LENGTH)      ,"bad srp g length"},
+{ERR_REASON(SSL_R_BAD_SRP_N_LENGTH)      ,"bad srp n length"},
+{ERR_REASON(SSL_R_BAD_SRP_S_LENGTH)      ,"bad srp s length"},
+{ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE)    ,"bad srtp mki value"},
+{ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),"bad srtp protection profile list"},
 {ERR_REASON(SSL_R_BAD_SSL_FILETYPE)      ,"bad ssl filetype"},
 {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH),"bad ssl session id length"},
 {ERR_REASON(SSL_R_BAD_STATE)             ,"bad state"},
@@ -351,6 +370,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"},
 {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"},
 {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
+{ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"},
 {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},
 {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},
 {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),"error in received cipher list"},
@@ -367,6 +387,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_INVALID_COMMAND)       ,"invalid command"},
 {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM),"invalid compression algorithm"},
 {ERR_REASON(SSL_R_INVALID_PURPOSE)       ,"invalid purpose"},
+{ERR_REASON(SSL_R_INVALID_SRP_USERNAME)  ,"invalid srp username"},
 {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE),"invalid status response"},
 {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH),"invalid ticket keys length"},
 {ERR_REASON(SSL_R_INVALID_TRUST)         ,"invalid trust"},
@@ -396,6 +417,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE),"missing rsa certificate"},
 {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT),"missing rsa encrypting cert"},
 {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT),"missing rsa signing cert"},
+{ERR_REASON(SSL_R_MISSING_SRP_PARAM)     ,"can't find SRP server param"},
 {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY)    ,"missing tmp dh key"},
 {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY)  ,"missing tmp ecdh key"},
 {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY)   ,"missing tmp rsa key"},
@@ -425,6 +447,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_NO_RENEGOTIATION)      ,"no renegotiation"},
 {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST)    ,"digest requred for handshake isn't computed"},
 {ERR_REASON(SSL_R_NO_SHARED_CIPHER)      ,"no shared cipher"},
+{ERR_REASON(SSL_R_NO_SRTP_PROFILES)      ,"no srtp profiles"},
 {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK)    ,"no verify callback"},
 {ERR_REASON(SSL_R_NULL_SSL_CTX)          ,"null ssl ctx"},
 {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED),"null ssl method passed"},
@@ -467,9 +490,13 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},
 {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT)    ,"serverhello tlsext"},
 {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
-{ERR_REASON(SSL_R_SESSION_MAY_NOT_BE_CREATED),"session may not be created"},
 {ERR_REASON(SSL_R_SHORT_READ)            ,"short read"},
+{ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR),"signature algorithms error"},
 {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
+{ERR_REASON(SSL_R_SRP_A_CALC)            ,"error with the srp params"},
+{ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),"srtp could not allocate profiles"},
+{ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),"srtp protection profile list too long"},
+{ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),"srtp unknown protection profile"},
 {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
 {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG),"ssl2 connection id too long"},
 {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT),"ssl3 ext invalid ecpointformat"},
@@ -514,6 +541,9 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME),"tlsv1 unrecognized name"},
 {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION),"tlsv1 unsupported extension"},
 {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER),"tls client cert req with anon cipher"},
+{ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),"peer does not accept heartbearts"},
+{ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) ,"heartbeat request already pending"},
+{ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),"tls illegal exporter label"},
 {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),"tls invalid ecpointformat list"},
 {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST),"tls peer did not respond with certificate list"},
 {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG),"tls rsa encrypted value length is wrong"},
@@ -535,6 +565,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE),"unknown certificate type"},
 {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED),"unknown cipher returned"},
 {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE)   ,"unknown cipher type"},
+{ERR_REASON(SSL_R_UNKNOWN_DIGEST)        ,"unknown digest"},
 {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),"unknown key exchange type"},
 {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE)     ,"unknown pkey type"},
 {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL)      ,"unknown protocol"},
@@ -549,12 +580,14 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL)  ,"unsupported protocol"},
 {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION),"unsupported ssl version"},
 {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE),"unsupported status type"},
+{ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED),"use srtp not negotiated"},
 {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET)     ,"write bio not set"},
 {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) ,"wrong cipher returned"},
 {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE)    ,"wrong message type"},
 {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS),"wrong number of key bits"},
 {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
 {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE)  ,"wrong signature size"},
+{ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE)  ,"wrong signature type"},
 {ERR_REASON(SSL_R_WRONG_SSL_VERSION)     ,"wrong ssl version"},
 {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER)  ,"wrong version number"},
 {ERR_REASON(SSL_R_X509_LIB)              ,"x509 lib"},

diff --git a/deps/openssl/openssl/ssl/ssl_lib.c b/deps/openssl/openssl/ssl/ssl_lib.c
index add3058..14d143d 100644 (file)
--- a/deps/openssl/openssl/ssl/ssl_lib.c
+++ b/deps/openssl/openssl/ssl/ssl_lib.c
@@ -176,7 +176,10 @@ SSL3_ENC_METHOD ssl3_undef_enc_method={
        0,      /* client_finished_label_len */
        NULL,   /* server_finished_label */
        0,      /* server_finished_label_len */
-       (int (*)(int))ssl_undefined_function
+       (int (*)(int))ssl_undefined_function,
+       (int (*)(SSL *, unsigned char *, size_t, const char *,
+                size_t, const unsigned char *, size_t,
+                int use_context)) ssl_undefined_function,
        };
 
 int SSL_clear(SSL *s)
@@ -202,9 +205,9 @@ int SSL_clear(SSL *s)
        * needed because SSL_clear is not called when doing renegotiation) */
        /* This is set if we are doing dynamic renegotiation so keep
         * the old cipher.  It is sort of a SSL_clear_lite :-) */
-       if (s->new_session) return(1);
+       if (s->renegotiate) return(1);
 #else
-       if (s->new_session)
+       if (s->renegotiate)
                {
                SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR);
                return 0;
@@ -326,7 +329,6 @@ SSL *SSL_new(SSL_CTX *ctx)
        OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
        memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
        s->verify_callback=ctx->default_verify_callback;
-       s->session_creation_enabled=1;
        s->generate_session_id=ctx->generate_session_id;
 
        s->param = X509_VERIFY_PARAM_new();
@@ -595,6 +597,11 @@ void SSL_free(SSL *s)
                OPENSSL_free(s->next_proto_negotiated);
 #endif
 
+#ifndef OPENSSL_NO_SRTP
+        if (s->srtp_profiles)
+            sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
+#endif
+
        OPENSSL_free(s);
        }
 
@@ -1017,10 +1024,21 @@ int SSL_shutdown(SSL *s)
 
 int SSL_renegotiate(SSL *s)
        {
-       if (s->new_session == 0)
-               {
-               s->new_session=1;
-               }
+       if (s->renegotiate == 0)
+               s->renegotiate=1;
+
+       s->new_session=1;
+
+       return(s->method->ssl_renegotiate(s));
+       }
+
+int SSL_renegotiate_abbreviated(SSL *s)
+       {
+       if (s->renegotiate == 0)
+               s->renegotiate=1;
+
+       s->new_session=0;
+
        return(s->method->ssl_renegotiate(s));
        }
 
@@ -1028,7 +1046,7 @@ int SSL_renegotiate_pending(SSL *s)
        {
        /* becomes true when negotiation is requested;
         * false again once a handshake has finished */
-       return (s->new_session != 0);
+       return (s->renegotiate != 0);
        }
 
 long SSL_ctrl(SSL *s,int cmd,long larg,void *parg)
@@ -1317,32 +1335,6 @@ int SSL_set_cipher_list(SSL *s,const char *str)
        return 1;
        }
 
-/** specify the ciphers to be used by the SSL */
-int SSL_set_cipher_lists(SSL *s,STACK_OF(SSL_CIPHER) *sk)
-       {
-       STACK_OF(SSL_CIPHER) *tmp_cipher_list;
-
-       if (sk == NULL)
-               return 0;
-
-        /* Based on end of ssl_create_cipher_list */
-       tmp_cipher_list = sk_SSL_CIPHER_dup(sk);
-       if (tmp_cipher_list == NULL)
-               {
-               return 0;
-               }
-       if (s->cipher_list != NULL)
-               sk_SSL_CIPHER_free(s->cipher_list);
-       s->cipher_list = sk;
-       if (s->cipher_list_by_id != NULL)
-               sk_SSL_CIPHER_free(s->cipher_list_by_id);
-       s->cipher_list_by_id = tmp_cipher_list;
-       (void)sk_SSL_CIPHER_set_cmp_func(s->cipher_list_by_id,ssl_cipher_ptr_id_cmp);
-
-       sk_SSL_CIPHER_sort(s->cipher_list_by_id);
-       return 1;
-       }
-
 /* works well for SSLv2, not so good for SSLv3 */
 char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
        {
@@ -1395,6 +1387,10 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
        for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
                {
                c=sk_SSL_CIPHER_value(sk,i);
+               /* Skip TLS v1.2 only ciphersuites if lower than v1.2 */
+               if ((c->algorithm_ssl & SSL_TLSV1_2) && 
+                       (TLS1_get_client_version(s) < TLS1_2_VERSION))
+                       continue;
 #ifndef OPENSSL_NO_KRB5
                if (((c->algorithm_mkey & SSL_kKRB5) || (c->algorithm_auth & SSL_aKRB5)) &&
                    nokrb5)
@@ -1412,7 +1408,7 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
        /* If p == q, no ciphers and caller indicates an error. Otherwise
         * add SCSV if not renegotiating.
         */
-       if (p != q && !s->new_session)
+       if (p != q && !s->renegotiate)
                {
                static SSL_CIPHER scsv =
                        {
@@ -1459,7 +1455,7 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
                        (p[n-1] == (SSL3_CK_SCSV & 0xff)))
                        {
                        /* SCSV fatal if renegotiating */
-                       if (s->new_session)
+                       if (s->renegotiate)
                                {
                                SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
                                ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); 
@@ -1632,10 +1628,21 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned
        ctx->next_proto_select_cb = cb;
        ctx->next_proto_select_cb_arg = arg;
        }
-
 # endif
 #endif
 
+int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+       const char *label, size_t llen, const unsigned char *p, size_t plen,
+       int use_context)
+       {
+       if (s->version < TLS1_VERSION)
+               return -1;
+
+       return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
+                                                          llen, p, plen,
+                                                          use_context);
+       }
+
 static unsigned long ssl_session_hash(const SSL_SESSION *a)
        {
        unsigned long l;
@@ -1679,6 +1686,14 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
                return(NULL);
                }
 
+#ifdef OPENSSL_FIPS
+       if (FIPS_mode() && (meth->version < TLS1_VERSION))      
+               {
+               SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE);
+               return NULL;
+               }
+#endif
+
        if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0)
                {
                SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
@@ -1808,6 +1823,9 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
        ret->psk_client_callback=NULL;
        ret->psk_server_callback=NULL;
 #endif
+#ifndef OPENSSL_NO_SRP
+       SSL_CTX_SRP_CTX_init(ret);
+#endif
 #ifndef OPENSSL_NO_BUF_FREELISTS
        ret->freelist_max_len = SSL_MAX_BUF_FREELIST_LEN_DEFAULT;
        ret->rbuf_freelist = OPENSSL_malloc(sizeof(SSL3_BUF_FREELIST));
@@ -1936,10 +1954,18 @@ void SSL_CTX_free(SSL_CTX *a)
        a->comp_methods = NULL;
 #endif
 
+#ifndef OPENSSL_NO_SRTP
+        if (a->srtp_profiles)
+                sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
+#endif
+
 #ifndef OPENSSL_NO_PSK
        if (a->psk_identity_hint)
                OPENSSL_free(a->psk_identity_hint);
 #endif
+#ifndef OPENSSL_NO_SRP
+       SSL_CTX_SRP_CTX_free(a);
+#endif
 #ifndef OPENSSL_NO_ENGINE
        if (a->client_cert_engine)
                ENGINE_finish(a->client_cert_engine);
@@ -2193,12 +2219,13 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 
 #ifndef OPENSSL_NO_EC
 
-int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
        {
        unsigned long alg_k, alg_a;
        EVP_PKEY *pkey = NULL;
        int keysize = 0;
        int signature_nid = 0, md_nid = 0, pk_nid = 0;
+       const SSL_CIPHER *cs = s->s3->tmp.new_cipher;
 
        alg_k = cs->algorithm_mkey;
        alg_a = cs->algorithm_auth;
@@ -2228,7 +2255,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
                        SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);
                        return 0;
                        }
-               if (alg_k & SSL_kECDHe)
+               if ((alg_k & SSL_kECDHe) && TLS1_get_version(s) < TLS1_2_VERSION)
                        {
                        /* signature alg must be ECDSA */
                        if (pk_nid != NID_X9_62_id_ecPublicKey)
@@ -2237,7 +2264,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
                                return 0;
                                }
                        }
-               if (alg_k & SSL_kECDHr)
+               if ((alg_k & SSL_kECDHr) && TLS1_get_version(s) < TLS1_2_VERSION)
                        {
                        /* signature alg must be RSA */
 
@@ -2264,7 +2291,7 @@ int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs)
 #endif
 
 /* THIS NEEDS CLEANING UP */
-X509 *ssl_get_server_send_cert(SSL *s)
+CERT_PKEY *ssl_get_server_send_pkey(const SSL *s)
        {
        unsigned long alg_k,alg_a;
        CERT *c;
@@ -2319,42 +2346,52 @@ X509 *ssl_get_server_send_cert(SSL *s)
                i=SSL_PKEY_GOST01;
        else /* if (alg_a & SSL_aNULL) */
                {
-               SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR);
+               SSLerr(SSL_F_SSL_GET_SERVER_SEND_PKEY,ERR_R_INTERNAL_ERROR);
                return(NULL);
                }
-       if (c->pkeys[i].x509 == NULL) return(NULL);
 
-       return(c->pkeys[i].x509);
+       return c->pkeys + i;
+       }
+
+X509 *ssl_get_server_send_cert(const SSL *s)
+       {
+       CERT_PKEY *cpk;
+       cpk = ssl_get_server_send_pkey(s);
+       if (!cpk)
+               return NULL;
+       return cpk->x509;
        }
 
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher)
+EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *cipher, const EVP_MD **pmd)
        {
        unsigned long alg_a;
        CERT *c;
+       int idx = -1;
 
        alg_a = cipher->algorithm_auth;
        c=s->cert;
 
        if ((alg_a & SSL_aDSS) &&
                (c->pkeys[SSL_PKEY_DSA_SIGN].privatekey != NULL))
-               return(c->pkeys[SSL_PKEY_DSA_SIGN].privatekey);
+               idx = SSL_PKEY_DSA_SIGN;
        else if (alg_a & SSL_aRSA)
                {
                if (c->pkeys[SSL_PKEY_RSA_SIGN].privatekey != NULL)
-                       return(c->pkeys[SSL_PKEY_RSA_SIGN].privatekey);
+                       idx = SSL_PKEY_RSA_SIGN;
                else if (c->pkeys[SSL_PKEY_RSA_ENC].privatekey != NULL)
-                       return(c->pkeys[SSL_PKEY_RSA_ENC].privatekey);
-               else
-                       return(NULL);
+                       idx = SSL_PKEY_RSA_ENC;
                }
        else if ((alg_a & SSL_aECDSA) &&
                 (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
-               return(c->pkeys[SSL_PKEY_ECC].privatekey);
-       else /* if (alg_a & SSL_aNULL) */
+               idx = SSL_PKEY_ECC;
+       if (idx == -1)
                {
                SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR);
                return(NULL);
                }
+       if (pmd)
+               *pmd = c->pkeys[idx].digest;
+       return c->pkeys[idx].privatekey;
        }
 
 void ssl_update_cache(SSL *s,int mode)
@@ -2577,45 +2614,22 @@ SSL_METHOD *ssl_bad_method(int ver)
        return(NULL);
        }
 
-static const char *ssl_get_version(int version)
+const char *SSL_get_version(const SSL *s)
        {
-       if (version == TLS1_VERSION)
+       if (s->version == TLS1_2_VERSION)
+               return("TLSv1.2");
+       else if (s->version == TLS1_1_VERSION)
+               return("TLSv1.1");
+       else if (s->version == TLS1_VERSION)
                return("TLSv1");
-       else if (version == SSL3_VERSION)
+       else if (s->version == SSL3_VERSION)
                return("SSLv3");
-       else if (version == SSL2_VERSION)
+       else if (s->version == SSL2_VERSION)
                return("SSLv2");
        else
                return("unknown");
        }
 
-const char *SSL_get_version(const SSL *s)
-       {
-               return ssl_get_version(s->version);
-       }
-
-const char *SSL_SESSION_get_version(const SSL_SESSION *s)
-       {
-               return ssl_get_version(s->ssl_version);
-       }
-
-const char* SSL_authentication_method(const SSL* ssl)
-       {
-       if (ssl->cert != NULL && ssl->cert->rsa_tmp != NULL)
-               return SSL_TXT_RSA "_" SSL_TXT_EXPORT;
-       switch (ssl->version)
-               {
-       case SSL2_VERSION:
-               return SSL_TXT_RSA;
-       case SSL3_VERSION:
-       case TLS1_VERSION:
-       case DTLS1_VERSION:
-               return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher);
-       default:
-               return "UNKNOWN";
-               }
-       }
-
 SSL *SSL_dup(SSL *s)
        {
        STACK_OF(X509_NAME) *sk;
@@ -2700,6 +2714,7 @@ SSL *SSL_dup(SSL *s)
        ret->in_handshake = s->in_handshake;
        ret->handshake_func = s->handshake_func;
        ret->server = s->server;
+       ret->renegotiate = s->renegotiate;
        ret->new_session = s->new_session;
        ret->quiet_shutdown = s->quiet_shutdown;
        ret->shutdown=s->shutdown;
@@ -2777,7 +2792,9 @@ void ssl_clear_cipher_ctx(SSL *s)
 /* Fix this function so that it takes an optional type parameter */
 X509 *SSL_get_certificate(const SSL *s)
        {
-       if (s->cert != NULL)
+       if (s->server)
+               return(ssl_get_server_send_cert(s));
+       else if (s->cert != NULL)
                return(s->cert->key->x509);
        else
                return(NULL);
@@ -2965,6 +2982,11 @@ int SSL_state(const SSL *ssl)
        return(ssl->state);
        }
 
+void SSL_set_state(SSL *ssl, int state)
+       {
+       ssl->state = state;
+       }
+
 void SSL_set_verify_result(SSL *ssl,long arg)
        {
        ssl->verify_result=arg;
@@ -3203,31 +3225,6 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
        SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
        }
 
-int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-        const char *label, size_t llen, const unsigned char *p, size_t plen,
-        int use_context)
-       {
-       if (s->version < TLS1_VERSION)
-               return -1;
-
-       return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
-                                                          llen, p, plen,
-                                                          use_context);
-       }
-
-int SSL_cutthrough_complete(const SSL *s)
-       {
-       return (!s->server &&                 /* cutthrough only applies to clients */
-               !s->hit &&                        /* full-handshake */
-               s->version >= SSL3_VERSION &&
-               s->s3->in_read_app_data == 0 &&   /* cutthrough only applies to write() */
-               (SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) &&  /* cutthrough enabled */
-               SSL_get_cipher_bits(s, NULL) >= 128 &&                      /* strong cipher choosen */
-               s->s3->previous_server_finished_len == 0 &&                 /* not a renegotiation handshake */
-               (s->state == SSL3_ST_CR_SESSION_TICKET_A ||                 /* ready to write app-data*/
-                       s->state == SSL3_ST_CR_FINISHED_A));
-       }
-
 /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
  * vairable, freeing  EVP_MD_CTX previously stored in that variable, if
  * any. If EVP_MD pointer is passed, initializes ctx with this md
@@ -3248,6 +3245,16 @@ void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
        *hash=NULL;
 }
 
+void SSL_set_debug(SSL *s, int debug)
+       {
+       s->debug = debug;
+       }
+
+int SSL_cache_hit(SSL *s)
+       {
+       return s->hit;
+       }
+
 #if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16)
 #include "../crypto/bio/bss_file.c"
 #endif
@@ -3256,4 +3263,3 @@ IMPLEMENT_STACK_OF(SSL_CIPHER)
 IMPLEMENT_STACK_OF(SSL_COMP)
 IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
                                    ssl_cipher_id);
-

diff --git a/deps/openssl/openssl/ssl/ssl_locl.h b/deps/openssl/openssl/ssl/ssl_locl.h
index af607e6..1b98947 100644 (file)
--- a/deps/openssl/openssl/ssl/ssl_locl.h
+++ b/deps/openssl/openssl/ssl/ssl_locl.h
@@ -170,7 +170,7 @@
 # define OPENSSL_EXTERN OPENSSL_EXPORT
 #endif
 
-#define PKCS1_CHECK
+#undef PKCS1_CHECK
 
 #define c2l(c,l)       (l = ((unsigned long)(*((c)++)))     , \
                         l|=(((unsigned long)(*((c)++)))<< 8), \
@@ -215,6 +215,15 @@
                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
                         *((c)++)=(unsigned char)(((l)    )&0xff))
 
+#define l2n8(l,c)      (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
+                        *((c)++)=(unsigned char)(((l)>>48)&0xff), \
+                        *((c)++)=(unsigned char)(((l)>>40)&0xff), \
+                        *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+                        *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                        *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                        *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                        *((c)++)=(unsigned char)(((l)    )&0xff))
+
 #define n2l6(c,l)      (l =((BN_ULLONG)(*((c)++)))<<40, \
                         l|=((BN_ULLONG)(*((c)++)))<<32, \
                         l|=((BN_ULLONG)(*((c)++)))<<24, \
@@ -289,6 +298,7 @@
 #define SSL_kEECDH             0x00000080L /* ephemeral ECDH */
 #define SSL_kPSK               0x00000100L /* PSK */
 #define SSL_kGOST       0x00000200L /* GOST key exchange */
+#define SSL_kSRP        0x00000400L /* SRP */
 
 /* Bits for algorithm_auth (server authentication) */
 #define SSL_aRSA               0x00000001L /* RSA auth */
@@ -316,21 +326,29 @@
 #define SSL_CAMELLIA256                0x00000200L
 #define SSL_eGOST2814789CNT    0x00000400L
 #define SSL_SEED               0x00000800L
+#define SSL_AES128GCM          0x00001000L
+#define SSL_AES256GCM          0x00002000L
 
-#define SSL_AES                        (SSL_AES128|SSL_AES256)
+#define SSL_AES                        (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
 #define SSL_CAMELLIA           (SSL_CAMELLIA128|SSL_CAMELLIA256)
 
 
 /* Bits for algorithm_mac (symmetric authentication) */
+
 #define SSL_MD5                        0x00000001L
 #define SSL_SHA1               0x00000002L
 #define SSL_GOST94      0x00000004L
 #define SSL_GOST89MAC   0x00000008L
+#define SSL_SHA256             0x00000010L
+#define SSL_SHA384             0x00000020L
+/* Not a real MAC, just an indication it is part of cipher */
+#define SSL_AEAD               0x00000040L
 
 /* Bits for algorithm_ssl (protocol version) */
 #define SSL_SSLV2              0x00000001L
 #define SSL_SSLV3              0x00000002L
 #define SSL_TLSV1              SSL_SSLV3       /* for now */
+#define SSL_TLSV1_2            0x00000004L
 
 
 /* Bits for algorithm2 (handshake digests and other extra flags) */
@@ -338,15 +356,21 @@
 #define SSL_HANDSHAKE_MAC_MD5 0x10
 #define SSL_HANDSHAKE_MAC_SHA 0x20
 #define SSL_HANDSHAKE_MAC_GOST94 0x40
+#define SSL_HANDSHAKE_MAC_SHA256 0x80
+#define SSL_HANDSHAKE_MAC_SHA384 0x100
 #define SSL_HANDSHAKE_MAC_DEFAULT (SSL_HANDSHAKE_MAC_MD5 | SSL_HANDSHAKE_MAC_SHA)
 
 /* When adding new digest in the ssl_ciph.c and increment SSM_MD_NUM_IDX
  * make sure to update this constant too */
-#define SSL_MAX_DIGEST 4
+#define SSL_MAX_DIGEST 6
 
-#define TLS1_PRF_DGST_SHIFT 8
+#define TLS1_PRF_DGST_MASK     (0xff << TLS1_PRF_DGST_SHIFT)
+
+#define TLS1_PRF_DGST_SHIFT 10
 #define TLS1_PRF_MD5 (SSL_HANDSHAKE_MAC_MD5 << TLS1_PRF_DGST_SHIFT)
 #define TLS1_PRF_SHA1 (SSL_HANDSHAKE_MAC_SHA << TLS1_PRF_DGST_SHIFT)
+#define TLS1_PRF_SHA256 (SSL_HANDSHAKE_MAC_SHA256 << TLS1_PRF_DGST_SHIFT)
+#define TLS1_PRF_SHA384 (SSL_HANDSHAKE_MAC_SHA384 << TLS1_PRF_DGST_SHIFT)
 #define TLS1_PRF_GOST94 (SSL_HANDSHAKE_MAC_GOST94 << TLS1_PRF_DGST_SHIFT)
 #define TLS1_PRF (TLS1_PRF_MD5 | TLS1_PRF_SHA1)
 
@@ -456,8 +480,9 @@
 typedef struct cert_pkey_st
        {
        X509 *x509;
-       STACK_OF(X509) *cert_chain;
        EVP_PKEY *privatekey;
+       /* Digest to use when signing */
+       const EVP_MD *digest;
        } CERT_PKEY;
 
 typedef struct cert_st
@@ -596,11 +621,12 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
 extern SSL3_ENC_METHOD SSLv3_enc_data;
 extern SSL3_ENC_METHOD DTLSv1_enc_data;
 
-#define IMPLEMENT_tls1_meth_func(func_name, s_accept, s_connect, s_get_meth) \
+#define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
+                               s_get_meth) \
 const SSL_METHOD *func_name(void)  \
        { \
        static const SSL_METHOD func_name##_data= { \
-               TLS1_VERSION, \
+               version, \
                tls1_new, \
                tls1_clear, \
                tls1_free, \
@@ -674,7 +700,7 @@ const SSL_METHOD *func_name(void)  \
 const SSL_METHOD *func_name(void)  \
        { \
        static const SSL_METHOD func_name##_data= { \
-       TLS1_VERSION, \
+       TLS1_2_VERSION, \
        tls1_new, \
        tls1_clear, \
        tls1_free, \
@@ -757,7 +783,7 @@ const SSL_METHOD *func_name(void)  \
                ssl3_read, \
                ssl3_peek, \
                ssl3_write, \
-               ssl3_shutdown, \
+               dtls1_shutdown, \
                ssl3_renegotiate, \
                ssl3_renegotiate_check, \
                dtls1_get_message, \
@@ -813,8 +839,9 @@ int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
 int ssl_undefined_function(SSL *s);
 int ssl_undefined_void_function(void);
 int ssl_undefined_const_function(const SSL *s);
-X509 *ssl_get_server_send_cert(SSL *);
-EVP_PKEY *ssl_get_sign_pkey(SSL *,const SSL_CIPHER *);
+CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
+X509 *ssl_get_server_send_cert(const SSL *);
+EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
 int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
@@ -948,6 +975,7 @@ void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
 void dtls1_reset_seq_numbers(SSL *s, int rw);
 long dtls1_default_timeout(void);
 struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
+int dtls1_check_timeout_num(SSL *s);
 int dtls1_handle_timeout(SSL *s);
 const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
 void dtls1_start_timer(SSL *s);
@@ -1024,6 +1052,7 @@ int       dtls1_connect(SSL *s);
 void dtls1_free(SSL *s);
 void dtls1_clear(SSL *s);
 long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
+int dtls1_shutdown(SSL *s);
 
 long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
 int dtls1_get_record(SSL *s);
@@ -1045,14 +1074,14 @@ int tls1_mac(SSL *ssl, unsigned char *md, int snd);
 int tls1_generate_master_secret(SSL *s, unsigned char *out,
        unsigned char *p, int len);
 int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-       const char *label, size_t llen, const unsigned char *p,
-       size_t plen, int use_context);
+       const char *label, size_t llen,
+       const unsigned char *p, size_t plen, int use_context);
 int tls1_alert_code(int code);
 int ssl3_alert_code(int code);
 int ssl_ok(SSL *s);
 
 #ifndef OPENSSL_NO_ECDH
-int ssl_check_srvr_ecc_cert_and_alg(X509 *x, const SSL_CIPHER *cs);
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
 #endif
 
 SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
@@ -1069,9 +1098,17 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d,
 int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
 int ssl_prepare_clienthello_tlsext(SSL *s);
 int ssl_prepare_serverhello_tlsext(SSL *s);
-int ssl_check_clienthello_tlsext(SSL *s);
+int ssl_check_clienthello_tlsext_early(SSL *s);
+int ssl_check_clienthello_tlsext_late(SSL *s);
 int ssl_check_serverhello_tlsext(SSL *s);
 
+#ifndef OPENSSL_NO_HEARTBEATS
+int tls1_heartbeat(SSL *s);
+int dtls1_heartbeat(SSL *s);
+int tls1_process_heartbeat(SSL *s);
+int dtls1_process_heartbeat(SSL *s);
+#endif
+
 #ifdef OPENSSL_NO_SHA256
 #define tlsext_tick_md EVP_sha1
 #else
@@ -1079,6 +1116,12 @@ int ssl_check_serverhello_tlsext(SSL *s);
 #endif
 int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
                                const unsigned char *limit, SSL_SESSION **ret);
+
+int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
+                               const EVP_MD *md);
+int tls12_get_sigid(const EVP_PKEY *pk);
+const EVP_MD *tls12_get_hash(unsigned char hash_alg);
+
 #endif
 EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
@@ -1090,4 +1133,42 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
                                        int maxlen);
 int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
                                          int *al);
+long ssl_get_algorithm2(SSL *s);
+int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
+int tls12_get_req_sig_algs(SSL *s, unsigned char *p);
+
+int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
+int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
+int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
+int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
+
+/* s3_cbc.c */
+void ssl3_cbc_copy_mac(unsigned char* out,
+                      const SSL3_RECORD *rec,
+                      unsigned md_size,unsigned orig_len);
+int ssl3_cbc_remove_padding(const SSL* s,
+                           SSL3_RECORD *rec,
+                           unsigned block_size,
+                           unsigned mac_size);
+int tls1_cbc_remove_padding(const SSL* s,
+                           SSL3_RECORD *rec,
+                           unsigned block_size,
+                           unsigned mac_size);
+char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
+void ssl3_cbc_digest_record(
+       const EVP_MD_CTX *ctx,
+       unsigned char* md_out,
+       size_t* md_out_size,
+       const unsigned char header[13],
+       const unsigned char *data,
+       size_t data_plus_mac_size,
+       size_t data_plus_mac_plus_padding_size,
+       const unsigned char *mac_secret,
+       unsigned mac_secret_length,
+       char is_sslv3);
+
+void tls_fips_digest_extra(
+       const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
+       const unsigned char *data, size_t data_len, size_t orig_len);
+
 #endif

diff --git a/deps/openssl/openssl/ssl/ssl_rsa.c b/deps/openssl/openssl/ssl/ssl_rsa.c
index c43f3e2..60e7b66 100644 (file)
--- a/deps/openssl/openssl/ssl/ssl_rsa.c
+++ b/deps/openssl/openssl/ssl/ssl_rsa.c
@@ -697,42 +697,6 @@ int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
        }
 
 
-int SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain)
-       {
-       if (ssl == NULL)
-               {
-               SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,ERR_R_PASSED_NULL_PARAMETER);
-               return(0);
-               }
-       if (ssl->cert == NULL)
-               {
-               SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,SSL_R_NO_CERTIFICATE_ASSIGNED);
-               return(0);
-               }
-       if (ssl->cert->key == NULL)
-               {
-               SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,SSL_R_NO_CERTIFICATE_ASSIGNED);
-               return(0);
-               }
-       ssl->cert->key->cert_chain = cert_chain;
-       return(1);
-       }
-
-STACK_OF(X509) *SSL_get_certificate_chain(SSL *ssl, X509 *x)
-       {
-       int i;
-       if (x == NULL)
-               return NULL;
-       if (ssl == NULL)
-               return NULL;
-       if (ssl->cert == NULL)
-               return NULL;
-       for (i = 0; i < SSL_PKEY_NUM; i++)
-               if (ssl->cert->pkeys[i].x509 == x)
-                       return ssl->cert->pkeys[i].cert_chain;
-       return NULL;
-       }
-
 #ifndef OPENSSL_NO_STDIO
 /* Read a file that contains our certificate in "PEM" format,
  * possibly followed by a sequence of CA certificates that should be
@@ -746,7 +710,7 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
 
        ERR_clear_error(); /* clear error stack for SSL_CTX_use_certificate() */
 
-       in=BIO_new(BIO_s_file_internal());
+       in = BIO_new(BIO_s_file_internal());
        if (in == NULL)
                {
                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB);
@@ -759,14 +723,16 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
                goto end;
                }
 
-       x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata);
+       x=PEM_read_bio_X509_AUX(in,NULL,ctx->default_passwd_callback,
+                               ctx->default_passwd_callback_userdata);
        if (x == NULL)
                {
                SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB);
                goto end;
                }
 
-       ret=SSL_CTX_use_certificate(ctx,x);
+       ret = SSL_CTX_use_certificate(ctx, x);
+
        if (ERR_peek_error() != 0)
                ret = 0;  /* Key/certificate mismatch doesn't imply ret==0 ... */
        if (ret)
@@ -778,13 +744,15 @@ int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
                int r;
                unsigned long err;
                
-               if (ctx->extra_certs != NULL) 
+               if (ctx->extra_certs != NULL)
                        {
                        sk_X509_pop_free(ctx->extra_certs, X509_free);
                        ctx->extra_certs = NULL;
                        }
 
-               while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata))
+               while ((ca = PEM_read_bio_X509(in, NULL,
+                                       ctx->default_passwd_callback,
+                                       ctx->default_passwd_callback_userdata))
                        != NULL)
                        {
                        r = SSL_CTX_add_extra_chain_cert(ctx, ca);

diff --git a/deps/openssl/openssl/ssl/ssl_sess.c b/deps/openssl/openssl/ssl/ssl_sess.c
index 93954e4..ad40fad 100644 (file)
--- a/deps/openssl/openssl/ssl/ssl_sess.c
+++ b/deps/openssl/openssl/ssl/ssl_sess.c
@@ -218,6 +218,9 @@ SSL_SESSION *SSL_SESSION_new(void)
        ss->psk_identity_hint=NULL;
        ss->psk_identity=NULL;
 #endif
+#ifndef OPENSSL_NO_SRP
+       ss->srp_username=NULL;
+#endif
        return(ss);
        }
 
@@ -228,6 +231,11 @@ const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
        return s->session_id;
        }
 
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
+       {
+       return s->compress_meth;
+       }
+
 /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1
  * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly
  * until we have no conflict is going to complete in one iteration pretty much
@@ -261,11 +269,6 @@ static int def_generate_session_id(const SSL *ssl, unsigned char *id,
        return 0;
 }
 
-void SSL_set_session_creation_enabled (SSL *s, int creation_enabled)
-       {
-       s->session_creation_enabled = creation_enabled;
-       }
-
 int ssl_get_new_session(SSL *s, int session)
        {
        /* This gets used by clients and servers. */
@@ -274,8 +277,6 @@ int ssl_get_new_session(SSL *s, int session)
        SSL_SESSION *ss=NULL;
        GEN_SESSION_CB cb = def_generate_session_id;
 
-       /* caller should check this if they can do better error handling */
-        if (!s->session_creation_enabled) return(0);
        if ((ss=SSL_SESSION_new()) == NULL) return(0);
 
        /* If the context has a default timeout, use it */
@@ -307,6 +308,16 @@ int ssl_get_new_session(SSL *s, int session)
                        ss->ssl_version=TLS1_VERSION;
                        ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
                        }
+               else if (s->version == TLS1_1_VERSION)
+                       {
+                       ss->ssl_version=TLS1_1_VERSION;
+                       ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+                       }
+               else if (s->version == TLS1_2_VERSION)
+                       {
+                       ss->ssl_version=TLS1_2_VERSION;
+                       ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
+                       }
                else if (s->version == DTLS1_BAD_VER)
                        {
                        ss->ssl_version=DTLS1_BAD_VER;
@@ -430,6 +441,25 @@ int ssl_get_new_session(SSL *s, int session)
        return(1);
        }
 
+/* ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
+ * connection. It is only called by servers.
+ *
+ *   session_id: points at the session ID in the ClientHello. This code will
+ *       read past the end of this in order to parse out the session ticket
+ *       extension, if any.
+ *   len: the length of the session ID.
+ *   limit: a pointer to the first byte after the ClientHello.
+ *
+ * Returns:
+ *   -1: error
+ *    0: a session may have been found.
+ *
+ * Side effects:
+ *   - If a session is found then s->session is pointed at it (after freeing an
+ *     existing session if need be) and s->verify_result is set from the session.
+ *   - Both for new and resumed sessions, s->tlsext_ticket_expected is set to 1
+ *     if the server should issue a new session ticket (to 0 otherwise).
+ */
 int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
                        const unsigned char *limit)
        {
@@ -437,27 +467,39 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
 
        SSL_SESSION *ret=NULL;
        int fatal = 0;
+       int try_session_cache = 1;
 #ifndef OPENSSL_NO_TLSEXT
        int r;
 #endif
 
        if (len > SSL_MAX_SSL_SESSION_ID_LENGTH)
                goto err;
+
+       if (len == 0)
+               try_session_cache = 0;
+
 #ifndef OPENSSL_NO_TLSEXT
-       r = tls1_process_ticket(s, session_id, len, limit, &ret);
-       if (r == -1)
+       r = tls1_process_ticket(s, session_id, len, limit, &ret); /* sets s->tlsext_ticket_expected */
+       switch (r)
                {
+       case -1: /* Error during processing */
                fatal = 1;
                goto err;
+       case 0: /* No ticket found */
+       case 1: /* Zero length ticket found */
+               break; /* Ok to carry on processing session id. */
+       case 2: /* Ticket found but not decrypted. */
+       case 3: /* Ticket decrypted, *ret has been set. */
+               try_session_cache = 0;
+               break;
+       default:
+               abort();
                }
-       else if (r == 0 || (!ret && !len))
-               goto err;
-       else if (!ret && !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
-#else
-       if (len == 0)
-               goto err;
-       if (!(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
 #endif
+
+       if (try_session_cache &&
+           ret == NULL &&
+           !(s->session_ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
                {
                SSL_SESSION data;
                data.ssl_version=s->version;
@@ -468,20 +510,22 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
                CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
                ret=lh_SSL_SESSION_retrieve(s->session_ctx->sessions,&data);
                if (ret != NULL)
-                   /* don't allow other threads to steal it: */
-                   CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+                       {
+                       /* don't allow other threads to steal it: */
+                       CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+                       }
                CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
+               if (ret == NULL)
+                       s->session_ctx->stats.sess_miss++;
                }
 
-       if (ret == NULL)
+       if (try_session_cache &&
+           ret == NULL &&
+           s->session_ctx->get_session_cb != NULL)
                {
                int copy=1;
        
-               s->session_ctx->stats.sess_miss++;
-               ret=NULL;
-               if (s->session_ctx->get_session_cb != NULL
-                   && (ret=s->session_ctx->get_session_cb(s,session_id,len,&copy))
-                      != NULL)
+               if ((ret=s->session_ctx->get_session_cb(s,session_id,len,&copy)))
                        {
                        s->session_ctx->stats.sess_cb_hit++;
 
@@ -500,23 +544,18 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
                                 * things are very strange */
                                SSL_CTX_add_session(s->session_ctx,ret);
                        }
-               if (ret == NULL)
-                       goto err;
                }
 
-       /* Now ret is non-NULL, and we own one of its reference counts. */
+       if (ret == NULL)
+               goto err;
+
+       /* Now ret is non-NULL and we own one of its reference counts. */
 
        if (ret->sid_ctx_length != s->sid_ctx_length
            || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))
                {
-               /* We've found the session named by the client, but we don't
+               /* We have the session requested by the client, but we don't
                 * want to use it in this context. */
-
-#if 0 /* The client cannot always know when a session is not appropriate,
-       * so we shouldn't generate an error message. */
-
-               SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
-#endif
                goto err; /* treat like cache miss */
                }
        
@@ -553,39 +592,38 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
                        goto err;
                }
 
-
-#if 0 /* This is way too late. */
-
-       /* If a thread got the session, then 'swaped', and another got
-        * it and then due to a time-out decided to 'OPENSSL_free' it we could
-        * be in trouble.  So I'll increment it now, then double decrement
-        * later - am I speaking rubbish?. */
-       CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
-#endif
-
        if (ret->timeout < (long)(time(NULL) - ret->time)) /* timeout */
                {
                s->session_ctx->stats.sess_timeout++;
-               /* remove it from the cache */
-               SSL_CTX_remove_session(s->session_ctx,ret);
+               if (try_session_cache)
+                       {
+                       /* session was from the cache, so remove it */
+                       SSL_CTX_remove_session(s->session_ctx,ret);
+                       }
                goto err;
                }
 
        s->session_ctx->stats.sess_hit++;
 
-       /* ret->time=time(NULL); */ /* rezero timeout? */
-       /* again, just leave the session 
-        * if it is the same session, we have just incremented and
-        * then decremented the reference count :-) */
        if (s->session != NULL)
                SSL_SESSION_free(s->session);
        s->session=ret;
        s->verify_result = s->session->verify_result;
-       return(1);
+       return 1;
 
  err:
        if (ret != NULL)
+               {
                SSL_SESSION_free(ret);
+#ifndef OPENSSL_NO_TLSEXT
+               if (!try_session_cache)
+                       {
+                       /* The session was from a ticket, so we should
+                        * issue a ticket for the new session */
+                       s->tlsext_ticket_expected = 1;
+                       }
+#endif
+               }
        if (fatal)
                return -1;
        else
@@ -736,6 +774,10 @@ void SSL_SESSION_free(SSL_SESSION *ss)
        if (ss->psk_identity != NULL)
                OPENSSL_free(ss->psk_identity);
 #endif
+#ifndef OPENSSL_NO_SRP
+       if (ss->srp_username != NULL)
+               OPENSSL_free(ss->srp_username);
+#endif
        OPENSSL_cleanse(ss,sizeof(*ss));
        OPENSSL_free(ss);
        }
@@ -760,10 +802,6 @@ int SSL_set_session(SSL *s, SSL_SESSION *session)
                        {
                        if (!SSL_set_ssl_method(s,meth))
                                return(0);
-                       if (s->ctx->session_timeout == 0)
-                               session->timeout=SSL_get_default_timeout(s);
-                       else
-                               session->timeout=s->ctx->session_timeout;
                        }
 
 #ifndef OPENSSL_NO_KRB5
@@ -831,6 +869,25 @@ long SSL_SESSION_set_time(SSL_SESSION *s, long t)
        return(t);
        }
 
+X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
+       {
+       return s->peer;
+       }
+
+int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
+                              unsigned int sid_ctx_len)
+       {
+       if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH)
+               {
+               SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+               return 0;
+               }
+       s->sid_ctx_length=sid_ctx_len;
+       memcpy(s->sid_ctx,sid_ctx,sid_ctx_len);
+
+       return 1;
+       }
+
 long SSL_CTX_set_timeout(SSL_CTX *s, long t)
        {
        long l;

diff --git a/deps/openssl/openssl/ssl/ssl_txt.c b/deps/openssl/openssl/ssl/ssl_txt.c
index 3122440..6479d52 100644 (file)
--- a/deps/openssl/openssl/ssl/ssl_txt.c
+++ b/deps/openssl/openssl/ssl/ssl_txt.c
@@ -115,6 +115,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
                s="SSLv2";
        else if (x->ssl_version == SSL3_VERSION)
                s="SSLv3";
+       else if (x->ssl_version == TLS1_2_VERSION)
+               s="TLSv1.2";
+       else if (x->ssl_version == TLS1_1_VERSION)
+               s="TLSv1.1";
        else if (x->ssl_version == TLS1_VERSION)
                s="TLSv1";
        else if (x->ssl_version == DTLS1_VERSION)
@@ -187,6 +191,10 @@ int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
        if (BIO_puts(bp,"\n    PSK identity hint: ") <= 0) goto err;
        if (BIO_printf(bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0) goto err;
 #endif
+#ifndef OPENSSL_NO_SRP
+       if (BIO_puts(bp,"\n    SRP username: ") <= 0) goto err;
+       if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0) goto err;
+#endif
 #ifndef OPENSSL_NO_TLSEXT
        if (x->tlsext_tick_lifetime_hint)
                {

diff --git a/deps/openssl/openssl/ssl/ssltest.c b/deps/openssl/openssl/ssl/ssltest.c
index f6a2c79..316bbb0 100644 (file)
--- a/deps/openssl/openssl/ssl/ssltest.c
+++ b/deps/openssl/openssl/ssl/ssltest.c
@@ -181,6 +181,9 @@
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
+#ifndef OPENSSL_NO_SRP
+#include <openssl/srp.h>
+#endif
 #include <openssl/bn.h>
 
 #define _XOPEN_SOURCE_EXTENDED 1 /* Or gethostname won't be declared properly
@@ -246,6 +249,49 @@ static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned
        unsigned int max_psk_len);
 #endif
 
+#ifndef OPENSSL_NO_SRP
+/* SRP client */
+/* This is a context that we pass to all callbacks */
+typedef struct srp_client_arg_st
+       {
+       char *srppassin;
+       char *srplogin;
+       } SRP_CLIENT_ARG;
+
+#define PWD_STRLEN 1024
+
+static char * MS_CALLBACK ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
+       {
+       SRP_CLIENT_ARG *srp_client_arg = (SRP_CLIENT_ARG *)arg;
+       return BUF_strdup((char *)srp_client_arg->srppassin);
+       }
+
+/* SRP server */
+/* This is a context that we pass to SRP server callbacks */
+typedef struct srp_server_arg_st
+       {
+       char *expected_user;
+       char *pass;
+       } SRP_SERVER_ARG;
+
+static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
+       {
+       SRP_SERVER_ARG * p = (SRP_SERVER_ARG *) arg;
+
+       if (strcmp(p->expected_user, SSL_get_srp_username(s)) != 0)
+               {
+               fprintf(stderr, "User %s doesn't exist\n", SSL_get_srp_username(s));
+               return SSL3_AL_FATAL;
+               }
+       if (SSL_set_srp_server_param_pw(s,p->expected_user,p->pass,"1024")<0)
+               {
+               *ad = SSL_AD_INTERNAL_ERROR;
+               return SSL3_AL_FATAL;
+               }
+       return SSL_ERROR_NONE;
+       }
+#endif
+
 static BIO *bio_err=NULL;
 static BIO *bio_stdout=NULL;
 
@@ -268,6 +314,9 @@ static void sv_usage(void)
        {
        fprintf(stderr,"usage: ssltest [args ...]\n");
        fprintf(stderr,"\n");
+#ifdef OPENSSL_FIPS
+       fprintf(stderr,"-F             - run test in FIPS mode\n");
+#endif
        fprintf(stderr," -server_auth  - check server certificate\n");
        fprintf(stderr," -client_auth  - do client authentication\n");
        fprintf(stderr," -proxy        - allow proxy certificates\n");
@@ -289,6 +338,10 @@ static void sv_usage(void)
 #ifndef OPENSSL_NO_PSK
        fprintf(stderr," -psk arg      - PSK in hex (without 0x)\n");
 #endif
+#ifndef OPENSSL_NO_SRP
+       fprintf(stderr," -srpuser user  - SRP username to use\n");
+       fprintf(stderr," -srppass arg   - password for 'user'\n");
+#endif
 #ifndef OPENSSL_NO_SSL2
        fprintf(stderr," -ssl2         - use SSLv2\n");
 #endif
@@ -316,9 +369,6 @@ static void sv_usage(void)
                       "                 (default is sect163r2).\n");
 #endif
        fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
-       fprintf(stderr," -c_small_records - enable client side use of small SSL record buffers\n");
-       fprintf(stderr," -s_small_records - enable server side use of small SSL record buffers\n");
-       fprintf(stderr," -cutthrough      - enable 1-RTT full-handshake for strong ciphers\n");
        }
 
 static void print_details(SSL *c_ssl, const char *prefix)
@@ -447,10 +497,6 @@ int opaque_prf_input_cb(SSL *ssl, void *peerinput, size_t len, void *arg_)
        return arg->ret;
        }
 #endif
-       int ssl_mode = 0;
-       int c_small_records=0;
-       int s_small_records=0;
-       int cutthrough = 0;
 
 int main(int argc, char *argv[])
        {
@@ -483,6 +529,12 @@ int main(int argc, char *argv[])
 #ifndef OPENSSL_NO_ECDH
        EC_KEY *ecdh = NULL;
 #endif
+#ifndef OPENSSL_NO_SRP
+       /* client */
+       SRP_CLIENT_ARG srp_client_arg = {NULL,NULL};
+       /* server */
+       SRP_SERVER_ARG srp_server_arg = {NULL,NULL};
+#endif
        int no_dhe = 0;
        int no_ecdhe = 0;
        int no_psk = 0;
@@ -491,9 +543,12 @@ int main(int argc, char *argv[])
        int comp = 0;
 #ifndef OPENSSL_NO_COMP
        COMP_METHOD *cm = NULL;
-#endif
        STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+#endif
        int test_cipherlist = 0;
+#ifdef OPENSSL_FIPS
+       int fips_mode=0;
+#endif
 
        verbose = 0;
        debug = 0;
@@ -525,7 +580,16 @@ int main(int argc, char *argv[])
 
        while (argc >= 1)
                {
-               if      (strcmp(*argv,"-server_auth") == 0)
+               if(!strcmp(*argv,"-F"))
+                       {
+#ifdef OPENSSL_FIPS
+                       fips_mode=1;
+#else
+                       fprintf(stderr,"not compiled with FIPS support, so exitting without running.\n");
+                       EXIT(0);
+#endif
+                       }
+               else if (strcmp(*argv,"-server_auth") == 0)
                        server_auth=1;
                else if (strcmp(*argv,"-client_auth") == 0)
                        client_auth=1;
@@ -579,6 +643,20 @@ int main(int argc, char *argv[])
                        no_psk=1;
 #endif
                        }
+#ifndef OPENSSL_NO_SRP
+               else if (strcmp(*argv,"-srpuser") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       srp_server_arg.expected_user = srp_client_arg.srplogin= *(++argv);
+                       tls1=1;
+                       }
+               else if (strcmp(*argv,"-srppass") == 0)
+                       {
+                       if (--argc < 1) goto bad;
+                       srp_server_arg.pass = srp_client_arg.srppassin= *(++argv);
+                       tls1=1;
+                       }
+#endif
                else if (strcmp(*argv,"-ssl2") == 0)
                        ssl2=1;
                else if (strcmp(*argv,"-tls1") == 0)
@@ -687,18 +765,6 @@ int main(int argc, char *argv[])
                        {
                        test_cipherlist = 1;
                        }
-               else if (strcmp(*argv, "-c_small_records") == 0)
-                       {
-                       c_small_records = 1;
-                       }
-               else if (strcmp(*argv, "-s_small_records") == 0)
-                       {
-                       s_small_records = 1;
-                       }
-               else if (strcmp(*argv, "-cutthrough") == 0)
-                       {
-                       cutthrough = 1;
-                       }
                else
                        {
                        fprintf(stderr,"unknown option %s\n",*argv);
@@ -733,6 +799,20 @@ bad:
                EXIT(1);
                }
 
+#ifdef OPENSSL_FIPS
+       if(fips_mode)
+               {
+               if(!FIPS_mode_set(1))
+                       {
+                       ERR_load_crypto_strings();
+                       ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+                       EXIT(1);
+                       }
+               else
+                       fprintf(stderr,"*** IN FIPS MODE ***\n");
+               }
+#endif
+
        if (print_time)
                {
                if (!bio_pair)
@@ -821,28 +901,6 @@ bad:
                SSL_CTX_set_cipher_list(s_ctx,cipher);
                }
 
-       ssl_mode = 0;
-       if (c_small_records)
-               {
-               ssl_mode = SSL_CTX_get_mode(c_ctx);
-               ssl_mode |= SSL_MODE_SMALL_BUFFERS;
-               SSL_CTX_set_mode(c_ctx, ssl_mode);
-               }
-       ssl_mode = 0;
-       if (s_small_records)
-               {
-               ssl_mode = SSL_CTX_get_mode(s_ctx);
-               ssl_mode |= SSL_MODE_SMALL_BUFFERS;
-               SSL_CTX_set_mode(s_ctx, ssl_mode);
-               }
-       ssl_mode = 0;
-       if (cutthrough)
-               {
-               ssl_mode = SSL_CTX_get_mode(c_ctx);
-               ssl_mode = SSL_MODE_HANDSHAKE_CUTTHROUGH;
-               SSL_CTX_set_mode(c_ctx, ssl_mode);
-               }
-
 #ifndef OPENSSL_NO_DH
        if (!no_dhe)
                {
@@ -878,7 +936,11 @@ bad:
                                }
                        }
                else
+#ifdef OPENSSL_NO_EC2M
+                       nid = NID_X9_62_prime256v1;
+#else
                        nid = NID_sect163r2;
+#endif
 
                ecdh = EC_KEY_new_by_curve_name(nid);
                if (ecdh == NULL)
@@ -981,6 +1043,26 @@ bad:
                        }
 #endif
                }
+#ifndef OPENSSL_NO_SRP
+        if (srp_client_arg.srplogin)
+               {
+               if (!SSL_CTX_set_srp_username(c_ctx, srp_client_arg.srplogin))
+                       {
+                       BIO_printf(bio_err,"Unable to set SRP username\n");
+                       goto end;
+                       }
+               SSL_CTX_set_srp_cb_arg(c_ctx,&srp_client_arg);
+               SSL_CTX_set_srp_client_pwd_callback(c_ctx, ssl_give_srp_client_pwd_cb);
+               /*SSL_CTX_set_srp_strength(c_ctx, srp_client_arg.strength);*/
+               }
+
+       if (srp_server_arg.expected_user != NULL)
+               {
+               SSL_CTX_set_verify(s_ctx,SSL_VERIFY_NONE,verify_callback);
+               SSL_CTX_set_srp_cb_arg(s_ctx, &srp_server_arg);
+               SSL_CTX_set_srp_username_callback(s_ctx, ssl_srp_server_param_cb);
+               }
+#endif
 
        c_ssl=SSL_new(c_ctx);
        s_ssl=SSL_new(s_ctx);
@@ -2205,15 +2287,7 @@ static int MS_CALLBACK app_verify_callback(X509_STORE_CTX *ctx, void *arg)
                }
 
 #ifndef OPENSSL_NO_X509_VERIFY
-# ifdef OPENSSL_FIPS
-       if(s->version == TLS1_VERSION)
-               FIPS_allow_md5(1);
-# endif
        ok = X509_verify_cert(ctx);
-# ifdef OPENSSL_FIPS
-       if(s->version == TLS1_VERSION)
-               FIPS_allow_md5(0);
-# endif
 #endif
 
        if (cb_arg->proxy_auth)

diff --git a/deps/openssl/openssl/ssl/t1_clnt.c b/deps/openssl/openssl/ssl/t1_clnt.c
index c87af17..578617e 100644 (file)
--- a/deps/openssl/openssl/ssl/t1_clnt.c
+++ b/deps/openssl/openssl/ssl/t1_clnt.c
@@ -66,13 +66,26 @@
 static const SSL_METHOD *tls1_get_client_method(int ver);
 static const SSL_METHOD *tls1_get_client_method(int ver)
        {
+       if (ver == TLS1_2_VERSION)
+               return TLSv1_2_client_method();
+       if (ver == TLS1_1_VERSION)
+               return TLSv1_1_client_method();
        if (ver == TLS1_VERSION)
-               return(TLSv1_client_method());
-       else
-               return(NULL);
+               return TLSv1_client_method();
+       return NULL;
        }
 
-IMPLEMENT_tls1_meth_func(TLSv1_client_method,
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_client_method,
+                       ssl_undefined_function,
+                       ssl3_connect,
+                       tls1_get_client_method)
+
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_client_method,
+                       ssl_undefined_function,
+                       ssl3_connect,
+                       tls1_get_client_method)
+
+IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_client_method,
                        ssl_undefined_function,
                        ssl3_connect,
                        tls1_get_client_method)

diff --git a/deps/openssl/openssl/ssl/t1_enc.c b/deps/openssl/openssl/ssl/t1_enc.c
index b1d5b28..809ad2e 100644 (file)
--- a/deps/openssl/openssl/ssl/t1_enc.c
+++ b/deps/openssl/openssl/ssl/t1_enc.c
@@ -143,6 +143,7 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/md5.h>
+#include <openssl/rand.h>
 #ifdef KSSL_DEBUG
 #include <openssl/des.h>
 #endif
@@ -158,68 +159,75 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
                        unsigned char *out, int olen)
        {
        int chunk;
-       unsigned int j;
-       HMAC_CTX ctx;
-       HMAC_CTX ctx_tmp;
+       size_t j;
+       EVP_MD_CTX ctx, ctx_tmp;
+       EVP_PKEY *mac_key;
        unsigned char A1[EVP_MAX_MD_SIZE];
-       unsigned int A1_len;
+       size_t A1_len;
        int ret = 0;
        
        chunk=EVP_MD_size(md);
        OPENSSL_assert(chunk >= 0);
 
-       HMAC_CTX_init(&ctx);
-       HMAC_CTX_init(&ctx_tmp);
-       if (!HMAC_Init_ex(&ctx,sec,sec_len,md, NULL))
+       EVP_MD_CTX_init(&ctx);
+       EVP_MD_CTX_init(&ctx_tmp);
+       EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+       EVP_MD_CTX_set_flags(&ctx_tmp, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+       mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
+       if (!mac_key)
+               goto err;
+       if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key))
                goto err;
-       if (!HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL))
+       if (!EVP_DigestSignInit(&ctx_tmp,NULL,md, NULL, mac_key))
                goto err;
-       if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
+       if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len))
                goto err;
-       if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
+       if (seed2 && !EVP_DigestSignUpdate(&ctx,seed2,seed2_len))
                goto err;
-       if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
+       if (seed3 && !EVP_DigestSignUpdate(&ctx,seed3,seed3_len))
                goto err;
-       if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
+       if (seed4 && !EVP_DigestSignUpdate(&ctx,seed4,seed4_len))
                goto err;
-       if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
+       if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len))
                goto err;
-       if (!HMAC_Final(&ctx,A1,&A1_len))
+       if (!EVP_DigestSignFinal(&ctx,A1,&A1_len))
                goto err;
 
        for (;;)
                {
-               if (!HMAC_Init_ex(&ctx,NULL,0,NULL,NULL)) /* re-init */
+               /* Reinit mac contexts */
+               if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key))
                        goto err;
-               if (!HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL)) /* re-init */
+               if (!EVP_DigestSignInit(&ctx_tmp,NULL,md, NULL, mac_key))
                        goto err;
-               if (!HMAC_Update(&ctx,A1,A1_len))
+               if (!EVP_DigestSignUpdate(&ctx,A1,A1_len))
                        goto err;
-               if (!HMAC_Update(&ctx_tmp,A1,A1_len))
+               if (!EVP_DigestSignUpdate(&ctx_tmp,A1,A1_len))
                        goto err;
-               if (seed1 != NULL && !HMAC_Update(&ctx,seed1,seed1_len))
+               if (seed1 && !EVP_DigestSignUpdate(&ctx,seed1,seed1_len))
                        goto err;
-               if (seed2 != NULL && !HMAC_Update(&ctx,seed2,seed2_len))
+               if (seed2 && !EVP_DigestSignUpdate(&ctx,seed2,seed2_len))
                        goto err;
-               if (seed3 != NULL && !HMAC_Update(&ctx,seed3,seed3_len))
+               if (seed3 && !EVP_DigestSignUpdate(&ctx,seed3,seed3_len))
                        goto err;
-               if (seed4 != NULL && !HMAC_Update(&ctx,seed4,seed4_len))
+               if (seed4 && !EVP_DigestSignUpdate(&ctx,seed4,seed4_len))
                        goto err;
-               if (seed5 != NULL && !HMAC_Update(&ctx,seed5,seed5_len))
+               if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len))
                        goto err;
 
                if (olen > chunk)
                        {
-                       if (!HMAC_Final(&ctx,out,&j))
+                       if (!EVP_DigestSignFinal(&ctx,out,&j))
                                goto err;
                        out+=j;
                        olen-=j;
-                       if (!HMAC_Final(&ctx_tmp,A1,&A1_len)) /* calc the next A1 value */
+                       /* calc the next A1 value */
+                       if (!EVP_DigestSignFinal(&ctx_tmp,A1,&A1_len))
                                goto err;
                        }
                else    /* last one */
                        {
-                       if (!HMAC_Final(&ctx,A1,&A1_len))
+                       if (!EVP_DigestSignFinal(&ctx,A1,&A1_len))
                                goto err;
                        memcpy(out,A1,olen);
                        break;
@@ -227,8 +235,9 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
                }
        ret = 1;
 err:
-       HMAC_CTX_cleanup(&ctx);
-       HMAC_CTX_cleanup(&ctx_tmp);
+       EVP_PKEY_free(mac_key);
+       EVP_MD_CTX_cleanup(&ctx);
+       EVP_MD_CTX_cleanup(&ctx_tmp);
        OPENSSL_cleanse(A1,sizeof(A1));
        return ret;
        }
@@ -256,6 +265,8 @@ static int tls1_PRF(long digest_mask,
                if ((m<<TLS1_PRF_DGST_SHIFT) & digest_mask) count++;
        }       
        len=slen/count;
+       if (count == 1)
+               slen = 0;
        S1=sec;
        memset(out1,0,olen);
        for (idx=0;ssl_get_handshake_digest(idx,&m,&md);idx++) {
@@ -284,7 +295,7 @@ static int tls1_generate_key_block(SSL *s, unsigned char *km,
             unsigned char *tmp, int num)
        {
        int ret;
-       ret = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+       ret = tls1_PRF(ssl_get_algorithm2(s),
                 TLS_MD_KEY_EXPANSION_CONST,TLS_MD_KEY_EXPANSION_CONST_SIZE,
                 s->s3->server_random,SSL3_RANDOM_SIZE,
                 s->s3->client_random,SSL3_RANDOM_SIZE,
@@ -350,7 +361,7 @@ int tls1_change_cipher_state(SSL *s, int which)
        {
         int i;
         for (i=0; i<s->s3->tmp.key_block_length; i++)
-               printf("%02x", key_block[i]);  printf("\n");
+               printf("%02x", s->s3->tmp.key_block[i]);  printf("\n");
         }
 #endif /* KSSL_DEBUG */
 
@@ -358,7 +369,7 @@ int tls1_change_cipher_state(SSL *s, int which)
                {
                if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
                        s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
-                       else
+               else
                        s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
 
                if (s->enc_read_ctx != NULL)
@@ -445,7 +456,11 @@ int tls1_change_cipher_state(SSL *s, int which)
        j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ?
                       cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl;
        /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
-       k=EVP_CIPHER_iv_length(c);
+       /* If GCM mode only part of IV comes from PRF */
+       if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
+               k = EVP_GCM_TLS_FIXED_IV_LEN;
+       else
+               k=EVP_CIPHER_iv_length(c);
        if (    (which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
                (which == SSL3_CHANGE_CIPHER_SERVER_READ))
                {
@@ -474,10 +489,14 @@ int tls1_change_cipher_state(SSL *s, int which)
                }
 
        memcpy(mac_secret,ms,i);
-       mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
-                       mac_secret,*mac_secret_size);
-       EVP_DigestSignInit(mac_ctx,NULL,m,NULL,mac_key);
-       EVP_PKEY_free(mac_key);
+
+       if (!(EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER))
+               {
+               mac_key = EVP_PKEY_new_mac_key(mac_type, NULL,
+                               mac_secret,*mac_secret_size);
+               EVP_DigestSignInit(mac_ctx,NULL,m,NULL,mac_key);
+               EVP_PKEY_free(mac_key);
+               }
 #ifdef TLS_DEBUG
 printf("which = %04X\nmac key=",which);
 { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); }
@@ -487,7 +506,7 @@ printf("which = %04X\nmac key=",which);
                /* In here I set both the read and write key/iv to the
                 * same value since only the correct one will be used :-).
                 */
-               if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+               if (!tls1_PRF(ssl_get_algorithm2(s),
                                exp_label,exp_label_len,
                                s->s3->client_random,SSL3_RANDOM_SIZE,
                                s->s3->server_random,SSL3_RANDOM_SIZE,
@@ -498,7 +517,7 @@ printf("which = %04X\nmac key=",which);
 
                if (k > 0)
                        {
-                       if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+                       if (!tls1_PRF(ssl_get_algorithm2(s),
                                        TLS_MD_IV_BLOCK_CONST,TLS_MD_IV_BLOCK_CONST_SIZE,
                                        s->s3->client_random,SSL3_RANDOM_SIZE,
                                        s->s3->server_random,SSL3_RANDOM_SIZE,
@@ -524,7 +543,19 @@ printf("which = %04X\nmac key=",which);
        }
 #endif /* KSSL_DEBUG */
 
-       EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
+       if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
+               {
+               EVP_CipherInit_ex(dd,c,NULL,key,NULL,(which & SSL3_CC_WRITE));
+               EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, k, iv);
+               }
+       else    
+               EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE));
+
+       /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
+       if ((EVP_CIPHER_flags(c)&EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size)
+               EVP_CIPHER_CTX_ctrl(dd,EVP_CTRL_AEAD_SET_MAC_KEY,
+                               *mac_secret_size,mac_secret);
+
 #ifdef TLS_DEBUG
 printf("which = %04X\nkey=",which);
 { int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); }
@@ -606,7 +637,8 @@ printf("\nkey block\n");
 { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
 #endif
 
-       if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+       if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
+               && s->method->version <= TLS1_VERSION)
                {
                /* enable vulnerability countermeasure for CBC ciphers with
                 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
@@ -635,19 +667,28 @@ err:
        return(ret);
        }
 
+/* tls1_enc encrypts/decrypts the record in |s->wrec| / |s->rrec|, respectively.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ *       an internal error occured.
+ */
 int tls1_enc(SSL *s, int send)
        {
        SSL3_RECORD *rec;
        EVP_CIPHER_CTX *ds;
        unsigned long l;
-       int bs,i,ii,j,k,n=0;
+       int bs,i,j,k,pad=0,ret,mac_size=0;
        const EVP_CIPHER *enc;
 
        if (send)
                {
                if (EVP_MD_CTX_md(s->write_hash))
                        {
-                       n=EVP_MD_CTX_size(s->write_hash);
+                       int n=EVP_MD_CTX_size(s->write_hash);
                        OPENSSL_assert(n >= 0);
                        }
                ds=s->enc_write_ctx;
@@ -655,13 +696,34 @@ int tls1_enc(SSL *s, int send)
                if (s->enc_write_ctx == NULL)
                        enc=NULL;
                else
+                       {
+                       int ivlen;
                        enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+                       /* For TLSv1.1 and later explicit IV */
+                       if (s->version >= TLS1_1_VERSION
+                               && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
+                               ivlen = EVP_CIPHER_iv_length(enc);
+                       else
+                               ivlen = 0;
+                       if (ivlen > 1)
+                               {
+                               if ( rec->data != rec->input)
+                                       /* we can't write into the input stream:
+                                        * Can this ever happen?? (steve)
+                                        */
+                                       fprintf(stderr,
+                                               "%s:%d: rec->data != rec->input\n",
+                                               __FILE__, __LINE__);
+                               else if (RAND_bytes(rec->input, ivlen) <= 0)
+                                       return -1;
+                               }
+                       }
                }
        else
                {
                if (EVP_MD_CTX_md(s->read_hash))
                        {
-                       n=EVP_MD_CTX_size(s->read_hash);
+                       int n=EVP_MD_CTX_size(s->read_hash);
                        OPENSSL_assert(n >= 0);
                        }
                ds=s->enc_read_ctx;
@@ -676,18 +738,54 @@ int tls1_enc(SSL *s, int send)
        printf("tls1_enc(%d)\n", send);
 #endif    /* KSSL_DEBUG */
 
-       if ((s->session == NULL) || (ds == NULL) ||
-               (enc == NULL))
+       if ((s->session == NULL) || (ds == NULL) || (enc == NULL))
                {
                memmove(rec->data,rec->input,rec->length);
                rec->input=rec->data;
+               ret = 1;
                }
        else
                {
                l=rec->length;
                bs=EVP_CIPHER_block_size(ds->cipher);
 
-               if ((bs != 1) && send)
+               if (EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_AEAD_CIPHER)
+                       {
+                       unsigned char buf[13],*seq;
+
+                       seq = send?s->s3->write_sequence:s->s3->read_sequence;
+
+                       if (s->version == DTLS1_VERSION || s->version == DTLS1_BAD_VER)
+                               {
+                               unsigned char dtlsseq[9],*p=dtlsseq;
+
+                               s2n(send?s->d1->w_epoch:s->d1->r_epoch,p);
+                               memcpy(p,&seq[2],6);
+                               memcpy(buf,dtlsseq,8);
+                               }
+                       else
+                               {
+                               memcpy(buf,seq,8);
+                               for (i=7; i>=0; i--)    /* increment */
+                                       {
+                                       ++seq[i];
+                                       if (seq[i] != 0) break; 
+                                       }
+                               }
+
+                       buf[8]=rec->type;
+                       buf[9]=(unsigned char)(s->version>>8);
+                       buf[10]=(unsigned char)(s->version);
+                       buf[11]=rec->length>>8;
+                       buf[12]=rec->length&0xff;
+                       pad=EVP_CIPHER_CTX_ctrl(ds,EVP_CTRL_AEAD_TLS1_AAD,13,buf);
+                       if (send)
+                               {
+                               l+=pad;
+                               rec->length+=pad;
+                               }
+                       }
+               else if ((bs != 1) && send)
                        {
                        i=bs-((int)l%bs);
 
@@ -708,13 +806,13 @@ int tls1_enc(SSL *s, int send)
 
 #ifdef KSSL_DEBUG
                {
-                unsigned long ui;
+               unsigned long ui;
                printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n",
-                        ds,rec->data,rec->input,l);
+                       ds,rec->data,rec->input,l);
                printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n",
-                        ds->buf_len, ds->cipher->key_len,
-                        DES_KEY_SZ, DES_SCHEDULE_SZ,
-                        ds->cipher->iv_len);
+                       ds->buf_len, ds->cipher->key_len,
+                       DES_KEY_SZ, DES_SCHEDULE_SZ,
+                       ds->cipher->iv_len);
                printf("\t\tIV: ");
                for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]);
                printf("\n");
@@ -727,68 +825,41 @@ int tls1_enc(SSL *s, int send)
                if (!send)
                        {
                        if (l == 0 || l%bs != 0)
-                               {
-                               SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
-                               ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
                                return 0;
-                               }
                        }
                
-               EVP_Cipher(ds,rec->data,rec->input,l);
+               i = EVP_Cipher(ds,rec->data,rec->input,l);
+               if ((EVP_CIPHER_flags(ds->cipher)&EVP_CIPH_FLAG_CUSTOM_CIPHER)
+                                               ?(i<0)
+                                               :(i==0))
+                       return -1;      /* AEAD can fail to verify MAC */
+               if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE && !send)
+                       {
+                       rec->data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                       rec->input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                       rec->length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                       }
 
 #ifdef KSSL_DEBUG
                {
-                unsigned long i;
-                printf("\trec->data=");
+               unsigned long i;
+               printf("\trec->data=");
                for (i=0; i<l; i++)
-                        printf(" %02x", rec->data[i]);  printf("\n");
-                }
+                       printf(" %02x", rec->data[i]);  printf("\n");
+               }
 #endif /* KSSL_DEBUG */
 
+               ret = 1;
+               if (EVP_MD_CTX_md(s->read_hash) != NULL)
+                       mac_size = EVP_MD_CTX_size(s->read_hash);
                if ((bs != 1) && !send)
-                       {
-                       ii=i=rec->data[l-1]; /* padding_length */
-                       i++;
-                       /* NB: if compression is in operation the first packet
-                        * may not be of even length so the padding bug check
-                        * cannot be performed. This bug workaround has been
-                        * around since SSLeay so hopefully it is either fixed
-                        * now or no buggy implementation supports compression 
-                        * [steve]
-                        */
-                       if ( (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
-                               && !s->expand)
-                               {
-                               /* First packet is even in size, so check */
-                               if ((memcmp(s->s3->read_sequence,
-                                       "\0\0\0\0\0\0\0\0",8) == 0) && !(ii & 1))
-                                       s->s3->flags|=TLS1_FLAGS_TLS_PADDING_BUG;
-                               if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
-                                       i--;
-                               }
-                       /* TLS 1.0 does not bound the number of padding bytes by the block size.
-                        * All of them must have value 'padding_length'. */
-                       if (i > (int)rec->length)
-                               {
-                               /* Incorrect padding. SSLerr() and ssl3_alert are done
-                                * by caller: we don't want to reveal whether this is
-                                * a decryption error or a MAC verification failure
-                                * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
-                               return -1;
-                               }
-                       for (j=(int)(l-i); j<(int)l; j++)
-                               {
-                               if (rec->data[j] != ii)
-                                       {
-                                       /* Incorrect padding */
-                                       return -1;
-                                       }
-                               }
-                       rec->length-=i;
-                       }
+                       ret = tls1_cbc_remove_padding(s, rec, bs, mac_size);
+               if (pad && !send)
+                       rec->length -= pad;
                }
-       return(1);
+       return ret;
        }
+
 int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *out)
        {
        unsigned int ret;
@@ -841,7 +912,7 @@ int tls1_final_finish_mac(SSL *s,
 
        for (idx=0;ssl_get_handshake_digest(idx,&mask,&md);idx++)
                {
-               if (mask & s->s3->tmp.new_cipher->algorithm2)
+               if (mask & ssl_get_algorithm2(s))
                        {
                        int hashsize = EVP_MD_size(md);
                        if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
@@ -860,7 +931,7 @@ int tls1_final_finish_mac(SSL *s,
                        }
                }
                
-       if (!tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+       if (!tls1_PRF(ssl_get_algorithm2(s),
                        str,slen, buf,(int)(q-buf), NULL,0, NULL,0, NULL,0,
                        s->session->master_key,s->session->master_key_length,
                        out,buf2,sizeof buf2))
@@ -878,10 +949,10 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
        SSL3_RECORD *rec;
        unsigned char *seq;
        EVP_MD_CTX *hash;
-       size_t md_size;
+       size_t md_size, orig_len;
        int i;
        EVP_MD_CTX hmac, *mac_ctx;
-       unsigned char buf[5]; 
+       unsigned char header[13];
        int stream_mac = (send?(ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM):(ssl->mac_flags&SSL_MAC_FLAG_READ_MAC_STREAM));
        int t;
 
@@ -902,12 +973,6 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
        OPENSSL_assert(t >= 0);
        md_size=t;
 
-       buf[0]=rec->type;
-       buf[1]=(unsigned char)(ssl->version>>8);
-       buf[2]=(unsigned char)(ssl->version);
-       buf[3]=rec->length>>8;
-       buf[4]=rec->length&0xff;
-
        /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
        if (stream_mac) 
                {
@@ -926,17 +991,55 @@ int tls1_mac(SSL *ssl, unsigned char *md, int send)
                s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
                memcpy (p,&seq[2],6);
 
-               EVP_DigestSignUpdate(mac_ctx,dtlsseq,8);
+               memcpy(header, dtlsseq, 8);
                }
        else
-               EVP_DigestSignUpdate(mac_ctx,seq,8);
+               memcpy(header, seq, 8);
+
+       /* kludge: tls1_cbc_remove_padding passes padding length in rec->type */
+       orig_len = rec->length+md_size+((unsigned int)rec->type>>8);
+       rec->type &= 0xff;
+
+       header[8]=rec->type;
+       header[9]=(unsigned char)(ssl->version>>8);
+       header[10]=(unsigned char)(ssl->version);
+       header[11]=(rec->length)>>8;
+       header[12]=(rec->length)&0xff;
 
-       EVP_DigestSignUpdate(mac_ctx,buf,5);
-       EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
-       t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
-       OPENSSL_assert(t > 0);
+       if (!send &&
+           EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+           ssl3_cbc_record_digest_supported(mac_ctx))
+               {
+               /* This is a CBC-encrypted record. We must avoid leaking any
+                * timing-side channel information about how many blocks of
+                * data we are hashing because that gives an attacker a
+                * timing-oracle. */
+               ssl3_cbc_digest_record(
+                       mac_ctx,
+                       md, &md_size,
+                       header, rec->input,
+                       rec->length + md_size, orig_len,
+                       ssl->s3->read_mac_secret,
+                       ssl->s3->read_mac_secret_size,
+                       0 /* not SSLv3 */);
+               }
+       else
+               {
+               EVP_DigestSignUpdate(mac_ctx,header,sizeof(header));
+               EVP_DigestSignUpdate(mac_ctx,rec->input,rec->length);
+               t=EVP_DigestSignFinal(mac_ctx,md,&md_size);
+               OPENSSL_assert(t > 0);
+#ifdef OPENSSL_FIPS
+               if (!send && FIPS_mode())
+                       tls_fips_digest_extra(
+                                       ssl->enc_read_ctx,
+                                       mac_ctx, rec->input,
+                                       rec->length, orig_len);
+#endif
+               }
                
-       if (!stream_mac) EVP_MD_CTX_cleanup(&hmac);
+       if (!stream_mac)
+               EVP_MD_CTX_cleanup(&hmac);
 #ifdef TLS_DEBUG
 printf("sec=");
 {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); }
@@ -970,6 +1073,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
        const void *co = NULL, *so = NULL;
        int col = 0, sol = 0;
 
+
 #ifdef KSSL_DEBUG
        printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len);
 #endif /* KSSL_DEBUG */
@@ -986,7 +1090,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
                }
 #endif
 
-       tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+       tls1_PRF(ssl_get_algorithm2(s),
                TLS_MD_MASTER_SECRET_CONST,TLS_MD_MASTER_SECRET_CONST_SIZE,
                s->s3->client_random,SSL3_RANDOM_SIZE,
                co, col,
@@ -994,6 +1098,16 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
                so, sol,
                p,len,
                s->session->master_key,buff,sizeof buff);
+#ifdef SSL_DEBUG
+       fprintf(stderr, "Premaster Secret:\n");
+       BIO_dump_fp(stderr, (char *)p, len);
+       fprintf(stderr, "Client Random:\n");
+       BIO_dump_fp(stderr, (char *)s->s3->client_random, SSL3_RANDOM_SIZE);
+       fprintf(stderr, "Server Random:\n");
+       BIO_dump_fp(stderr, (char *)s->s3->server_random, SSL3_RANDOM_SIZE);
+       fprintf(stderr, "Master Secret:\n");
+       BIO_dump_fp(stderr, (char *)s->session->master_key, SSL3_MASTER_SECRET_SIZE);
+#endif
 
 #ifdef KSSL_DEBUG
        printf ("tls1_generate_master_secret() complete\n");
@@ -1131,4 +1245,3 @@ int tls1_alert_code(int code)
        default:                        return(-1);
                }
        }
-

diff --git a/deps/openssl/openssl/ssl/t1_lib.c b/deps/openssl/openssl/ssl/t1_lib.c
index 03becbc..e08088c 100644 (file)
--- a/deps/openssl/openssl/ssl/t1_lib.c
+++ b/deps/openssl/openssl/ssl/t1_lib.c
@@ -114,6 +114,7 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/ocsp.h>
+#include <openssl/rand.h>
 #include "ssl_locl.h"
 
 const char tls1_version_str[]="TLSv1" OPENSSL_VERSION_PTEXT;
@@ -167,10 +168,11 @@ void tls1_free(SSL *s)
 void tls1_clear(SSL *s)
        {
        ssl3_clear(s);
-       s->version=TLS1_VERSION;
+       s->version = s->method->version;
        }
 
 #ifndef OPENSSL_NO_EC
+
 static int nid_list[] =
        {
                NID_sect163k1, /* sect163k1 (1) */
@@ -199,7 +201,36 @@ static int nid_list[] =
                NID_secp384r1, /* secp384r1 (24) */
                NID_secp521r1  /* secp521r1 (25) */     
        };
-       
+
+static int pref_list[] =
+       {
+               NID_sect571r1, /* sect571r1 (14) */ 
+               NID_sect571k1, /* sect571k1 (13) */ 
+               NID_secp521r1, /* secp521r1 (25) */     
+               NID_sect409k1, /* sect409k1 (11) */ 
+               NID_sect409r1, /* sect409r1 (12) */
+               NID_secp384r1, /* secp384r1 (24) */
+               NID_sect283k1, /* sect283k1 (9) */
+               NID_sect283r1, /* sect283r1 (10) */ 
+               NID_secp256k1, /* secp256k1 (22) */ 
+               NID_X9_62_prime256v1, /* secp256r1 (23) */ 
+               NID_sect239k1, /* sect239k1 (8) */ 
+               NID_sect233k1, /* sect233k1 (6) */
+               NID_sect233r1, /* sect233r1 (7) */ 
+               NID_secp224k1, /* secp224k1 (20) */ 
+               NID_secp224r1, /* secp224r1 (21) */
+               NID_sect193r1, /* sect193r1 (4) */ 
+               NID_sect193r2, /* sect193r2 (5) */ 
+               NID_secp192k1, /* secp192k1 (18) */
+               NID_X9_62_prime192v1, /* secp192r1 (19) */ 
+               NID_sect163k1, /* sect163k1 (1) */
+               NID_sect163r1, /* sect163r1 (2) */
+               NID_sect163r2, /* sect163r2 (3) */
+               NID_secp160k1, /* secp160k1 (15) */
+               NID_secp160r1, /* secp160r1 (16) */ 
+               NID_secp160r2, /* secp160r2 (17) */ 
+       };
+
 int tls1_ec_curve_id2nid(int curve_id)
        {
        /* ECC curves from draft-ietf-tls-ecc-12.txt (Oct. 17, 2005) */
@@ -271,6 +302,64 @@ int tls1_ec_nid2curve_id(int nid)
 #endif /* OPENSSL_NO_EC */
 
 #ifndef OPENSSL_NO_TLSEXT
+
+/* List of supported signature algorithms and hashes. Should make this
+ * customisable at some point, for now include everything we support.
+ */
+
+#ifdef OPENSSL_NO_RSA
+#define tlsext_sigalg_rsa(md) /* */
+#else
+#define tlsext_sigalg_rsa(md) md, TLSEXT_signature_rsa,
+#endif
+
+#ifdef OPENSSL_NO_DSA
+#define tlsext_sigalg_dsa(md) /* */
+#else
+#define tlsext_sigalg_dsa(md) md, TLSEXT_signature_dsa,
+#endif
+
+#ifdef OPENSSL_NO_ECDSA
+#define tlsext_sigalg_ecdsa(md) /* */
+#else
+#define tlsext_sigalg_ecdsa(md) md, TLSEXT_signature_ecdsa,
+#endif
+
+#define tlsext_sigalg(md) \
+               tlsext_sigalg_rsa(md) \
+               tlsext_sigalg_dsa(md) \
+               tlsext_sigalg_ecdsa(md)
+
+static unsigned char tls12_sigalgs[] = {
+#ifndef OPENSSL_NO_SHA512
+       tlsext_sigalg(TLSEXT_hash_sha512)
+       tlsext_sigalg(TLSEXT_hash_sha384)
+#endif
+#ifndef OPENSSL_NO_SHA256
+       tlsext_sigalg(TLSEXT_hash_sha256)
+       tlsext_sigalg(TLSEXT_hash_sha224)
+#endif
+#ifndef OPENSSL_NO_SHA
+       tlsext_sigalg(TLSEXT_hash_sha1)
+#endif
+#ifndef OPENSSL_NO_MD5
+       tlsext_sigalg_rsa(TLSEXT_hash_md5)
+#endif
+};
+
+int tls12_get_req_sig_algs(SSL *s, unsigned char *p)
+       {
+       size_t slen = sizeof(tls12_sigalgs);
+#ifdef OPENSSL_FIPS
+       /* If FIPS mode don't include MD5 which is last */
+       if (FIPS_mode())
+               slen -= 2;
+#endif
+       if (p)
+               memcpy(p, tls12_sigalgs, slen);
+       return (int)slen;
+       }
+
 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit)
        {
        int extdatalen=0;
@@ -318,7 +407,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                }
 
         /* Add RI if renegotiating */
-        if (s->new_session)
+        if (s->renegotiate)
           {
           int el;
           
@@ -342,6 +431,34 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
           ret += el;
         }
 
+#ifndef OPENSSL_NO_SRP
+       /* Add SRP username if there is one */
+       if (s->srp_ctx.login != NULL)
+               { /* Add TLS extension SRP username to the Client Hello message */
+
+               int login_len = strlen(s->srp_ctx.login);       
+               if (login_len > 255 || login_len == 0)
+                       {
+                       SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+                       return NULL;
+                       } 
+
+               /* check for enough space.
+                  4 for the srp type type and entension length
+                  1 for the srp user identity
+                  + srp user identity length 
+               */
+               if ((limit - ret - 5 - login_len) < 0) return NULL; 
+
+               /* fill in the extension */
+               s2n(TLSEXT_TYPE_srp,ret);
+               s2n(login_len+1,ret);
+               (*ret++) = (unsigned char) login_len;
+               memcpy(ret, s->srp_ctx.login, login_len);
+               ret+=login_len;
+               }
+#endif
+
 #ifndef OPENSSL_NO_EC
        if (s->tlsext_ecpointformatlist != NULL &&
            s->version != DTLS1_VERSION)
@@ -427,6 +544,17 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                }
                skip_ext:
 
+       if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
+               {
+               if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6)
+                       return NULL; 
+               s2n(TLSEXT_TYPE_signature_algorithms,ret);
+               s2n(sizeof(tls12_sigalgs) + 2, ret);
+               s2n(sizeof(tls12_sigalgs), ret);
+               memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs));
+               ret += sizeof(tls12_sigalgs);
+               }
+
 #ifdef TLSEXT_TYPE_opaque_prf_input
        if (s->s3->client_opaque_prf_input != NULL &&
            s->version != DTLS1_VERSION)
@@ -495,6 +623,20 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                        i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
                }
 
+#ifndef OPENSSL_NO_HEARTBEATS
+       /* Add Heartbeat extension */
+       s2n(TLSEXT_TYPE_heartbeat,ret);
+       s2n(1,ret);
+       /* Set mode:
+        * 1: peer may send requests
+        * 2: peer not allowed to send requests
+        */
+       if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
+               *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
+       else
+               *(ret++) = SSL_TLSEXT_HB_ENABLED;
+#endif
+
 #ifndef OPENSSL_NO_NEXTPROTONEG
        if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len)
                {
@@ -507,6 +649,27 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
                }
 #endif
 
+#ifndef OPENSSL_NO_SRTP
+        if(SSL_get_srtp_profiles(s))
+                {
+                int el;
+
+                ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0);
+                
+                if((limit - p - 4 - el) < 0) return NULL;
+
+                s2n(TLSEXT_TYPE_use_srtp,ret);
+                s2n(el,ret);
+
+                if(ssl_add_clienthello_use_srtp_ext(s, ret, &el, el))
+                       {
+                       SSLerr(SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+                       return NULL;
+                       }
+                ret += el;
+                }
+#endif
+
        if ((extdatalen = ret-p-2)== 0) 
                return p;
 
@@ -619,6 +782,28 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
                ret += sol;
                }
 #endif
+
+#ifndef OPENSSL_NO_SRTP
+        if(s->srtp_profile)
+                {
+                int el;
+
+                ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0);
+                
+                if((limit - p - 4 - el) < 0) return NULL;
+
+                s2n(TLSEXT_TYPE_use_srtp,ret);
+                s2n(el,ret);
+
+                if(ssl_add_serverhello_use_srtp_ext(s, ret, &el, el))
+                       {
+                       SSLerr(SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, ERR_R_INTERNAL_ERROR);
+                       return NULL;
+                       }
+                ret+=el;
+                }
+#endif
+
        if (((s->s3->tmp.new_cipher->id & 0xFFFF)==0x80 || (s->s3->tmp.new_cipher->id & 0xFFFF)==0x81) 
                && (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG))
                { const unsigned char cryptopro_ext[36] = {
@@ -634,6 +819,24 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 
                }
 
+#ifndef OPENSSL_NO_HEARTBEATS
+       /* Add Heartbeat extension if we've received one */
+       if (s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED)
+               {
+               s2n(TLSEXT_TYPE_heartbeat,ret);
+               s2n(1,ret);
+               /* Set mode:
+                * 1: peer may send requests
+                * 2: peer not allowed to send requests
+                */
+               if (s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_RECV_REQUESTS)
+                       *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
+               else
+                       *(ret++) = SSL_TLSEXT_HB_ENABLED;
+
+               }
+#endif
+
 #ifndef OPENSSL_NO_NEXTPROTONEG
        next_proto_neg_seen = s->s3->next_proto_neg_seen;
        s->s3->next_proto_neg_seen = 0;
@@ -670,9 +873,18 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
        unsigned short len;
        unsigned char *data = *p;
        int renegotiate_seen = 0;
+       int sigalg_seen = 0;
 
        s->servername_done = 0;
        s->tlsext_status_type = -1;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+       s->s3->next_proto_neg_seen = 0;
+#endif
+
+#ifndef OPENSSL_NO_HEARTBEATS
+       s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
+                              SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
+#endif
 
        if (data >= (d+n-2))
                goto ri_check;
@@ -800,6 +1012,31 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                }
 
                        }
+#ifndef OPENSSL_NO_SRP
+               else if (type == TLSEXT_TYPE_srp)
+                       {
+                       if (size <= 0 || ((len = data[0])) != (size -1))
+                               {
+                               *al = SSL_AD_DECODE_ERROR;
+                               return 0;
+                               }
+                       if (s->srp_ctx.login != NULL)
+                               {
+                               *al = SSL_AD_DECODE_ERROR;
+                               return 0;
+                               }
+                       if ((s->srp_ctx.login = OPENSSL_malloc(len+1)) == NULL)
+                               return -1;
+                       memcpy(s->srp_ctx.login, &data[1], len);
+                       s->srp_ctx.login[len]='\0';
+  
+                       if (strlen(s->srp_ctx.login) != len) 
+                               {
+                               *al = SSL_AD_DECODE_ERROR;
+                               return 0;
+                               }
+                       }
+#endif
 
 #ifndef OPENSSL_NO_EC
                else if (type == TLSEXT_TYPE_ec_point_formats &&
@@ -844,7 +1081,8 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                        int ellipticcurvelist_length = (*(sdata++) << 8);
                        ellipticcurvelist_length += (*(sdata++));
 
-                       if (ellipticcurvelist_length != size - 2)
+                       if (ellipticcurvelist_length != size - 2 ||
+                               ellipticcurvelist_length < 1)
                                {
                                *al = TLS1_AD_DECODE_ERROR;
                                return 0;
@@ -920,6 +1158,28 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                return 0;
                        renegotiate_seen = 1;
                        }
+               else if (type == TLSEXT_TYPE_signature_algorithms)
+                       {
+                       int dsize;
+                       if (sigalg_seen || size < 2) 
+                               {
+                               *al = SSL_AD_DECODE_ERROR;
+                               return 0;
+                               }
+                       sigalg_seen = 1;
+                       n2s(data,dsize);
+                       size -= 2;
+                       if (dsize != size || dsize & 1) 
+                               {
+                               *al = SSL_AD_DECODE_ERROR;
+                               return 0;
+                               }
+                       if (!tls1_process_sigalgs(s, data, dsize))
+                               {
+                               *al = SSL_AD_DECODE_ERROR;
+                               return 0;
+                               }
+                       }
                else if (type == TLSEXT_TYPE_status_request &&
                         s->version != DTLS1_VERSION && s->ctx->tlsext_status_cb)
                        {
@@ -1032,9 +1292,26 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                else
                                        s->tlsext_status_type = -1;
                        }
+#ifndef OPENSSL_NO_HEARTBEATS
+               else if (type == TLSEXT_TYPE_heartbeat)
+                       {
+                       switch(data[0])
+                               {
+                               case 0x01:      /* Client allows us to send HB requests */
+                                                       s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
+                                                       break;
+                               case 0x02:      /* Client doesn't accept HB requests */
+                                                       s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
+                                                       s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
+                                                       break;
+                               default:        *al = SSL_AD_ILLEGAL_PARAMETER;
+                                                       return 0;
+                               }
+                       }
+#endif
 #ifndef OPENSSL_NO_NEXTPROTONEG
                else if (type == TLSEXT_TYPE_next_proto_neg &&
-                         s->s3->tmp.finish_md_len == 0)
+                        s->s3->tmp.finish_md_len == 0)
                        {
                        /* We shouldn't accept this extension on a
                         * renegotiation.
@@ -1056,6 +1333,15 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 #endif
 
                /* session ticket processed earlier */
+#ifndef OPENSSL_NO_SRTP
+               else if (type == TLSEXT_TYPE_use_srtp)
+                       {
+                       if(ssl_parse_clienthello_use_srtp_ext(s, data, size,
+                                                             al))
+                               return 0;
+                       }
+#endif
+
                data+=size;
                }
                                
@@ -1065,7 +1351,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 
        /* Need RI if renegotiating */
 
-       if (!renegotiate_seen && s->new_session &&
+       if (!renegotiate_seen && s->renegotiate &&
                !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION))
                {
                *al = SSL_AD_HANDSHAKE_FAILURE;
@@ -1081,7 +1367,7 @@ int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
 /* ssl_next_proto_validate validates a Next Protocol Negotiation block. No
  * elements of zero length are allowed and the set of elements must exactly fill
  * the length of the block. */
-static int ssl_next_proto_validate(unsigned char *d, unsigned len)
+static char ssl_next_proto_validate(unsigned char *d, unsigned len)
        {
        unsigned int off = 0;
 
@@ -1106,6 +1392,15 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
        int tlsext_servername = 0;
        int renegotiate_seen = 0;
 
+#ifndef OPENSSL_NO_NEXTPROTONEG
+       s->s3->next_proto_neg_seen = 0;
+#endif
+
+#ifndef OPENSSL_NO_HEARTBEATS
+       s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED |
+                              SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
+#endif
+
        if (data >= (d+n-2))
                goto ri_check;
 
@@ -1145,7 +1440,8 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                        unsigned char *sdata = data;
                        int ecpointformatlist_length = *(sdata++);
 
-                       if (ecpointformatlist_length != size - 1)
+                       if (ecpointformatlist_length != size - 1 || 
+                               ecpointformatlist_length < 1)
                                {
                                *al = TLS1_AD_DECODE_ERROR;
                                return 0;
@@ -1232,13 +1528,14 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                        s->tlsext_status_expected = 1;
                        }
 #ifndef OPENSSL_NO_NEXTPROTONEG
-               else if (type == TLSEXT_TYPE_next_proto_neg)
+               else if (type == TLSEXT_TYPE_next_proto_neg &&
+                        s->s3->tmp.finish_md_len == 0)
                        {
                        unsigned char *selected;
                        unsigned char selected_len;
 
                        /* We must have requested it. */
-                       if ((s->ctx->next_proto_select_cb == NULL))
+                       if (s->ctx->next_proto_select_cb == NULL)
                                {
                                *al = TLS1_AD_UNSUPPORTED_EXTENSION;
                                return 0;
@@ -1262,6 +1559,7 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                }
                        memcpy(s->next_proto_negotiated, selected, selected_len);
                        s->next_proto_negotiated_len = selected_len;
+                       s->s3->next_proto_neg_seen = 1;
                        }
 #endif
                else if (type == TLSEXT_TYPE_renegotiate)
@@ -1270,6 +1568,32 @@ int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, in
                                return 0;
                        renegotiate_seen = 1;
                        }
+#ifndef OPENSSL_NO_HEARTBEATS
+               else if (type == TLSEXT_TYPE_heartbeat)
+                       {
+                       switch(data[0])
+                               {
+                               case 0x01:      /* Server allows us to send HB requests */
+                                                       s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
+                                                       break;
+                               case 0x02:      /* Server doesn't accept HB requests */
+                                                       s->tlsext_heartbeat |= SSL_TLSEXT_HB_ENABLED;
+                                                       s->tlsext_heartbeat |= SSL_TLSEXT_HB_DONT_SEND_REQUESTS;
+                                                       break;
+                               default:        *al = SSL_AD_ILLEGAL_PARAMETER;
+                                                       return 0;
+                               }
+                       }
+#endif
+#ifndef OPENSSL_NO_SRTP
+               else if (type == TLSEXT_TYPE_use_srtp)
+                       {
+                        if(ssl_parse_serverhello_use_srtp_ext(s, data, size,
+                                                             al))
+                                return 0;
+                       }
+#endif
+
                data+=size;             
                }
 
@@ -1349,7 +1673,7 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
                        break;
                        }
                }
-       using_ecc = using_ecc && (s->version == TLS1_VERSION);
+       using_ecc = using_ecc && (s->version >= TLS1_VERSION);
        if (using_ecc)
                {
                if (s->tlsext_ecpointformatlist != NULL) OPENSSL_free(s->tlsext_ecpointformatlist);
@@ -1365,16 +1689,19 @@ int ssl_prepare_clienthello_tlsext(SSL *s)
 
                /* we support all named elliptic curves in draft-ietf-tls-ecc-12 */
                if (s->tlsext_ellipticcurvelist != NULL) OPENSSL_free(s->tlsext_ellipticcurvelist);
-               s->tlsext_ellipticcurvelist_length = sizeof(nid_list)/sizeof(nid_list[0]) * 2;
+               s->tlsext_ellipticcurvelist_length = sizeof(pref_list)/sizeof(pref_list[0]) * 2;
                if ((s->tlsext_ellipticcurvelist = OPENSSL_malloc(s->tlsext_ellipticcurvelist_length)) == NULL)
                        {
                        s->tlsext_ellipticcurvelist_length = 0;
                        SSLerr(SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT,ERR_R_MALLOC_FAILURE);
                        return -1;
                        }
-               for (i = 1, j = s->tlsext_ellipticcurvelist; (unsigned int)i <=
-                               sizeof(nid_list)/sizeof(nid_list[0]); i++)
-                       s2n(i,j);
+               for (i = 0, j = s->tlsext_ellipticcurvelist; (unsigned int)i <
+                               sizeof(pref_list)/sizeof(pref_list[0]); i++)
+                       {
+                       int id = tls1_ec_nid2curve_id(pref_list[i]);
+                       s2n(id,j);
+                       }
                }
 #endif /* OPENSSL_NO_EC */
 
@@ -1446,7 +1773,7 @@ int ssl_prepare_serverhello_tlsext(SSL *s)
        return 1;
        }
 
-int ssl_check_clienthello_tlsext(SSL *s)
+int ssl_check_clienthello_tlsext_early(SSL *s)
        {
        int ret=SSL_TLSEXT_ERR_NOACK;
        int al = SSL_AD_UNRECOGNIZED_NAME;
@@ -1465,42 +1792,12 @@ int ssl_check_clienthello_tlsext(SSL *s)
        else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)             
                ret = s->initial_ctx->tlsext_servername_callback(s, &al, s->initial_ctx->tlsext_servername_arg);
 
-       /* If status request then ask callback what to do.
-        * Note: this must be called after servername callbacks in case 
-        * the certificate has changed.
-        */
-       if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
-               {
-               int r;
-               r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
-               switch (r)
-                       {
-                       /* We don't want to send a status request response */
-                       case SSL_TLSEXT_ERR_NOACK:
-                               s->tlsext_status_expected = 0;
-                               break;
-                       /* status request response should be sent */
-                       case SSL_TLSEXT_ERR_OK:
-                               if (s->tlsext_ocsp_resp)
-                                       s->tlsext_status_expected = 1;
-                               else
-                                       s->tlsext_status_expected = 0;
-                               break;
-                       /* something bad happened */
-                       case SSL_TLSEXT_ERR_ALERT_FATAL:
-                               ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-                               al = SSL_AD_INTERNAL_ERROR;
-                               goto err;
-                       }
-               }
-       else
-               s->tlsext_status_expected = 0;
-
 #ifdef TLSEXT_TYPE_opaque_prf_input
        {
                /* This sort of belongs into ssl_prepare_serverhello_tlsext(),
                 * but we might be sending an alert in response to the client hello,
-                * so this has to happen here in ssl_check_clienthello_tlsext(). */
+                * so this has to happen here in
+                * ssl_check_clienthello_tlsext_early(). */
 
                int r = 1;
        
@@ -1552,8 +1849,8 @@ int ssl_check_clienthello_tlsext(SSL *s)
                        }
        }
 
-#endif
  err:
+#endif
        switch (ret)
                {
                case SSL_TLSEXT_ERR_ALERT_FATAL:
@@ -1571,6 +1868,71 @@ int ssl_check_clienthello_tlsext(SSL *s)
                }
        }
 
+int ssl_check_clienthello_tlsext_late(SSL *s)
+       {
+       int ret = SSL_TLSEXT_ERR_OK;
+       int al;
+
+       /* If status request then ask callback what to do.
+        * Note: this must be called after servername callbacks in case 
+        * the certificate has changed, and must be called after the cipher
+        * has been chosen because this may influence which certificate is sent
+        */
+       if ((s->tlsext_status_type != -1) && s->ctx && s->ctx->tlsext_status_cb)
+               {
+               int r;
+               CERT_PKEY *certpkey;
+               certpkey = ssl_get_server_send_pkey(s);
+               /* If no certificate can't return certificate status */
+               if (certpkey == NULL)
+                       {
+                       s->tlsext_status_expected = 0;
+                       return 1;
+                       }
+               /* Set current certificate to one we will use so
+                * SSL_get_certificate et al can pick it up.
+                */
+               s->cert->key = certpkey;
+               r = s->ctx->tlsext_status_cb(s, s->ctx->tlsext_status_arg);
+               switch (r)
+                       {
+                       /* We don't want to send a status request response */
+                       case SSL_TLSEXT_ERR_NOACK:
+                               s->tlsext_status_expected = 0;
+                               break;
+                       /* status request response should be sent */
+                       case SSL_TLSEXT_ERR_OK:
+                               if (s->tlsext_ocsp_resp)
+                                       s->tlsext_status_expected = 1;
+                               else
+                                       s->tlsext_status_expected = 0;
+                               break;
+                       /* something bad happened */
+                       case SSL_TLSEXT_ERR_ALERT_FATAL:
+                               ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+                               al = SSL_AD_INTERNAL_ERROR;
+                               goto err;
+                       }
+               }
+       else
+               s->tlsext_status_expected = 0;
+
+ err:
+       switch (ret)
+               {
+               case SSL_TLSEXT_ERR_ALERT_FATAL:
+                       ssl3_send_alert(s,SSL3_AL_FATAL,al); 
+                       return -1;
+
+               case SSL_TLSEXT_ERR_ALERT_WARNING:
+                       ssl3_send_alert(s,SSL3_AL_WARNING,al);
+                       return 1; 
+
+               default:
+                       return 1;
+               }
+       }
+
 int ssl_check_serverhello_tlsext(SSL *s)
        {
        int ret=SSL_TLSEXT_ERR_NOACK;
@@ -1683,26 +2045,56 @@ int ssl_check_serverhello_tlsext(SSL *s)
                }
        }
 
-/* Since the server cache lookup is done early on in the processing of client
- * hello and other operations depend on the result we need to handle any TLS
- * session ticket extension at the same time.
+/* Since the server cache lookup is done early on in the processing of the
+ * ClientHello, and other operations depend on the result, we need to handle
+ * any TLS session ticket extension at the same time.
+ *
+ *   session_id: points at the session ID in the ClientHello. This code will
+ *       read past the end of this in order to parse out the session ticket
+ *       extension, if any.
+ *   len: the length of the session ID.
+ *   limit: a pointer to the first byte after the ClientHello.
+ *   ret: (output) on return, if a ticket was decrypted, then this is set to
+ *       point to the resulting session.
+ *
+ * If s->tls_session_secret_cb is set then we are expecting a pre-shared key
+ * ciphersuite, in which case we have no use for session tickets and one will
+ * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
+ *
+ * Returns:
+ *   -1: fatal error, either from parsing or decrypting the ticket.
+ *    0: no ticket was found (or was ignored, based on settings).
+ *    1: a zero length extension was found, indicating that the client supports
+ *       session tickets but doesn't currently have one to offer.
+ *    2: either s->tls_session_secret_cb was set, or a ticket was offered but
+ *       couldn't be decrypted because of a non-fatal error.
+ *    3: a ticket was successfully decrypted and *ret was set.
+ *
+ * Side effects:
+ *   Sets s->tlsext_ticket_expected to 1 if the server will have to issue
+ *   a new session ticket to the client because the client indicated support
+ *   (and s->tls_session_secret_cb is NULL) but the client either doesn't have
+ *   a session ticket or we couldn't use the one it gave us, or if
+ *   s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
+ *   Otherwise, s->tlsext_ticket_expected is set to 0.
  */
-
 int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
-                               const unsigned char *limit, SSL_SESSION **ret)
+                       const unsigned char *limit, SSL_SESSION **ret)
        {
        /* Point after session ID in client hello */
        const unsigned char *p = session_id + len;
        unsigned short i;
 
+       *ret = NULL;
+       s->tlsext_ticket_expected = 0;
+
        /* If tickets disabled behave as if no ticket present
-        * to permit stateful resumption.
-        */
+        * to permit stateful resumption.
+        */
        if (SSL_get_options(s) & SSL_OP_NO_TICKET)
-               return 1;
-
+               return 0;
        if ((s->version <= SSL3_VERSION) || !limit)
-               return 1;
+               return 0;
        if (p >= limit)
                return -1;
        /* Skip past DTLS cookie */
@@ -1725,7 +2117,7 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
                return -1;
        /* Now at start of extensions */
        if ((p + 2) >= limit)
-               return 1;
+               return 0;
        n2s(p, i);
        while ((p + 4) <= limit)
                {
@@ -1733,39 +2125,61 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
                n2s(p, type);
                n2s(p, size);
                if (p + size > limit)
-                       return 1;
+                       return 0;
                if (type == TLSEXT_TYPE_session_ticket)
                        {
-                       /* If tickets disabled indicate cache miss which will
-                        * trigger a full handshake
-                        */
-                       if (SSL_get_options(s) & SSL_OP_NO_TICKET)
-                               return 1;
-                       /* If zero length note client will accept a ticket
-                        * and indicate cache miss to trigger full handshake
-                        */
+                       int r;
                        if (size == 0)
                                {
+                               /* The client will accept a ticket but doesn't
+                                * currently have one. */
                                s->tlsext_ticket_expected = 1;
-                               return 0;       /* Cache miss */
+                               return 1;
                                }
                        if (s->tls_session_secret_cb)
                                {
-                               /* Indicate cache miss here and instead of
-                                * generating the session from ticket now,
-                                * trigger abbreviated handshake based on
-                                * external mechanism to calculate the master
-                                * secret later. */
-                               return 0;
+                               /* Indicate that the ticket couldn't be
+                                * decrypted rather than generating the session
+                                * from ticket now, trigger abbreviated
+                                * handshake based on external mechanism to
+                                * calculate the master secret later. */
+                               return 2;
+                               }
+                       r = tls_decrypt_ticket(s, p, size, session_id, len, ret);
+                       switch (r)
+                               {
+                               case 2: /* ticket couldn't be decrypted */
+                                       s->tlsext_ticket_expected = 1;
+                                       return 2;
+                               case 3: /* ticket was decrypted */
+                                       return r;
+                               case 4: /* ticket decrypted but need to renew */
+                                       s->tlsext_ticket_expected = 1;
+                                       return 3;
+                               default: /* fatal error */
+                                       return -1;
                                }
-                       return tls_decrypt_ticket(s, p, size, session_id, len,
-                                                                       ret);
                        }
                p += size;
                }
-       return 1;
+       return 0;
        }
 
+/* tls_decrypt_ticket attempts to decrypt a session ticket.
+ *
+ *   etick: points to the body of the session ticket extension.
+ *   eticklen: the length of the session tickets extenion.
+ *   sess_id: points at the session ID.
+ *   sesslen: the length of the session ID.
+ *   psess: (output) on return, if a ticket was decrypted, then this is set to
+ *       point to the resulting session.
+ *
+ * Returns:
+ *   -1: fatal error, either from parsing or decrypting the ticket.
+ *    2: the ticket couldn't be decrypted.
+ *    3: a ticket was successfully decrypted and *psess was set.
+ *    4: same as 3, but the ticket needs to be renewed.
+ */
 static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
                                const unsigned char *sess_id, int sesslen,
                                SSL_SESSION **psess)
@@ -1780,7 +2194,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
        SSL_CTX *tctx = s->initial_ctx;
        /* Need at least keyname + iv + some encrypted data */
        if (eticklen < 48)
-               goto tickerr;
+               return 2;
        /* Initialize session ticket encryption and HMAC contexts */
        HMAC_CTX_init(&hctx);
        EVP_CIPHER_CTX_init(&ctx);
@@ -1792,7 +2206,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
                if (rv < 0)
                        return -1;
                if (rv == 0)
-                       goto tickerr;
+                       return 2;
                if (rv == 2)
                        renew_ticket = 1;
                }
@@ -1800,15 +2214,15 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
                {
                /* Check key name matches */
                if (memcmp(etick, tctx->tlsext_tick_key_name, 16))
-                       goto tickerr;
+                       return 2;
                HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16,
                                        tlsext_tick_md(), NULL);
                EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
                                tctx->tlsext_tick_aes_key, etick + 16);
                }
        /* Attempt to process session ticket, first conduct sanity and
-        * integrity checks on ticket.
-        */
+        * integrity checks on ticket.
+        */
        mlen = HMAC_size(&hctx);
        if (mlen < 0)
                {
@@ -1820,8 +2234,8 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
        HMAC_Update(&hctx, etick, eticklen);
        HMAC_Final(&hctx, tick_hmac, NULL);
        HMAC_CTX_cleanup(&hctx);
-       if (memcmp(tick_hmac, etick + eticklen, mlen))
-               goto tickerr;
+       if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen))
+               return 2;
        /* Attempt to decrypt session data */
        /* Move p after IV to start of encrypted ticket, update length */
        p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx);
@@ -1834,33 +2248,376 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
                }
        EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen);
        if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0)
-               goto tickerr;
+               return 2;
        slen += mlen;
        EVP_CIPHER_CTX_cleanup(&ctx);
        p = sdec;
-               
+
        sess = d2i_SSL_SESSION(NULL, &p, slen);
        OPENSSL_free(sdec);
        if (sess)
                {
-               /* The session ID if non-empty is used by some clients to
-                * detect that the ticket has been accepted. So we copy it to
-                * the session structure. If it is empty set length to zero
-                * as required by standard.
-                */
+               /* The session ID, if non-empty, is used by some clients to
+                * detect that the ticket has been accepted. So we copy it to
+                * the session structure. If it is empty set length to zero
+                * as required by standard.
+                */
                if (sesslen)
                        memcpy(sess->session_id, sess_id, sesslen);
                sess->session_id_length = sesslen;
                *psess = sess;
-               s->tlsext_ticket_expected = renew_ticket;
+               if (renew_ticket)
+                       return 4;
+               else
+                       return 3;
+               }
+        ERR_clear_error();
+       /* For session parse failure, indicate that we need to send a new
+        * ticket. */
+       return 2;
+       }
+
+/* Tables to translate from NIDs to TLS v1.2 ids */
+
+typedef struct 
+       {
+       int nid;
+       int id;
+       } tls12_lookup;
+
+static tls12_lookup tls12_md[] = {
+#ifndef OPENSSL_NO_MD5
+       {NID_md5, TLSEXT_hash_md5},
+#endif
+#ifndef OPENSSL_NO_SHA
+       {NID_sha1, TLSEXT_hash_sha1},
+#endif
+#ifndef OPENSSL_NO_SHA256
+       {NID_sha224, TLSEXT_hash_sha224},
+       {NID_sha256, TLSEXT_hash_sha256},
+#endif
+#ifndef OPENSSL_NO_SHA512
+       {NID_sha384, TLSEXT_hash_sha384},
+       {NID_sha512, TLSEXT_hash_sha512}
+#endif
+};
+
+static tls12_lookup tls12_sig[] = {
+#ifndef OPENSSL_NO_RSA
+       {EVP_PKEY_RSA, TLSEXT_signature_rsa},
+#endif
+#ifndef OPENSSL_NO_DSA
+       {EVP_PKEY_DSA, TLSEXT_signature_dsa},
+#endif
+#ifndef OPENSSL_NO_ECDSA
+       {EVP_PKEY_EC, TLSEXT_signature_ecdsa}
+#endif
+};
+
+static int tls12_find_id(int nid, tls12_lookup *table, size_t tlen)
+       {
+       size_t i;
+       for (i = 0; i < tlen; i++)
+               {
+               if (table[i].nid == nid)
+                       return table[i].id;
+               }
+       return -1;
+       }
+#if 0
+static int tls12_find_nid(int id, tls12_lookup *table, size_t tlen)
+       {
+       size_t i;
+       for (i = 0; i < tlen; i++)
+               {
+               if (table[i].id == id)
+                       return table[i].nid;
+               }
+       return -1;
+       }
+#endif
+
+int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk, const EVP_MD *md)
+       {
+       int sig_id, md_id;
+       if (!md)
+               return 0;
+       md_id = tls12_find_id(EVP_MD_type(md), tls12_md,
+                               sizeof(tls12_md)/sizeof(tls12_lookup));
+       if (md_id == -1)
+               return 0;
+       sig_id = tls12_get_sigid(pk);
+       if (sig_id == -1)
+               return 0;
+       p[0] = (unsigned char)md_id;
+       p[1] = (unsigned char)sig_id;
+       return 1;
+       }
+
+int tls12_get_sigid(const EVP_PKEY *pk)
+       {
+       return tls12_find_id(pk->type, tls12_sig,
+                               sizeof(tls12_sig)/sizeof(tls12_lookup));
+       }
+
+const EVP_MD *tls12_get_hash(unsigned char hash_alg)
+       {
+       switch(hash_alg)
+               {
+#ifndef OPENSSL_NO_MD5
+               case TLSEXT_hash_md5:
+#ifdef OPENSSL_FIPS
+               if (FIPS_mode())
+                       return NULL;
+#endif
+               return EVP_md5();
+#endif
+#ifndef OPENSSL_NO_SHA
+               case TLSEXT_hash_sha1:
+               return EVP_sha1();
+#endif
+#ifndef OPENSSL_NO_SHA256
+               case TLSEXT_hash_sha224:
+               return EVP_sha224();
+
+               case TLSEXT_hash_sha256:
+               return EVP_sha256();
+#endif
+#ifndef OPENSSL_NO_SHA512
+               case TLSEXT_hash_sha384:
+               return EVP_sha384();
+
+               case TLSEXT_hash_sha512:
+               return EVP_sha512();
+#endif
+               default:
+               return NULL;
+
+               }
+       }
+
+/* Set preferred digest for each key type */
+
+int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
+       {
+       int i, idx;
+       const EVP_MD *md;
+       CERT *c = s->cert;
+       /* Extension ignored for TLS versions below 1.2 */
+       if (TLS1_get_version(s) < TLS1_2_VERSION)
                return 1;
+       /* Should never happen */
+       if (!c)
+               return 0;
+
+       c->pkeys[SSL_PKEY_DSA_SIGN].digest = NULL;
+       c->pkeys[SSL_PKEY_RSA_SIGN].digest = NULL;
+       c->pkeys[SSL_PKEY_RSA_ENC].digest = NULL;
+       c->pkeys[SSL_PKEY_ECC].digest = NULL;
+
+       for (i = 0; i < dsize; i += 2)
+               {
+               unsigned char hash_alg = data[i], sig_alg = data[i+1];
+
+               switch(sig_alg)
+                       {
+#ifndef OPENSSL_NO_RSA
+                       case TLSEXT_signature_rsa:
+                       idx = SSL_PKEY_RSA_SIGN;
+                       break;
+#endif
+#ifndef OPENSSL_NO_DSA
+                       case TLSEXT_signature_dsa:
+                       idx = SSL_PKEY_DSA_SIGN;
+                       break;
+#endif
+#ifndef OPENSSL_NO_ECDSA
+                       case TLSEXT_signature_ecdsa:
+                       idx = SSL_PKEY_ECC;
+                       break;
+#endif
+                       default:
+                       continue;
+                       }
+
+               if (c->pkeys[idx].digest == NULL)
+                       {
+                       md = tls12_get_hash(hash_alg);
+                       if (md)
+                               {
+                               c->pkeys[idx].digest = md;
+                               if (idx == SSL_PKEY_RSA_SIGN)
+                                       c->pkeys[SSL_PKEY_RSA_ENC].digest = md;
+                               }
+                       }
+
                }
-       /* If session decrypt failure indicate a cache miss and set state to
-        * send a new ticket
-        */
-       tickerr:        
-       s->tlsext_ticket_expected = 1;
+
+
+       /* Set any remaining keys to default values. NOTE: if alg is not
+        * supported it stays as NULL.
+        */
+#ifndef OPENSSL_NO_DSA
+       if (!c->pkeys[SSL_PKEY_DSA_SIGN].digest)
+               c->pkeys[SSL_PKEY_DSA_SIGN].digest = EVP_sha1();
+#endif
+#ifndef OPENSSL_NO_RSA
+       if (!c->pkeys[SSL_PKEY_RSA_SIGN].digest)
+               {
+               c->pkeys[SSL_PKEY_RSA_SIGN].digest = EVP_sha1();
+               c->pkeys[SSL_PKEY_RSA_ENC].digest = EVP_sha1();
+               }
+#endif
+#ifndef OPENSSL_NO_ECDSA
+       if (!c->pkeys[SSL_PKEY_ECC].digest)
+               c->pkeys[SSL_PKEY_ECC].digest = EVP_sha1();
+#endif
+       return 1;
+       }
+
+#endif
+
+#ifndef OPENSSL_NO_HEARTBEATS
+int
+tls1_process_heartbeat(SSL *s)
+       {
+       unsigned char *p = &s->s3->rrec.data[0], *pl;
+       unsigned short hbtype;
+       unsigned int payload;
+       unsigned int padding = 16; /* Use minimum padding */
+
+       /* Read type and payload length first */
+       hbtype = *p++;
+       n2s(p, payload);
+       pl = p;
+
+       if (s->msg_callback)
+               s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT,
+                       &s->s3->rrec.data[0], s->s3->rrec.length,
+                       s, s->msg_callback_arg);
+
+       if (hbtype == TLS1_HB_REQUEST)
+               {
+               unsigned char *buffer, *bp;
+               int r;
+
+               /* Allocate memory for the response, size is 1 bytes
+                * message type, plus 2 bytes payload length, plus
+                * payload, plus padding
+                */
+               buffer = OPENSSL_malloc(1 + 2 + payload + padding);
+               bp = buffer;
+               
+               /* Enter response type, length and copy payload */
+               *bp++ = TLS1_HB_RESPONSE;
+               s2n(payload, bp);
+               memcpy(bp, pl, payload);
+               bp += payload;
+               /* Random padding */
+               RAND_pseudo_bytes(bp, padding);
+
+               r = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding);
+
+               if (r >= 0 && s->msg_callback)
+                       s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+                               buffer, 3 + payload + padding,
+                               s, s->msg_callback_arg);
+
+               OPENSSL_free(buffer);
+
+               if (r < 0)
+                       return r;
+               }
+       else if (hbtype == TLS1_HB_RESPONSE)
+               {
+               unsigned int seq;
+               
+               /* We only send sequence numbers (2 bytes unsigned int),
+                * and 16 random bytes, so we just try to read the
+                * sequence number */
+               n2s(pl, seq);
+               
+               if (payload == 18 && seq == s->tlsext_hb_seq)
+                       {
+                       s->tlsext_hb_seq++;
+                       s->tlsext_hb_pending = 0;
+                       }
+               }
+
        return 0;
        }
 
+int
+tls1_heartbeat(SSL *s)
+       {
+       unsigned char *buf, *p;
+       int ret;
+       unsigned int payload = 18; /* Sequence number + random bytes */
+       unsigned int padding = 16; /* Use minimum padding */
+
+       /* Only send if peer supports and accepts HB requests... */
+       if (!(s->tlsext_heartbeat & SSL_TLSEXT_HB_ENABLED) ||
+           s->tlsext_heartbeat & SSL_TLSEXT_HB_DONT_SEND_REQUESTS)
+               {
+               SSLerr(SSL_F_TLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT);
+               return -1;
+               }
+
+       /* ...and there is none in flight yet... */
+       if (s->tlsext_hb_pending)
+               {
+               SSLerr(SSL_F_TLS1_HEARTBEAT,SSL_R_TLS_HEARTBEAT_PENDING);
+               return -1;
+               }
+               
+       /* ...and no handshake in progress. */
+       if (SSL_in_init(s) || s->in_handshake)
+               {
+               SSLerr(SSL_F_TLS1_HEARTBEAT,SSL_R_UNEXPECTED_MESSAGE);
+               return -1;
+               }
+               
+       /* Check if padding is too long, payload and padding
+        * must not exceed 2^14 - 3 = 16381 bytes in total.
+        */
+       OPENSSL_assert(payload + padding <= 16381);
+
+       /* Create HeartBeat message, we just use a sequence number
+        * as payload to distuingish different messages and add
+        * some random stuff.
+        *  - Message Type, 1 byte
+        *  - Payload Length, 2 bytes (unsigned int)
+        *  - Payload, the sequence number (2 bytes uint)
+        *  - Payload, random bytes (16 bytes uint)
+        *  - Padding
+        */
+       buf = OPENSSL_malloc(1 + 2 + payload + padding);
+       p = buf;
+       /* Message Type */
+       *p++ = TLS1_HB_REQUEST;
+       /* Payload length (18 bytes here) */
+       s2n(payload, p);
+       /* Sequence number */
+       s2n(s->tlsext_hb_seq, p);
+       /* 16 random bytes */
+       RAND_pseudo_bytes(p, 16);
+       p += 16;
+       /* Random padding */
+       RAND_pseudo_bytes(p, padding);
+
+       ret = ssl3_write_bytes(s, TLS1_RT_HEARTBEAT, buf, 3 + payload + padding);
+       if (ret >= 0)
+               {
+               if (s->msg_callback)
+                       s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT,
+                               buf, 3 + payload + padding,
+                               s, s->msg_callback_arg);
+
+               s->tlsext_hb_pending = 1;
+               }
+               
+       OPENSSL_free(buf);
+
+       return ret;
+       }
 #endif

diff --git a/deps/openssl/openssl/ssl/t1_meth.c b/deps/openssl/openssl/ssl/t1_meth.c
index 6ce7c0b..53c807d 100644 (file)
--- a/deps/openssl/openssl/ssl/t1_meth.c
+++ b/deps/openssl/openssl/ssl/t1_meth.c
@@ -60,16 +60,28 @@
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 
-static const SSL_METHOD *tls1_get_method(int ver);
 static const SSL_METHOD *tls1_get_method(int ver)
        {
+       if (ver == TLS1_2_VERSION)
+               return TLSv1_2_method();
+       if (ver == TLS1_1_VERSION)
+               return TLSv1_1_method();
        if (ver == TLS1_VERSION)
-               return(TLSv1_method());
-       else
-               return(NULL);
+               return TLSv1_method();
+       return NULL;
        }
 
-IMPLEMENT_tls1_meth_func(TLSv1_method,
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_method,
+                       ssl3_accept,
+                       ssl3_connect,
+                       tls1_get_method)
+
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_method,
+                       ssl3_accept,
+                       ssl3_connect,
+                       tls1_get_method)
+
+IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_method,
                        ssl3_accept,
                        ssl3_connect,
                        tls1_get_method)

diff --git a/deps/openssl/openssl/ssl/t1_srvr.c b/deps/openssl/openssl/ssl/t1_srvr.c
index 42525e9..f1d1565 100644 (file)
--- a/deps/openssl/openssl/ssl/t1_srvr.c
+++ b/deps/openssl/openssl/ssl/t1_srvr.c
@@ -67,13 +67,26 @@
 static const SSL_METHOD *tls1_get_server_method(int ver);
 static const SSL_METHOD *tls1_get_server_method(int ver)
        {
+       if (ver == TLS1_2_VERSION)
+               return TLSv1_2_server_method();
+       if (ver == TLS1_1_VERSION)
+               return TLSv1_1_server_method();
        if (ver == TLS1_VERSION)
-               return(TLSv1_server_method());
-       else
-               return(NULL);
+               return TLSv1_server_method();
+       return NULL;
        }
 
-IMPLEMENT_tls1_meth_func(TLSv1_server_method,
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, TLSv1_2_server_method,
+                       ssl3_accept,
+                       ssl_undefined_function,
+                       tls1_get_server_method)
+
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, TLSv1_1_server_method,
+                       ssl3_accept,
+                       ssl_undefined_function,
+                       tls1_get_server_method)
+
+IMPLEMENT_tls_meth_func(TLS1_VERSION, TLSv1_server_method,
                        ssl3_accept,
                        ssl_undefined_function,
                        tls1_get_server_method)

diff --git a/deps/openssl/openssl/ssl/tls1.h b/deps/openssl/openssl/ssl/tls1.h
index 71f9722..c39c267 100644 (file)
--- a/deps/openssl/openssl/ssl/tls1.h
+++ b/deps/openssl/openssl/ssl/tls1.h
@@ -159,10 +159,24 @@ extern "C" {
 
 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES   0
 
+#define TLS1_2_VERSION                 0x0303
+#define TLS1_2_VERSION_MAJOR           0x03
+#define TLS1_2_VERSION_MINOR           0x03
+
+#define TLS1_1_VERSION                 0x0302
+#define TLS1_1_VERSION_MAJOR           0x03
+#define TLS1_1_VERSION_MINOR           0x02
+
 #define TLS1_VERSION                   0x0301
 #define TLS1_VERSION_MAJOR             0x03
 #define TLS1_VERSION_MINOR             0x01
 
+#define TLS1_get_version(s) \
+               ((s->version >> 8) == TLS1_VERSION_MAJOR ? s->version : 0)
+
+#define TLS1_get_client_version(s) \
+               ((s->client_version >> 8) == TLS1_VERSION_MAJOR ? s->client_version : 0)
+
 #define TLS1_AD_DECRYPTION_FAILED      21
 #define TLS1_AD_RECORD_OVERFLOW                22
 #define TLS1_AD_UNKNOWN_CA             48      /* fatal */
@@ -183,17 +197,42 @@ extern "C" {
 #define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
 #define TLS1_AD_UNKNOWN_PSK_IDENTITY   115     /* fatal */
 
-/* ExtensionType values from RFC3546 / RFC4366 */
+/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
 #define TLSEXT_TYPE_server_name                        0
 #define TLSEXT_TYPE_max_fragment_length                1
 #define TLSEXT_TYPE_client_certificate_url     2
 #define TLSEXT_TYPE_trusted_ca_keys            3
 #define TLSEXT_TYPE_truncated_hmac             4
 #define TLSEXT_TYPE_status_request             5
+/* ExtensionType values from RFC4681 */
+#define TLSEXT_TYPE_user_mapping               6
+
+/* ExtensionType values from RFC5878 */
+#define TLSEXT_TYPE_client_authz               7
+#define TLSEXT_TYPE_server_authz               8
+
+/* ExtensionType values from RFC6091 */
+#define TLSEXT_TYPE_cert_type          9
+
 /* ExtensionType values from RFC4492 */
 #define TLSEXT_TYPE_elliptic_curves            10
 #define TLSEXT_TYPE_ec_point_formats           11
+
+/* ExtensionType value from RFC5054 */
+#define TLSEXT_TYPE_srp                                12
+
+/* ExtensionType values from RFC5246 */
+#define TLSEXT_TYPE_signature_algorithms       13
+
+/* ExtensionType value from RFC5764 */
+#define TLSEXT_TYPE_use_srtp   14
+
+/* ExtensionType value from RFC5620 */
+#define TLSEXT_TYPE_heartbeat  15
+
+/* ExtensionType value from RFC4507 */
 #define TLSEXT_TYPE_session_ticket             35
+
 /* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
 #if 0 /* will have to be provided externally for now ,
        * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
@@ -221,12 +260,34 @@ extern "C" {
 #define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2 2
 #define TLSEXT_ECPOINTFORMAT_last                      2
 
+/* Signature and hash algorithms from RFC 5246 */
+
+#define TLSEXT_signature_anonymous                     0
+#define TLSEXT_signature_rsa                           1
+#define TLSEXT_signature_dsa                           2
+#define TLSEXT_signature_ecdsa                         3
+
+#define TLSEXT_hash_none                               0
+#define TLSEXT_hash_md5                                        1
+#define TLSEXT_hash_sha1                               2
+#define TLSEXT_hash_sha224                             3
+#define TLSEXT_hash_sha256                             4
+#define TLSEXT_hash_sha384                             5
+#define TLSEXT_hash_sha512                             6
+
 #ifndef OPENSSL_NO_TLSEXT
 
 #define TLSEXT_MAXLEN_host_name 255
 
-const char *SSL_get_servername(const SSL *s, const int type) ;
-int SSL_get_servername_type(const SSL *s) ;
+const char *SSL_get_servername(const SSL *s, const int type);
+int SSL_get_servername_type(const SSL *s);
+/* SSL_export_keying_material exports a value derived from the master secret,
+ * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
+ * optional context. (Since a zero length context is allowed, the |use_context|
+ * flag controls whether a context is included.)
+ *
+ * It returns 1 on success and zero otherwise.
+ */
 int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
        const char *label, size_t llen, const unsigned char *p, size_t plen,
        int use_context);
@@ -293,6 +354,16 @@ SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG, 0, arg)
 #define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
 SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 
+#ifndef OPENSSL_NO_HEARTBEATS
+#define SSL_TLSEXT_HB_ENABLED                          0x01
+#define SSL_TLSEXT_HB_DONT_SEND_REQUESTS       0x02
+#define SSL_TLSEXT_HB_DONT_RECV_REQUESTS       0x04
+
+#define SSL_get_tlsext_heartbeat_pending(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING,0,NULL)
+#define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
+        SSL_ctrl((ssl),SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
+#endif
 #endif
 
 /* PSK ciphersuites from 4279 */
@@ -330,6 +401,14 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA               0x03000039
 #define TLS1_CK_ADH_WITH_AES_256_SHA                   0x0300003A
 
+/* TLS v1.2 ciphersuites */
+#define TLS1_CK_RSA_WITH_NULL_SHA256                   0x0300003B
+#define TLS1_CK_RSA_WITH_AES_128_SHA256                        0x0300003C
+#define TLS1_CK_RSA_WITH_AES_256_SHA256                        0x0300003D
+#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256             0x0300003E
+#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256             0x0300003F
+#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256            0x03000040
+
 /* Camellia ciphersuites from RFC4132 */
 #define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA          0x03000041
 #define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA       0x03000042
@@ -338,6 +417,16 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA      0x03000045
 #define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA          0x03000046
 
+/* TLS v1.2 ciphersuites */
+#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256            0x03000067
+#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256             0x03000068
+#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256             0x03000069
+#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256            0x0300006A
+#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256            0x0300006B
+#define TLS1_CK_ADH_WITH_AES_128_SHA256                        0x0300006C
+#define TLS1_CK_ADH_WITH_AES_256_SHA256                        0x0300006D
+
+/* Camellia ciphersuites from RFC4132 */
 #define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA          0x03000084
 #define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA       0x03000085
 #define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA       0x03000086
@@ -353,6 +442,20 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
 #define TLS1_CK_ADH_WITH_SEED_SHA                      0x0300009B
 
+/* TLS v1.2 GCM ciphersuites from RFC5288 */
+#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256            0x0300009C
+#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384            0x0300009D
+#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256                0x0300009E
+#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384                0x0300009F
+#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256         0x030000A0
+#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384         0x030000A1
+#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256                0x030000A2
+#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384                0x030000A3
+#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256         0x030000A4
+#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384         0x030000A5
+#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256            0x030000A6
+#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384            0x030000A7
+
 /* ECC ciphersuites from draft-ietf-tls-ecc-12.txt with changes soon to be in draft 13 */
 #define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
 #define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
@@ -384,6 +487,38 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
 #define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
 
+/* SRP ciphersuites from RFC 5054 */
+#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA          0x0300C01A
+#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA      0x0300C01B
+#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA      0x0300C01C
+#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA           0x0300C01D
+#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA       0x0300C01E
+#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA       0x0300C01F
+#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA           0x0300C020
+#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA       0x0300C021
+#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA       0x0300C022
+
+/* ECDH HMAC based ciphersuites from RFC5289 */
+
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256         0x0300C023
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384         0x0300C024
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256          0x0300C025
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384          0x0300C026
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256           0x0300C027
+#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384           0x0300C028
+#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256            0x0300C029
+#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384            0x0300C02A
+
+/* ECDH GCM based ciphersuites from RFC5289 */
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    0x0300C02B
+#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    0x0300C02C
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256      0x0300C02D
+#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384      0x0300C02E
+#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256       0x0300C02F
+#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384       0x0300C030
+#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
+#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
+
 /* XXX
  * Inconsistency alert:
  * The OpenSSL names of ciphers with ephemeral DH here include the string
@@ -451,6 +586,17 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA              "PSK-AES128-CBC-SHA"
 #define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA              "PSK-AES256-CBC-SHA"
 
+/* SRP ciphersuite from RFC 5054 */
+#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA         "SRP-3DES-EDE-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA     "SRP-RSA-3DES-EDE-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA     "SRP-DSS-3DES-EDE-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA          "SRP-AES-128-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA      "SRP-RSA-AES-128-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA      "SRP-DSS-AES-128-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA          "SRP-AES-256-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA      "SRP-RSA-AES-256-CBC-SHA"
+#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA      "SRP-DSS-AES-256-CBC-SHA"
+
 /* Camellia ciphersuites from RFC4132 */
 #define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA         "CAMELLIA128-SHA"
 #define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA      "DH-DSS-CAMELLIA128-SHA"
@@ -474,6 +620,55 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
 #define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
 
+/* TLS v1.2 ciphersuites */
+#define TLS1_TXT_RSA_WITH_NULL_SHA256                  "NULL-SHA256"
+#define TLS1_TXT_RSA_WITH_AES_128_SHA256               "AES128-SHA256"
+#define TLS1_TXT_RSA_WITH_AES_256_SHA256               "AES256-SHA256"
+#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256            "DH-DSS-AES128-SHA256"
+#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256            "DH-RSA-AES128-SHA256"
+#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256           "DHE-DSS-AES128-SHA256"
+#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256           "DHE-RSA-AES128-SHA256"
+#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256            "DH-DSS-AES256-SHA256"
+#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256            "DH-RSA-AES256-SHA256"
+#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256           "DHE-DSS-AES256-SHA256"
+#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256           "DHE-RSA-AES256-SHA256"
+#define TLS1_TXT_ADH_WITH_AES_128_SHA256               "ADH-AES128-SHA256"
+#define TLS1_TXT_ADH_WITH_AES_256_SHA256               "ADH-AES256-SHA256"
+
+/* TLS v1.2 GCM ciphersuites from RFC5288 */
+#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256           "AES128-GCM-SHA256"
+#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384           "AES256-GCM-SHA384"
+#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256       "DHE-RSA-AES128-GCM-SHA256"
+#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384       "DHE-RSA-AES256-GCM-SHA384"
+#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256                "DH-RSA-AES128-GCM-SHA256"
+#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384                "DH-RSA-AES256-GCM-SHA384"
+#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256       "DHE-DSS-AES128-GCM-SHA256"
+#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384       "DHE-DSS-AES256-GCM-SHA384"
+#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256                "DH-DSS-AES128-GCM-SHA256"
+#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384                "DH-DSS-AES256-GCM-SHA384"
+#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256           "ADH-AES128-GCM-SHA256"
+#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384           "ADH-AES256-GCM-SHA384"
+
+/* ECDH HMAC based ciphersuites from RFC5289 */
+
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384     "ECDH-ECDSA-AES256-SHA384"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256      "ECDHE-RSA-AES128-SHA256"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384      "ECDHE-RSA-AES256-SHA384"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256       "ECDH-RSA-AES128-SHA256"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384       "ECDH-RSA-AES256-SHA384"
+
+/* ECDH GCM based ciphersuites from RFC5289 */
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "ECDHE-ECDSA-AES128-GCM-SHA256"
+#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "ECDHE-ECDSA-AES256-GCM-SHA384"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256     "ECDH-ECDSA-AES128-GCM-SHA256"
+#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384     "ECDH-ECDSA-AES256-GCM-SHA384"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "ECDHE-RSA-AES128-GCM-SHA256"
+#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "ECDHE-RSA-AES256-GCM-SHA384"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
+#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
 
 #define TLS_CT_RSA_SIGN                        1
 #define TLS_CT_DSS_SIGN                        2

diff --git a/deps/openssl/openssl/util/copy.pl b/deps/openssl/openssl/util/copy.pl
index e20b455..eba6d58 100644 (file)
--- a/deps/openssl/openssl/util/copy.pl
+++ b/deps/openssl/openssl/util/copy.pl
@@ -8,9 +8,16 @@ use Fcntl;
 # Perl script 'copy' comment. On Windows the built in "copy" command also
 # copies timestamps: this messes up Makefile dependencies.
 
+my $stripcr = 0;
+
 my $arg;
 
 foreach $arg (@ARGV) {
+       if ($arg eq "-stripcr")
+               {
+               $stripcr = 1;
+               next;
+               }
        $arg =~ s|\\|/|g;       # compensate for bug/feature in cygwin glob...
        foreach (glob $arg)
                {
@@ -49,6 +56,10 @@ foreach (@filelist)
                                        || die "Can't Open $dfile";
        while (sysread IN, $buf, 10240)
                {
+               if ($stripcr)
+                       {
+                       $buf =~ tr/\015//d;
+                       }
                syswrite(OUT, $buf, length($buf));
                }
        close(IN);

diff --git a/deps/openssl/openssl/util/cygwin.sh b/deps/openssl/openssl/util/cygwin.sh
index d622852..cfdb04d 100755 (executable)
--- a/deps/openssl/openssl/util/cygwin.sh
+++ b/deps/openssl/openssl/util/cygwin.sh
@@ -11,6 +11,7 @@ CONFIG_OPTIONS="--prefix=/usr shared zlib no-idea no-rc5"
 INSTALL_PREFIX=/tmp/install/INSTALL
 
 VERSION=
+SHLIB_VERSION_NUMBER=
 SUBVERSION=$1
 
 function cleanup()
@@ -28,6 +29,13 @@ function get_openssl_version()
     echo "       Check value of variable VERSION in Makefile."
     exit 1
   fi
+  eval `grep '^SHLIB_VERSION_NUMBER=' Makefile`
+  if [ -z "${SHLIB_VERSION_NUMBER}" ]
+  then
+    echo "Error: Couldn't retrieve OpenSSL shared lib version from Makefile."
+    echo " Check value of variable SHLIB_VERSION_NUMBER in Makefile."
+    exit 1
+  fi
 }
 
 function base_install()
@@ -124,7 +132,7 @@ strip usr/bin/*.exe usr/bin/*.dll usr/lib/engines/*.so
 chmod u-w usr/lib/engines/*.so
 
 # Runtime package
-tar cjf libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 \
+tar cjf libopenssl${SHLIB_VERSION_NUMBER//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2 \
      usr/bin/cyg*dll
 # Base package
 find etc usr/bin/openssl.exe usr/bin/c_rehash usr/lib/engines usr/share/doc \
@@ -139,7 +147,7 @@ tar cjfT openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2 -
 
 ls -l openssl-${VERSION}-${SUBVERSION}.tar.bz2
 ls -l openssl-devel-${VERSION}-${SUBVERSION}.tar.bz2
-ls -l libopenssl${VERSION//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2
+ls -l libopenssl${SHLIB_VERSION_NUMBER//[!0-9]/}-${VERSION}-${SUBVERSION}.tar.bz2
 
 cleanup
 

diff --git a/deps/openssl/openssl/util/libeay.num b/deps/openssl/openssl/util/libeay.num
index b23619f..6debdb6 100755 (executable)
--- a/deps/openssl/openssl/util/libeay.num
+++ b/deps/openssl/openssl/util/libeay.num
@@ -1050,7 +1050,7 @@ ASN1_TYPE_get_octetstring               1077      EXIST::FUNCTION:
 ASN1_TYPE_set_int_octetstring           1078   EXIST::FUNCTION:
 ASN1_TYPE_set_octetstring               1079   EXIST::FUNCTION:
 ASN1_UTCTIME_set_string                 1080   EXIST::FUNCTION:
-ERR_add_error_data                      1081   EXIST::FUNCTION:BIO
+ERR_add_error_data                      1081   EXIST::FUNCTION:
 ERR_set_error_data                      1082   EXIST::FUNCTION:
 EVP_CIPHER_asn1_to_param                1083   EXIST::FUNCTION:
 EVP_CIPHER_param_to_asn1                1084   EXIST::FUNCTION:
@@ -2808,7 +2808,7 @@ FIPS_corrupt_rsa                        3249      NOEXIST::FUNCTION:
 FIPS_selftest_des                       3250   NOEXIST::FUNCTION:
 EVP_aes_128_cfb1                        3251   EXIST::FUNCTION:AES
 EVP_aes_192_cfb8                        3252   EXIST::FUNCTION:AES
-FIPS_mode_set                           3253   NOEXIST::FUNCTION:
+FIPS_mode_set                           3253   EXIST::FUNCTION:
 FIPS_selftest_dsa                       3254   NOEXIST::FUNCTION:
 EVP_aes_256_cfb8                        3255   EXIST::FUNCTION:AES
 FIPS_allow_md5                          3256   NOEXIST::FUNCTION:
@@ -2838,23 +2838,23 @@ AES_cfb1_encrypt                        3279    EXIST::FUNCTION:AES
 EVP_des_ede3_cfb1                       3280   EXIST::FUNCTION:DES
 FIPS_rand_check                         3281   NOEXIST::FUNCTION:
 FIPS_md5_allowed                        3282   NOEXIST::FUNCTION:
-FIPS_mode                               3283   NOEXIST::FUNCTION:
+FIPS_mode                               3283   EXIST::FUNCTION:
 FIPS_selftest_failed                    3284   NOEXIST::FUNCTION:
 sk_is_sorted                            3285   EXIST::FUNCTION:
 X509_check_ca                           3286   EXIST::FUNCTION:
-private_idea_set_encrypt_key            3287   NOEXIST::FUNCTION:
+private_idea_set_encrypt_key            3287   EXIST:OPENSSL_FIPS:FUNCTION:IDEA
 HMAC_CTX_set_flags                      3288   EXIST::FUNCTION:HMAC
-private_SHA_Init                        3289   NOEXIST::FUNCTION:
-private_CAST_set_key                    3290   NOEXIST::FUNCTION:
-private_RIPEMD160_Init                  3291   NOEXIST::FUNCTION:
+private_SHA_Init                        3289   EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA0
+private_CAST_set_key                    3290   EXIST:OPENSSL_FIPS:FUNCTION:CAST
+private_RIPEMD160_Init                  3291   EXIST:OPENSSL_FIPS:FUNCTION:RIPEMD
 private_RC5_32_set_key                  3292   NOEXIST::FUNCTION:
-private_MD5_Init                        3293   NOEXIST::FUNCTION:
-private_RC4_set_key                     3294   NOEXIST::FUNCTION:
-private_MDC2_Init                       3295   NOEXIST::FUNCTION:
-private_RC2_set_key                     3296   NOEXIST::FUNCTION:
-private_MD4_Init                        3297   NOEXIST::FUNCTION:
-private_BF_set_key                      3298   NOEXIST::FUNCTION:
-private_MD2_Init                        3299   NOEXIST::FUNCTION:
+private_MD5_Init                        3293   EXIST:OPENSSL_FIPS:FUNCTION:MD5
+private_RC4_set_key                     3294   EXIST::FUNCTION:RC4
+private_MDC2_Init                       3295   EXIST:OPENSSL_FIPS:FUNCTION:MDC2
+private_RC2_set_key                     3296   EXIST:OPENSSL_FIPS:FUNCTION:RC2
+private_MD4_Init                        3297   EXIST:OPENSSL_FIPS:FUNCTION:MD4
+private_BF_set_key                      3298   EXIST:OPENSSL_FIPS:FUNCTION:BF
+private_MD2_Init                        3299   EXIST:OPENSSL_FIPS:FUNCTION:MD2
 d2i_PROXY_CERT_INFO_EXTENSION           3300   EXIST::FUNCTION:
 PROXY_POLICY_it                         3301   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
 PROXY_POLICY_it                         3301   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
@@ -2882,7 +2882,7 @@ RSA_verify_PKCS1_PSS                    3321      EXIST::FUNCTION:RSA
 RSA_padding_add_X931                    3322   EXIST::FUNCTION:RSA
 RSA_padding_add_PKCS1_PSS               3323   EXIST::FUNCTION:RSA
 PKCS1_MGF1                              3324   EXIST::FUNCTION:RSA
-BN_X931_generate_Xpq                    3325   NOEXIST::FUNCTION:
+BN_X931_generate_Xpq                    3325   EXIST::FUNCTION:
 RSA_X931_generate_key                   3326   NOEXIST::FUNCTION:
 BN_X931_derive_prime                    3327   NOEXIST::FUNCTION:
 BN_X931_generate_prime                  3328   NOEXIST::FUNCTION:
@@ -2906,7 +2906,7 @@ STORE_parse_attrs_start                 3343      NOEXIST::FUNCTION:
 POLICY_CONSTRAINTS_free                 3344   EXIST::FUNCTION:
 EVP_PKEY_add1_attr_by_NID               3345   EXIST::FUNCTION:
 BN_nist_mod_192                         3346   EXIST::FUNCTION:
-EC_GROUP_get_trinomial_basis            3347   EXIST::FUNCTION:EC
+EC_GROUP_get_trinomial_basis            3347   EXIST::FUNCTION:EC,EC2M
 STORE_set_method                        3348   NOEXIST::FUNCTION:
 GENERAL_SUBTREE_free                    3349   EXIST::FUNCTION:
 NAME_CONSTRAINTS_it                     3350   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
@@ -2921,14 +2921,14 @@ SHA512_Update                           3356    EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 i2d_ECPrivateKey                        3357   EXIST::FUNCTION:EC
 BN_get0_nist_prime_192                  3358   EXIST::FUNCTION:
 STORE_modify_certificate                3359   NOEXIST::FUNCTION:
-EC_POINT_set_affine_coordinates_GF2m    3360   EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_affine_coords_GF2m         3360   EXIST:VMS:FUNCTION:EC
-BN_GF2m_mod_exp_arr                     3361   EXIST::FUNCTION:
+EC_POINT_set_affine_coordinates_GF2m    3360   EXIST:!VMS:FUNCTION:EC,EC2M
+EC_POINT_set_affine_coords_GF2m         3360   EXIST:VMS:FUNCTION:EC,EC2M
+BN_GF2m_mod_exp_arr                     3361   EXIST::FUNCTION:EC2M
 STORE_ATTR_INFO_modify_number           3362   NOEXIST::FUNCTION:
 X509_keyid_get0                         3363   EXIST::FUNCTION:
 ENGINE_load_gmp                         3364   EXIST::FUNCTION:ENGINE,GMP,STATIC_ENGINE
 pitem_new                               3365   EXIST::FUNCTION:
-BN_GF2m_mod_mul_arr                     3366   EXIST::FUNCTION:
+BN_GF2m_mod_mul_arr                     3366   EXIST::FUNCTION:EC2M
 STORE_list_public_key_endp              3367   NOEXIST::FUNCTION:
 o2i_ECPublicKey                         3368   EXIST::FUNCTION:EC
 EC_KEY_copy                             3369   EXIST::FUNCTION:EC
@@ -2945,7 +2945,7 @@ X509_VERIFY_PARAM_inherit               3378      EXIST::FUNCTION:
 EC_POINT_point2bn                       3379   EXIST::FUNCTION:EC
 STORE_ATTR_INFO_set_dn                  3380   NOEXIST::FUNCTION:
 X509_policy_tree_get0_policies          3381   EXIST::FUNCTION:
-EC_GROUP_new_curve_GF2m                 3382   EXIST::FUNCTION:EC
+EC_GROUP_new_curve_GF2m                 3382   EXIST::FUNCTION:EC,EC2M
 STORE_destroy_method                    3383   NOEXIST::FUNCTION:
 ENGINE_unregister_STORE                 3384   EXIST::FUNCTION:ENGINE
 EVP_PKEY_get1_EC_KEY                    3385   EXIST::FUNCTION:EC
@@ -2961,7 +2961,7 @@ ENGINE_get_static_state                 3393      EXIST::FUNCTION:ENGINE
 pqueue_iterator                         3394   EXIST::FUNCTION:
 ECDSA_SIG_new                           3395   EXIST::FUNCTION:ECDSA
 OPENSSL_DIR_end                         3396   EXIST::FUNCTION:
-BN_GF2m_mod_sqr                         3397   EXIST::FUNCTION:
+BN_GF2m_mod_sqr                         3397   EXIST::FUNCTION:EC2M
 EC_POINT_bn2point                       3398   EXIST::FUNCTION:EC
 X509_VERIFY_PARAM_set_depth             3399   EXIST::FUNCTION:
 EC_KEY_set_asn1_flag                    3400   EXIST::FUNCTION:EC
@@ -2974,7 +2974,7 @@ EC_GROUP_get_point_conv_form            3405      EXIST:VMS:FUNCTION:EC
 STORE_method_set_store_function         3406   NOEXIST::FUNCTION:
 STORE_ATTR_INFO_in                      3407   NOEXIST::FUNCTION:
 PEM_read_bio_ECPKParameters             3408   EXIST::FUNCTION:EC
-EC_GROUP_get_pentanomial_basis          3409   EXIST::FUNCTION:EC
+EC_GROUP_get_pentanomial_basis          3409   EXIST::FUNCTION:EC,EC2M
 EVP_PKEY_add1_attr_by_txt               3410   EXIST::FUNCTION:
 BN_BLINDING_set_flags                   3411   EXIST::FUNCTION:
 X509_VERIFY_PARAM_set1_policies         3412   EXIST::FUNCTION:
@@ -2982,10 +2982,10 @@ X509_VERIFY_PARAM_set1_name             3413    EXIST::FUNCTION:
 X509_VERIFY_PARAM_set_purpose           3414   EXIST::FUNCTION:
 STORE_get_number                        3415   NOEXIST::FUNCTION:
 ECDSA_sign_setup                        3416   EXIST::FUNCTION:ECDSA
-BN_GF2m_mod_solve_quad_arr              3417   EXIST::FUNCTION:
+BN_GF2m_mod_solve_quad_arr              3417   EXIST::FUNCTION:EC2M
 EC_KEY_up_ref                           3418   EXIST::FUNCTION:EC
 POLICY_MAPPING_free                     3419   EXIST::FUNCTION:
-BN_GF2m_mod_div                         3420   EXIST::FUNCTION:
+BN_GF2m_mod_div                         3420   EXIST::FUNCTION:EC2M
 X509_VERIFY_PARAM_set_flags             3421   EXIST::FUNCTION:
 EC_KEY_free                             3422   EXIST::FUNCTION:EC
 STORE_meth_set_list_next_fn             3423   NOEXIST::FUNCTION:
@@ -2999,7 +2999,7 @@ STORE_method_set_list_end_function      3427      NOEXIST::FUNCTION:
 pqueue_print                            3428   EXIST::FUNCTION:
 EC_GROUP_have_precompute_mult           3429   EXIST::FUNCTION:EC
 EC_KEY_print_fp                         3430   EXIST::FUNCTION:EC,FP_API
-BN_GF2m_mod_arr                         3431   EXIST::FUNCTION:
+BN_GF2m_mod_arr                         3431   EXIST::FUNCTION:EC2M
 PEM_write_bio_X509_CERT_PAIR            3432   EXIST::FUNCTION:
 EVP_PKEY_cmp                            3433   EXIST::FUNCTION:
 X509_policy_level_node_count            3434   EXIST::FUNCTION:
@@ -3020,7 +3020,7 @@ X509_policy_node_get0_qualifiers        3448      EXIST:!VMS:FUNCTION:
 X509_pcy_node_get0_qualifiers           3448   EXIST:VMS:FUNCTION:
 STORE_list_crl_end                      3449   NOEXIST::FUNCTION:
 EVP_PKEY_set1_EC_KEY                    3450   EXIST::FUNCTION:EC
-BN_GF2m_mod_sqrt_arr                    3451   EXIST::FUNCTION:
+BN_GF2m_mod_sqrt_arr                    3451   EXIST::FUNCTION:EC2M
 i2d_ECPrivateKey_bio                    3452   EXIST::FUNCTION:BIO,EC
 ECPKParameters_print_fp                 3453   EXIST::FUNCTION:EC,FP_API
 pqueue_find                             3454   EXIST::FUNCTION:
@@ -3037,7 +3037,7 @@ PKCS12_add_safes                        3464      EXIST::FUNCTION:
 BN_BLINDING_convert_ex                  3465   EXIST::FUNCTION:
 X509_policy_tree_free                   3466   EXIST::FUNCTION:
 OPENSSL_ia32cap_loc                     3467   EXIST::FUNCTION:
-BN_GF2m_poly2arr                        3468   EXIST::FUNCTION:
+BN_GF2m_poly2arr                        3468   EXIST::FUNCTION:EC2M
 STORE_ctrl                              3469   NOEXIST::FUNCTION:
 STORE_ATTR_INFO_compare                 3470   NOEXIST::FUNCTION:
 BN_get0_nist_prime_224                  3471   EXIST::FUNCTION:
@@ -3061,7 +3061,7 @@ STORE_method_set_delete_function        3486      NOEXIST::FUNCTION:
 STORE_list_certificate_next             3487   NOEXIST::FUNCTION:
 ASN1_generate_nconf                     3488   EXIST::FUNCTION:
 BUF_memdup                              3489   EXIST::FUNCTION:
-BN_GF2m_mod_mul                         3490   EXIST::FUNCTION:
+BN_GF2m_mod_mul                         3490   EXIST::FUNCTION:EC2M
 STORE_meth_get_list_next_fn             3491   NOEXIST::FUNCTION:
 STORE_method_get_list_next_function     3491   NOEXIST::FUNCTION:
 STORE_ATTR_INFO_get0_dn                 3492   NOEXIST::FUNCTION:
@@ -3072,7 +3072,7 @@ STORE_ATTR_INFO_free                    3496      NOEXIST::FUNCTION:
 STORE_get_private_key                   3497   NOEXIST::FUNCTION:
 EVP_PKEY_get_attr_count                 3498   EXIST::FUNCTION:
 STORE_ATTR_INFO_new                     3499   NOEXIST::FUNCTION:
-EC_GROUP_get_curve_GF2m                 3500   EXIST::FUNCTION:EC
+EC_GROUP_get_curve_GF2m                 3500   EXIST::FUNCTION:EC,EC2M
 STORE_meth_set_revoke_fn                3501   NOEXIST::FUNCTION:
 STORE_method_set_revoke_function        3501   NOEXIST::FUNCTION:
 STORE_store_number                      3502   NOEXIST::FUNCTION:
@@ -3088,7 +3088,7 @@ BIO_dump_indent_fp                      3511      EXIST::FUNCTION:FP_API
 EC_KEY_set_group                        3512   EXIST::FUNCTION:EC
 BUF_strndup                             3513   EXIST::FUNCTION:
 STORE_list_certificate_start            3514   NOEXIST::FUNCTION:
-BN_GF2m_mod                             3515   EXIST::FUNCTION:
+BN_GF2m_mod                             3515   EXIST::FUNCTION:EC2M
 X509_REQ_check_private_key              3516   EXIST::FUNCTION:
 EC_GROUP_get_seed_len                   3517   EXIST::FUNCTION:EC
 ERR_load_STORE_strings                  3518   NOEXIST::FUNCTION:
@@ -3117,19 +3117,19 @@ STORE_method_set_get_function           3536    NOEXIST::FUNCTION:
 STORE_modify_number                     3537   NOEXIST::FUNCTION:
 STORE_method_get_store_function         3538   NOEXIST::FUNCTION:
 STORE_store_private_key                 3539   NOEXIST::FUNCTION:
-BN_GF2m_mod_sqr_arr                     3540   EXIST::FUNCTION:
+BN_GF2m_mod_sqr_arr                     3540   EXIST::FUNCTION:EC2M
 RSA_setup_blinding                      3541   EXIST::FUNCTION:RSA
 BIO_s_datagram                          3542   EXIST::FUNCTION:DGRAM
 STORE_Memory                            3543   NOEXIST::FUNCTION:
 sk_find_ex                              3544   EXIST::FUNCTION:
-EC_GROUP_set_curve_GF2m                 3545   EXIST::FUNCTION:EC
+EC_GROUP_set_curve_GF2m                 3545   EXIST::FUNCTION:EC,EC2M
 ENGINE_set_default_ECDSA                3546   EXIST::FUNCTION:ENGINE
 POLICY_CONSTRAINTS_new                  3547   EXIST::FUNCTION:
-BN_GF2m_mod_sqrt                        3548   EXIST::FUNCTION:
+BN_GF2m_mod_sqrt                        3548   EXIST::FUNCTION:EC2M
 ECDH_set_default_method                 3549   EXIST::FUNCTION:ECDH
 EC_KEY_generate_key                     3550   EXIST::FUNCTION:EC
 SHA384_Update                           3551   EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-BN_GF2m_arr2poly                        3552   EXIST::FUNCTION:
+BN_GF2m_arr2poly                        3552   EXIST::FUNCTION:EC2M
 STORE_method_get_get_function           3553   NOEXIST::FUNCTION:
 STORE_meth_set_cleanup_fn               3554   NOEXIST::FUNCTION:
 STORE_method_set_cleanup_function       3554   NOEXIST::FUNCTION:
@@ -3154,7 +3154,7 @@ EC_GROUP_get_degree                     3570      EXIST::FUNCTION:EC
 ASN1_generate_v3                        3571   EXIST::FUNCTION:
 STORE_ATTR_INFO_modify_cstr             3572   NOEXIST::FUNCTION:
 X509_policy_tree_level_count            3573   EXIST::FUNCTION:
-BN_GF2m_add                             3574   EXIST::FUNCTION:
+BN_GF2m_add                             3574   EXIST::FUNCTION:EC2M
 EC_KEY_get0_group                       3575   EXIST::FUNCTION:EC
 STORE_generate_crl                      3576   NOEXIST::FUNCTION:
 STORE_store_public_key                  3577   NOEXIST::FUNCTION:
@@ -3179,8 +3179,8 @@ STORE_store_certificate                 3593      NOEXIST::FUNCTION:
 OBJ_bsearch_ex                          3594   NOEXIST::FUNCTION:
 X509_STORE_CTX_set_default              3595   EXIST::FUNCTION:
 STORE_ATTR_INFO_set_sha1str             3596   NOEXIST::FUNCTION:
-BN_GF2m_mod_inv                         3597   EXIST::FUNCTION:
-BN_GF2m_mod_exp                         3598   EXIST::FUNCTION:
+BN_GF2m_mod_inv                         3597   EXIST::FUNCTION:EC2M
+BN_GF2m_mod_exp                         3598   EXIST::FUNCTION:EC2M
 STORE_modify_public_key                 3599   NOEXIST::FUNCTION:
 STORE_meth_get_list_start_fn            3600   NOEXIST::FUNCTION:
 STORE_method_get_list_start_function    3600   NOEXIST::FUNCTION:
@@ -3188,7 +3188,7 @@ EC_GROUP_get0_seed                      3601      EXIST::FUNCTION:EC
 STORE_store_arbitrary                   3602   NOEXIST::FUNCTION:
 STORE_meth_set_unlock_store_fn          3603   NOEXIST::FUNCTION:
 STORE_method_set_unlock_store_function  3603   NOEXIST::FUNCTION:
-BN_GF2m_mod_div_arr                     3604   EXIST::FUNCTION:
+BN_GF2m_mod_div_arr                     3604   EXIST::FUNCTION:EC2M
 ENGINE_set_ECDSA                        3605   EXIST::FUNCTION:ENGINE
 STORE_create_method                     3606   NOEXIST::FUNCTION:
 ECPKParameters_print                    3607   EXIST::FUNCTION:BIO,EC
@@ -3211,8 +3211,8 @@ EC_KEY_get_enc_flags                    3622      EXIST::FUNCTION:EC
 ASN1_const_check_infinite_end           3623   EXIST::FUNCTION:
 EVP_PKEY_delete_attr                    3624   EXIST::FUNCTION:
 ECDSA_set_default_method                3625   EXIST::FUNCTION:ECDSA
-EC_POINT_set_compressed_coordinates_GF2m 3626  EXIST:!VMS:FUNCTION:EC
-EC_POINT_set_compr_coords_GF2m          3626   EXIST:VMS:FUNCTION:EC
+EC_POINT_set_compressed_coordinates_GF2m 3626  EXIST:!VMS:FUNCTION:EC,EC2M
+EC_POINT_set_compr_coords_GF2m          3626   EXIST:VMS:FUNCTION:EC,EC2M
 EC_GROUP_cmp                            3627   EXIST::FUNCTION:EC
 STORE_revoke_certificate                3628   NOEXIST::FUNCTION:
 BN_get0_nist_prime_256                  3629   EXIST::FUNCTION:
@@ -3241,7 +3241,7 @@ POLICY_CONSTRAINTS_it                   3649      EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTI
 STORE_get_ex_new_index                  3650   NOEXIST::FUNCTION:
 EVP_PKEY_get_attr_by_OBJ                3651   EXIST::FUNCTION:
 X509_VERIFY_PARAM_add0_policy           3652   EXIST::FUNCTION:
-BN_GF2m_mod_solve_quad                  3653   EXIST::FUNCTION:
+BN_GF2m_mod_solve_quad                  3653   EXIST::FUNCTION:EC2M
 SHA256                                  3654   EXIST::FUNCTION:SHA,SHA256
 i2d_ECPrivateKey_fp                     3655   EXIST::FUNCTION:EC,FP_API
 X509_policy_tree_get0_user_policies     3656   EXIST:!VMS:FUNCTION:
@@ -3249,8 +3249,8 @@ X509_pcy_tree_get0_usr_policies         3656      EXIST:VMS:FUNCTION:
 OPENSSL_DIR_read                        3657   EXIST::FUNCTION:
 ENGINE_register_all_ECDSA               3658   EXIST::FUNCTION:ENGINE
 X509_VERIFY_PARAM_lookup                3659   EXIST::FUNCTION:
-EC_POINT_get_affine_coordinates_GF2m    3660   EXIST:!VMS:FUNCTION:EC
-EC_POINT_get_affine_coords_GF2m         3660   EXIST:VMS:FUNCTION:EC
+EC_POINT_get_affine_coordinates_GF2m    3660   EXIST:!VMS:FUNCTION:EC,EC2M
+EC_POINT_get_affine_coords_GF2m         3660   EXIST:VMS:FUNCTION:EC,EC2M
 EC_GROUP_dup                            3661   EXIST::FUNCTION:EC
 ENGINE_get_default_ECDSA                3662   EXIST::FUNCTION:ENGINE
 EC_KEY_new                              3663   EXIST::FUNCTION:EC
@@ -3332,7 +3332,7 @@ STORE_list_certificate_end              3734      NOEXIST::FUNCTION:
 STORE_get_crl                           3735   NOEXIST::FUNCTION:
 X509_POLICY_NODE_print                  3736   EXIST::FUNCTION:
 SHA384_Init                             3737   EXIST:!VMSVAX:FUNCTION:SHA,SHA512
-EC_GF2m_simple_method                   3738   EXIST::FUNCTION:EC
+EC_GF2m_simple_method                   3738   EXIST::FUNCTION:EC,EC2M
 ECDSA_set_ex_data                       3739   EXIST::FUNCTION:ECDSA
 SHA384_Final                            3740   EXIST:!VMSVAX:FUNCTION:SHA,SHA512
 PKCS7_set_digest                        3741   EXIST::FUNCTION:
@@ -3364,7 +3364,7 @@ BIO_dump_cb                             3764      EXIST::FUNCTION:
 SHA256_Update                           3765   EXIST::FUNCTION:SHA,SHA256
 pqueue_insert                           3766   EXIST::FUNCTION:
 pitem_free                              3767   EXIST::FUNCTION:
-BN_GF2m_mod_inv_arr                     3768   EXIST::FUNCTION:
+BN_GF2m_mod_inv_arr                     3768   EXIST::FUNCTION:EC2M
 ENGINE_unregister_ECDSA                 3769   EXIST::FUNCTION:ENGINE
 BN_BLINDING_set_thread_id               3770   EXIST::FUNCTION:DEPRECATED
 get_rfc3526_prime_8192                  3771   EXIST::FUNCTION:
@@ -3510,6 +3510,7 @@ BIO_get_callback_arg                    3902      EXIST::FUNCTION:
 BIO_set_callback                        3903   EXIST::FUNCTION:
 d2i_ASIdOrRange                         3904   EXIST::FUNCTION:RFC3779
 i2d_ASIdentifiers                       3905   EXIST::FUNCTION:RFC3779
+CRYPTO_memcmp                           3906   EXIST::FUNCTION:
 SEED_decrypt                            3908   EXIST::FUNCTION:SEED
 SEED_encrypt                            3909   EXIST::FUNCTION:SEED
 SEED_cbc_encrypt                        3910   EXIST::FUNCTION:SEED
@@ -3670,7 +3671,7 @@ int_EVP_MD_set_engine_callbacks         4056      NOEXIST::FUNCTION:
 int_CRYPTO_set_do_dynlock_callback      4057   NOEXIST::FUNCTION:
 FIPS_rng_stick                          4058   NOEXIST::FUNCTION:
 EVP_CIPHER_CTX_set_flags                4059   EXIST::FUNCTION:
-BN_X931_generate_prime_ex               4060   NOEXIST::FUNCTION:
+BN_X931_generate_prime_ex               4060   EXIST::FUNCTION:
 FIPS_selftest_check                     4061   NOEXIST::FUNCTION:
 FIPS_rand_set_dt                        4062   NOEXIST::FUNCTION:
 CRYPTO_dbg_pop_info                     4063   NOEXIST::FUNCTION:
@@ -3687,7 +3688,7 @@ FIPS_dh_new                             4073      NOEXIST::FUNCTION:
 FIPS_corrupt_dsa_keygen                 4074   NOEXIST::FUNCTION:
 FIPS_dh_free                            4075   NOEXIST::FUNCTION:
 fips_pkey_signature_test                4076   NOEXIST::FUNCTION:
-EVP_add_alg_module                      4077   NOEXIST::FUNCTION:
+EVP_add_alg_module                      4077   EXIST::FUNCTION:
 int_RAND_init_engine_callbacks          4078   NOEXIST::FUNCTION:
 int_EVP_CIPHER_set_engine_callbacks     4079   NOEXIST::FUNCTION:
 int_EVP_MD_init_engine_callbacks        4080   NOEXIST::FUNCTION:
@@ -3695,14 +3696,14 @@ FIPS_rand_test_mode                     4081    NOEXIST::FUNCTION:
 FIPS_rand_reset                         4082   NOEXIST::FUNCTION:
 FIPS_dsa_new                            4083   NOEXIST::FUNCTION:
 int_RAND_set_callbacks                  4084   NOEXIST::FUNCTION:
-BN_X931_derive_prime_ex                 4085   NOEXIST::FUNCTION:
+BN_X931_derive_prime_ex                 4085   EXIST::FUNCTION:
 int_ERR_lib_init                        4086   NOEXIST::FUNCTION:
 int_EVP_CIPHER_init_engine_callbacks    4087   NOEXIST::FUNCTION:
 FIPS_rsa_free                           4088   NOEXIST::FUNCTION:
 FIPS_dsa_sig_encode                     4089   NOEXIST::FUNCTION:
 CRYPTO_dbg_remove_all_info              4090   NOEXIST::FUNCTION:
-OPENSSL_init                            4091   NOEXIST::FUNCTION:
-private_Camellia_set_key                4092   NOEXIST::FUNCTION:
+OPENSSL_init                            4091   EXIST::FUNCTION:
+private_Camellia_set_key                4092   EXIST:OPENSSL_FIPS:FUNCTION:CAMELLIA
 CRYPTO_strdup                           4093   EXIST::FUNCTION:
 JPAKE_STEP3A_process                    4094   EXIST::FUNCTION:JPAKE
 JPAKE_STEP1_release                     4095   EXIST::FUNCTION:JPAKE
@@ -4194,3 +4195,119 @@ OPENSSL_memcmp                          4565    EXIST::FUNCTION:
 OPENSSL_strncasecmp                     4566   EXIST::FUNCTION:
 OPENSSL_gmtime                          4567   EXIST::FUNCTION:
 OPENSSL_gmtime_adj                      4568   EXIST::FUNCTION:
+SRP_VBASE_get_by_user                   4569   EXIST::FUNCTION:SRP
+SRP_Calc_server_key                     4570   EXIST::FUNCTION:SRP
+SRP_create_verifier                     4571   EXIST::FUNCTION:SRP
+SRP_create_verifier_BN                  4572   EXIST::FUNCTION:SRP
+SRP_Calc_u                              4573   EXIST::FUNCTION:SRP
+SRP_VBASE_free                          4574   EXIST::FUNCTION:SRP
+SRP_Calc_client_key                     4575   EXIST::FUNCTION:SRP
+SRP_get_default_gN                      4576   EXIST::FUNCTION:SRP
+SRP_Calc_x                              4577   EXIST::FUNCTION:SRP
+SRP_Calc_B                              4578   EXIST::FUNCTION:SRP
+SRP_VBASE_new                           4579   EXIST::FUNCTION:SRP
+SRP_check_known_gN_param                4580   EXIST::FUNCTION:SRP
+SRP_Calc_A                              4581   EXIST::FUNCTION:SRP
+SRP_Verify_A_mod_N                      4582   EXIST::FUNCTION:SRP
+SRP_VBASE_init                          4583   EXIST::FUNCTION:SRP
+SRP_Verify_B_mod_N                      4584   EXIST::FUNCTION:SRP
+EC_KEY_set_public_key_affine_coordinates 4585  EXIST:!VMS:FUNCTION:EC
+EC_KEY_set_pub_key_aff_coords           4585   EXIST:VMS:FUNCTION:EC
+EVP_aes_192_ctr                         4586   EXIST::FUNCTION:AES
+EVP_PKEY_meth_get0_info                 4587   EXIST::FUNCTION:
+EVP_PKEY_meth_copy                      4588   EXIST::FUNCTION:
+ERR_add_error_vdata                     4589   EXIST::FUNCTION:
+EVP_aes_128_ctr                         4590   EXIST::FUNCTION:AES
+EVP_aes_256_ctr                         4591   EXIST::FUNCTION:AES
+EC_GFp_nistp224_method                  4592   EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
+EC_KEY_get_flags                        4593   EXIST::FUNCTION:EC
+RSA_padding_add_PKCS1_PSS_mgf1          4594   EXIST::FUNCTION:RSA
+EVP_aes_128_xts                         4595   EXIST::FUNCTION:AES
+private_SHA224_Init                     4596   EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+private_AES_set_decrypt_key             4597   EXIST::FUNCTION:AES
+private_WHIRLPOOL_Init                  4598   EXIST:OPENSSL_FIPS:FUNCTION:WHIRLPOOL
+EVP_aes_256_xts                         4599   EXIST::FUNCTION:AES
+private_SHA512_Init                     4600   EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+EVP_aes_128_gcm                         4601   EXIST::FUNCTION:AES
+EC_KEY_clear_flags                      4602   EXIST::FUNCTION:EC
+EC_KEY_set_flags                        4603   EXIST::FUNCTION:EC
+private_DES_set_key_unchecked           4604   EXIST:OPENSSL_FIPS:FUNCTION:DES
+EVP_aes_256_ccm                         4605   EXIST::FUNCTION:AES
+private_AES_set_encrypt_key             4606   EXIST::FUNCTION:AES
+RSA_verify_PKCS1_PSS_mgf1               4607   EXIST::FUNCTION:RSA
+private_SHA1_Init                       4608   EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA1
+EVP_aes_128_ccm                         4609   EXIST::FUNCTION:AES
+private_SEED_set_key                    4610   EXIST:OPENSSL_FIPS:FUNCTION:SEED
+EVP_aes_192_gcm                         4611   EXIST::FUNCTION:AES
+X509_ALGOR_set_md                       4612   EXIST::FUNCTION:
+private_SHA256_Init                     4613   EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA256
+RAND_init_fips                          4614   EXIST:OPENSSL_FIPS:FUNCTION:
+EVP_aes_256_gcm                         4615   EXIST::FUNCTION:AES
+private_SHA384_Init                     4616   EXIST:OPENSSL_FIPS:FUNCTION:SHA,SHA512
+EVP_aes_192_ccm                         4617   EXIST::FUNCTION:AES
+CMAC_CTX_copy                           4618   EXIST::FUNCTION:
+CMAC_CTX_free                           4619   EXIST::FUNCTION:
+CMAC_CTX_get0_cipher_ctx                4620   EXIST::FUNCTION:
+CMAC_CTX_cleanup                        4621   EXIST::FUNCTION:
+CMAC_Init                               4622   EXIST::FUNCTION:
+CMAC_Update                             4623   EXIST::FUNCTION:
+CMAC_resume                             4624   EXIST::FUNCTION:
+CMAC_CTX_new                            4625   EXIST::FUNCTION:
+CMAC_Final                              4626   EXIST::FUNCTION:
+CRYPTO_ctr128_encrypt_ctr32             4627   EXIST::FUNCTION:
+CRYPTO_gcm128_release                   4628   EXIST::FUNCTION:
+CRYPTO_ccm128_decrypt_ccm64             4629   EXIST::FUNCTION:
+CRYPTO_ccm128_encrypt                   4630   EXIST::FUNCTION:
+CRYPTO_gcm128_encrypt                   4631   EXIST::FUNCTION:
+CRYPTO_xts128_encrypt                   4632   EXIST::FUNCTION:
+EVP_rc4_hmac_md5                        4633   EXIST::FUNCTION:MD5,RC4
+CRYPTO_nistcts128_decrypt_block         4634   EXIST::FUNCTION:
+CRYPTO_gcm128_setiv                     4635   EXIST::FUNCTION:
+CRYPTO_nistcts128_encrypt               4636   EXIST::FUNCTION:
+EVP_aes_128_cbc_hmac_sha1               4637   EXIST::FUNCTION:AES,SHA,SHA1
+CRYPTO_gcm128_tag                       4638   EXIST::FUNCTION:
+CRYPTO_ccm128_encrypt_ccm64             4639   EXIST::FUNCTION:
+ENGINE_load_rdrand                      4640   EXIST::FUNCTION:ENGINE
+CRYPTO_ccm128_setiv                     4641   EXIST::FUNCTION:
+CRYPTO_nistcts128_encrypt_block         4642   EXIST::FUNCTION:
+CRYPTO_gcm128_aad                       4643   EXIST::FUNCTION:
+CRYPTO_ccm128_init                      4644   EXIST::FUNCTION:
+CRYPTO_nistcts128_decrypt               4645   EXIST::FUNCTION:
+CRYPTO_gcm128_new                       4646   EXIST::FUNCTION:
+CRYPTO_ccm128_tag                       4647   EXIST::FUNCTION:
+CRYPTO_ccm128_decrypt                   4648   EXIST::FUNCTION:
+CRYPTO_ccm128_aad                       4649   EXIST::FUNCTION:
+CRYPTO_gcm128_init                      4650   EXIST::FUNCTION:
+CRYPTO_gcm128_decrypt                   4651   EXIST::FUNCTION:
+ENGINE_load_rsax                        4652   EXIST::FUNCTION:ENGINE
+CRYPTO_gcm128_decrypt_ctr32             4653   EXIST::FUNCTION:
+CRYPTO_gcm128_encrypt_ctr32             4654   EXIST::FUNCTION:
+CRYPTO_gcm128_finish                    4655   EXIST::FUNCTION:
+EVP_aes_256_cbc_hmac_sha1               4656   EXIST::FUNCTION:AES,SHA,SHA1
+PKCS5_pbkdf2_set                        4657   EXIST::FUNCTION:
+CMS_add0_recipient_password             4658   EXIST::FUNCTION:CMS
+CMS_decrypt_set1_password               4659   EXIST::FUNCTION:CMS
+CMS_RecipientInfo_set0_password         4660   EXIST::FUNCTION:CMS
+RAND_set_fips_drbg_type                 4661   EXIST:OPENSSL_FIPS:FUNCTION:
+X509_REQ_sign_ctx                       4662   EXIST::FUNCTION:EVP
+RSA_PSS_PARAMS_new                      4663   EXIST::FUNCTION:RSA
+X509_CRL_sign_ctx                       4664   EXIST::FUNCTION:EVP
+X509_signature_dump                     4665   EXIST::FUNCTION:EVP
+d2i_RSA_PSS_PARAMS                      4666   EXIST::FUNCTION:RSA
+RSA_PSS_PARAMS_it                       4667   EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+RSA_PSS_PARAMS_it                       4667   EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+RSA_PSS_PARAMS_free                     4668   EXIST::FUNCTION:RSA
+X509_sign_ctx                           4669   EXIST::FUNCTION:EVP
+i2d_RSA_PSS_PARAMS                      4670   EXIST::FUNCTION:RSA
+ASN1_item_sign_ctx                      4671   EXIST::FUNCTION:EVP
+EC_GFp_nistp521_method                  4672   EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
+EC_GFp_nistp256_method                  4673   EXIST::FUNCTION:EC,EC_NISTP_64_GCC_128
+OPENSSL_stderr                          4674   EXIST::FUNCTION:
+OPENSSL_cpuid_setup                     4675   EXIST::FUNCTION:
+OPENSSL_showfatal                       4676   EXIST::FUNCTION:
+BIO_new_dgram_sctp                      4677   EXIST::FUNCTION:SCTP
+BIO_dgram_sctp_msg_waiting              4678   EXIST::FUNCTION:SCTP
+BIO_dgram_sctp_wait_for_dry             4679   EXIST::FUNCTION:SCTP
+BIO_s_datagram_sctp                     4680   EXIST::FUNCTION:DGRAM,SCTP
+BIO_dgram_is_sctp                       4681   EXIST::FUNCTION:SCTP
+BIO_dgram_sctp_notification_cb          4682   EXIST::FUNCTION:SCTP

diff --git a/deps/openssl/openssl/util/mk1mf.pl b/deps/openssl/openssl/util/mk1mf.pl
index afe8c73..72fa089 100755 (executable)
--- a/deps/openssl/openssl/util/mk1mf.pl
+++ b/deps/openssl/openssl/util/mk1mf.pl
@@ -18,6 +18,8 @@ local $zlib_opt = 0;  # 0 = no zlib, 1 = static, 2 = dynamic
 local $zlib_lib = "";
 local $perl_asm = 0;   # 1 to autobuild asm files from perl scripts
 
+my $ex_l_libs = "";
+
 # Options to import from top level Makefile
 
 my %mf_import = (
@@ -40,7 +42,9 @@ my %mf_import = (
        SHA1_ASM_OBJ   => \$mf_sha_asm,
        RMD160_ASM_OBJ => \$mf_rmd_asm,
        WP_ASM_OBJ     => \$mf_wp_asm,
-       CMLL_ENC       => \$mf_cm_asm
+       CMLL_ENC       => \$mf_cm_asm,
+       BASEADDR       => \$baseaddr,
+       FIPSDIR        => \$fipsdir,
 );
 
 
@@ -104,6 +108,7 @@ and [options] can be one of
        just-ssl                                - remove all non-ssl keys/digest
        no-asm                                  - No x86 asm
        no-krb5                                 - No KRB5
+       no-srp                                  - No SRP
        no-ec                                   - No EC
        no-ecdsa                                - No ECDSA
        no-ecdh                                 - No ECDH
@@ -228,6 +233,8 @@ else
        $cflags.=' -DTERMIO';
        }
 
+$fipsdir =~ s/\//${o}/g;
+
 $out_dir=(defined($VARS{'OUT'}))?$VARS{'OUT'}:$out_def.($debug?".dbg":"");
 $tmp_dir=(defined($VARS{'TMP'}))?$VARS{'TMP'}:$tmp_def.($debug?".dbg":"");
 $inc_dir=(defined($VARS{'INC'}))?$VARS{'INC'}:$inc_def;
@@ -261,6 +268,7 @@ $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock;
 $cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2;
 $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3;
 $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext;
+$cflags.=" -DOPENSSL_NO_SRP" if $no_srp;
 $cflags.=" -DOPENSSL_NO_CMS" if $no_cms;
 $cflags.=" -DOPENSSL_NO_ERR"  if $no_err;
 $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
@@ -270,7 +278,9 @@ $cflags.=" -DOPENSSL_NO_ECDH" if $no_ecdh;
 $cflags.=" -DOPENSSL_NO_GOST" if $no_gost;
 $cflags.=" -DOPENSSL_NO_ENGINE"   if $no_engine;
 $cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
+$cflags.=" -DOPENSSL_FIPS"    if $fips;
 $cflags.=" -DOPENSSL_NO_JPAKE"    if $no_jpake;
+$cflags.=" -DOPENSSL_NO_EC2M"    if $no_ec2m;
 $cflags.= " -DZLIB" if $zlib_opt;
 $cflags.= " -DZLIB_SHARED" if $zlib_opt == 2;
 
@@ -404,6 +414,11 @@ else
        \$(CP) \"\$(O_CRYPTO)\" \"\$(INSTALLTOP)${o}lib\"
 EOF
        $ex_libs .= " $zlib_lib" if $zlib_opt == 1;
+       if ($fips)
+               {
+               $build_targets .= " \$(LIB_D)$o$crypto_compat \$(PREMAIN_DSO_EXE)";
+               $ex_l_libs .= " \$(O_FIPSCANISTER)";
+               }
        }
 
 $defs= <<"EOF";
@@ -465,6 +480,18 @@ MKLIB=$bin_dir$mklib
 MLFLAGS=$mlflags
 ASM=$bin_dir$asm
 
+# FIPS validated module and support file locations
+
+FIPSDIR=$fipsdir
+BASEADDR=$baseaddr
+FIPSLIB_D=\$(FIPSDIR)${o}lib
+FIPS_PREMAIN_SRC=\$(FIPSLIB_D)${o}fips_premain.c
+O_FIPSCANISTER=\$(FIPSLIB_D)${o}fipscanister.lib
+FIPS_SHA1_EXE=\$(FIPSDIR)${o}bin${o}fips_standalone_sha1${exep}
+E_PREMAIN_DSO=fips_premain_dso
+PREMAIN_DSO_EXE=\$(BIN_D)${o}fips_premain_dso$exep
+FIPSLINK=\$(PERL) \$(FIPSDIR)${o}bin${o}fipslink.pl
+
 ######################################################
 # You should not need to touch anything below this point
 ######################################################
@@ -497,7 +524,7 @@ SO_CRYPTO= $plib\$(CRYPTO)$so_shlibp
 L_SSL=     \$(LIB_D)$o$plib\$(SSL)$libp
 L_CRYPTO=  \$(LIB_D)$o$plib\$(CRYPTO)$libp
 
-L_LIBS= \$(L_SSL) \$(L_CRYPTO)
+L_LIBS= \$(L_SSL) \$(L_CRYPTO) $ex_l_libs
 
 ######################################################
 # Don't touch anything below this point
@@ -513,7 +540,7 @@ LIBS_DEP=\$(O_CRYPTO) \$(O_SSL)
 EOF
 
 $rules=<<"EOF";
-all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe
+all: banner \$(TMP_D) \$(BIN_D) \$(TEST_D) \$(LIB_D) \$(INCO_D) headers lib exe $build_targets
 
 banner:
 $banner
@@ -629,6 +656,16 @@ $rules.=&do_compile_rule("\$(OBJ_D)",$test,"\$(APP_CFLAGS)");
 $defs.=&do_defs("E_OBJ",$e_exe,"\$(OBJ_D)",$obj);
 $rules.=&do_compile_rule("\$(OBJ_D)",$e_exe,'-DMONOLITH $(APP_CFLAGS)');
 
+# Special case rule for fips_premain_dso
+
+if ($fips)
+       {
+       $rules.=&cc_compile_target("\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj",
+               "\$(FIPS_PREMAIN_SRC)",
+               "-DFINGERPRINT_PREMAIN_DSO_LOAD \$(SHLIB_CFLAGS)", "");
+       $rules.=&do_link_rule("\$(PREMAIN_DSO_EXE)","\$(OBJ_D)${o}\$(E_PREMAIN_DSO)$obj \$(CRYPTOOBJ) \$(O_FIPSCANISTER)","","\$(EX_LIBS)", 1);
+       }
+
 foreach (values %lib_nam)
        {
        $lib_obj=$lib_obj{$_};
@@ -677,7 +714,28 @@ foreach (split(/\s+/,$engines))
 
 
 $rules.= &do_lib_rule("\$(SSLOBJ)","\$(O_SSL)",$ssl,$shlib,"\$(SO_SSL)");
-$rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)");
+
+if ($fips)
+       {
+       if ($shlib)
+               {
+               $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+                               "\$(O_CRYPTO)", "$crypto",
+                               $shlib, "\$(SO_CRYPTO)", "\$(BASEADDR)");
+               }
+       else
+               {
+               $rules.= &do_lib_rule("\$(CRYPTOOBJ)",
+                       "\$(O_CRYPTO)",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+               $rules.= &do_lib_rule("\$(CRYPTOOBJ) \$(O_FIPSCANISTER)",
+                       "\$(LIB_D)$o$crypto_compat",$crypto,$shlib,"\$(SO_CRYPTO)", "");
+               }
+       }
+       else
+       {
+       $rules.= &do_lib_rule("\$(CRYPTOOBJ)","\$(O_CRYPTO)",$crypto,$shlib,
+                                                       "\$(SO_CRYPTO)");
+       }
 
 foreach (split(" ",$otherlibs))
        {
@@ -687,7 +745,7 @@ foreach (split(" ",$otherlibs))
 
        }
 
-$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)");
+$rules.=&do_link_rule("\$(BIN_D)$o\$(E_EXE)$exep","\$(E_OBJ)","\$(LIBS_DEP)","\$(L_LIBS) \$(EX_LIBS)", ($fips && !$shlib) ? 2 : 0);
 
 print $defs;
 
@@ -781,6 +839,8 @@ sub var_add
        @a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
        @a=grep(!/_mdc2$/,@a) if $no_mdc2;
 
+       @a=grep(!/(srp)/,@a) if $no_srp;
+
        @a=grep(!/^engine$/,@a) if $no_engine;
        @a=grep(!/^hw$/,@a) if $no_hw;
        @a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
@@ -939,14 +999,15 @@ sub Sasm_compile_target
 
 sub cc_compile_target
        {
-       local($target,$source,$ex_flags)=@_;
+       local($target,$source,$ex_flags, $srcd)=@_;
        local($ret);
        
        $ex_flags.=" -DMK1MF_BUILD -D$platform_cpp_symbol" if ($source =~ /cversion/);
        $target =~ s/\//$o/g if $o ne "/";
        $source =~ s/\//$o/g if $o ne "/";
-       $ret ="$target: \$(SRC_D)$o$source\n\t";
-       $ret.="\$(CC) ${ofile}$target $ex_flags -c \$(SRC_D)$o$source\n\n";
+       $srcd = "\$(SRC_D)$o" unless defined $srcd;
+       $ret ="$target: $srcd$source\n\t";
+       $ret.="\$(CC) ${ofile}$target $ex_flags -c $srcd$source\n\n";
        return($ret);
        }
 
@@ -1056,8 +1117,11 @@ sub read_options
                "no-ssl2" => \$no_ssl2,
                "no-ssl3" => \$no_ssl3,
                "no-tlsext" => \$no_tlsext,
+               "no-srp" => \$no_srp,
                "no-cms" => \$no_cms,
+               "no-ec2m" => \$no_ec2m,
                "no-jpake" => \$no_jpake,
+               "no-ec_nistp_64_gcc_128" => 0,
                "no-err" => \$no_err,
                "no-sock" => \$no_sock,
                "no-krb5" => \$no_krb5,
@@ -1067,11 +1131,12 @@ sub read_options
                "no-gost" => \$no_gost,
                "no-engine" => \$no_engine,
                "no-hw" => \$no_hw,
+               "no-rsax" => 0,
                "just-ssl" =>
                        [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast,
                          \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh,
                          \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5,
-                         \$no_aes, \$no_camellia, \$no_seed],
+                         \$no_aes, \$no_camellia, \$no_seed, \$no_srp],
                "rsaref" => 0,
                "gcc" => \$gcc,
                "debug" => \$debug,
@@ -1079,6 +1144,7 @@ sub read_options
                "shlib" => \$shlib,
                "dll" => \$shlib,
                "shared" => 0,
+               "no-sctp" => 0,
                "no-gmp" => 0,
                "no-rfc3779" => 0,
                "no-montasm" => 0,
@@ -1086,6 +1152,7 @@ sub read_options
                "no-store" => 0,
                "no-zlib" => 0,
                "no-zlib-dynamic" => 0,
+               "fips" => \$fips
                );
 
        if (exists $valid_options{$_})

diff --git a/deps/openssl/openssl/util/mkdef.pl b/deps/openssl/openssl/util/mkdef.pl
index ab47329..9a8c7b8 100755 (executable)
--- a/deps/openssl/openssl/util/mkdef.pl
+++ b/deps/openssl/openssl/util/mkdef.pl
@@ -79,13 +79,15 @@ my $OS2=0;
 my $safe_stack_def = 0;
 
 my @known_platforms = ( "__FreeBSD__", "PERL5", "NeXT",
-                       "EXPORT_VAR_AS_FUNCTION", "ZLIB" );
+                       "EXPORT_VAR_AS_FUNCTION", "ZLIB", "OPENSSL_FIPS" );
 my @known_ossl_platforms = ( "VMS", "WIN16", "WIN32", "WINNT", "OS2" );
 my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         "CAST", "MD2", "MD4", "MD5", "SHA", "SHA0", "SHA1",
                         "SHA256", "SHA512", "RIPEMD",
-                        "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA",
+                        "MDC2", "WHIRLPOOL", "RSA", "DSA", "DH", "EC", "ECDH", "ECDSA", "EC2M",
                         "HMAC", "AES", "CAMELLIA", "SEED", "GOST",
+                        # EC_NISTP_64_GCC_128
+                        "EC_NISTP_64_GCC_128",
                         # Envelope "algorithms"
                         "EVP", "X509", "ASN1_TYPEDEFS",
                         # Helper "algorithms"
@@ -98,7 +100,7 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         # RFC3779
                         "RFC3779",
                         # TLS
-                        "TLSEXT", "PSK",
+                        "TLSEXT", "PSK", "SRP", "HEARTBEATS",
                         # CMS
                         "CMS",
                         # CryptoAPI Engine
@@ -107,8 +109,14 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
                         "SSL2",
                         # JPAKE
                         "JPAKE",
+                        # NEXTPROTONEG
+                        "NEXTPROTONEG",
                         # Deprecated functions
-                        "DEPRECATED" );
+                        "DEPRECATED",
+                        # Hide SSL internals
+                        "SSL_INTERN",
+                        # SCTP
+                        "SCTP");
 
 my $options="";
 open(IN,"<Makefile") || die "unable to open Makefile!\n";
@@ -127,7 +135,10 @@ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
 my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw;
 my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
 my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
-my $no_jpake; my $no_ssl2;
+my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; 
+my $no_nextprotoneg; my $no_sctp;
+
+my $fips;
 
 my $zlib;
 
@@ -151,6 +162,7 @@ foreach (@ARGV, split(/ /, $options))
        }
        $VMS=1 if $_ eq "VMS";
        $OS2=1 if $_ eq "OS2";
+       $fips=1 if /^fips/;
        if ($_ eq "zlib" || $_ eq "enable-zlib" || $_ eq "zlib-dynamic"
                         || $_ eq "enable-zlib-dynamic") {
                $zlib = 1;
@@ -215,9 +227,14 @@ foreach (@ARGV, split(/ /, $options))
        elsif (/^no-rfc3779$/)  { $no_rfc3779=1; }
        elsif (/^no-tlsext$/)   { $no_tlsext=1; }
        elsif (/^no-cms$/)      { $no_cms=1; }
+       elsif (/^no-ec2m$/)     { $no_ec2m=1; }
+       elsif (/^no-ec_nistp_64_gcc_128$/)      { $no_nistp_gcc=1; }
+       elsif (/^no-nextprotoneg$/)     { $no_nextprotoneg=1; }
        elsif (/^no-ssl2$/)     { $no_ssl2=1; }
        elsif (/^no-capieng$/)  { $no_capieng=1; }
        elsif (/^no-jpake$/)    { $no_jpake=1; }
+       elsif (/^no-srp$/)      { $no_srp=1; }
+       elsif (/^no-sctp$/)     { $no_sctp=1; }
        }
 
 
@@ -254,8 +271,10 @@ $max_crypto = $max_num;
 my $ssl="ssl/ssl.h";
 $ssl.=" ssl/kssl.h";
 $ssl.=" ssl/tls1.h";
+$ssl.=" ssl/srtp.h";
 
 my $crypto ="crypto/crypto.h";
+$crypto.=" crypto/cryptlib.h";
 $crypto.=" crypto/o_dir.h";
 $crypto.=" crypto/o_str.h";
 $crypto.=" crypto/o_time.h";
@@ -285,6 +304,7 @@ $crypto.=" crypto/ec/ec.h" ; # unless $no_ec;
 $crypto.=" crypto/ecdsa/ecdsa.h" ; # unless $no_ecdsa;
 $crypto.=" crypto/ecdh/ecdh.h" ; # unless $no_ecdh;
 $crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac;
+$crypto.=" crypto/cmac/cmac.h" ; # unless $no_hmac;
 
 $crypto.=" crypto/engine/engine.h"; # unless $no_engine;
 $crypto.=" crypto/stack/stack.h" ; # unless $no_stack;
@@ -319,6 +339,7 @@ $crypto.=" crypto/pqueue/pqueue.h";
 $crypto.=" crypto/cms/cms.h";
 $crypto.=" crypto/jpake/jpake.h";
 $crypto.=" crypto/modes/modes.h";
+$crypto.=" crypto/srp/srp.h";
 
 my $symhacks="crypto/symhacks.h";
 
@@ -1126,6 +1147,9 @@ sub is_valid
                        if ($keyword eq "EXPORT_VAR_AS_FUNCTION" && ($VMSVAX || $W32 || $W16)) {
                                return 1;
                        }
+                       if ($keyword eq "OPENSSL_FIPS" && $fips) {
+                               return 1;
+                       }
                        if ($keyword eq "ZLIB" && $zlib) { return 1; }
                        return 0;
                } else {
@@ -1172,9 +1196,15 @@ sub is_valid
                        if ($keyword eq "TLSEXT" && $no_tlsext) { return 0; }
                        if ($keyword eq "PSK" && $no_psk) { return 0; }
                        if ($keyword eq "CMS" && $no_cms) { return 0; }
+                       if ($keyword eq "EC2M" && $no_ec2m) { return 0; }
+                       if ($keyword eq "NEXTPROTONEG" && $no_nextprotoneg) { return 0; }
+                       if ($keyword eq "EC_NISTP_64_GCC_128" && $no_nistp_gcc)
+                                       { return 0; }
                        if ($keyword eq "SSL2" && $no_ssl2) { return 0; }
                        if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
                        if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
+                       if ($keyword eq "SRP" && $no_srp) { return 0; }
+                       if ($keyword eq "SCTP" && $no_sctp) { return 0; }
                        if ($keyword eq "DEPRECATED" && $no_deprecated) { return 0; }
 
                        # Nothing recognise as true

diff --git a/deps/openssl/openssl/util/mkfiles.pl b/deps/openssl/openssl/util/mkfiles.pl
index 6d15831..7d9a9d5 100755 (executable)
--- a/deps/openssl/openssl/util/mkfiles.pl
+++ b/deps/openssl/openssl/util/mkfiles.pl
@@ -15,6 +15,7 @@ my @dirs = (
 "crypto/sha",
 "crypto/mdc2",
 "crypto/hmac",
+"crypto/cmac",
 "crypto/ripemd",
 "crypto/des",
 "crypto/rc2",
@@ -62,6 +63,7 @@ my @dirs = (
 "crypto/pqueue",
 "crypto/whrlpool",
 "crypto/ts",
+"crypto/srp",
 "ssl",
 "apps",
 "engines",

diff --git a/deps/openssl/openssl/util/mkrc.pl b/deps/openssl/openssl/util/mkrc.pl
old mode 100644 (file)
new mode 100755 (executable)

diff --git a/deps/openssl/openssl/util/pl/VC-32.pl b/deps/openssl/openssl/util/pl/VC-32.pl
index 5f25fc4..6c550f5 100644 (file)
--- a/deps/openssl/openssl/util/pl/VC-32.pl
+++ b/deps/openssl/openssl/util/pl/VC-32.pl
@@ -6,6 +6,16 @@
 $ssl=  "ssleay32";
 $crypto="libeay32";
 
+if ($fips && !$shlib)
+       {
+       $crypto="libeayfips32";
+       $crypto_compat = "libeaycompat32.lib";
+       }
+else
+       {
+       $crypto="libeay32";
+       }
+
 $o='\\';
 $cp='$(PERL) util/copy.pl';
 $mkdir='$(PERL) util/mkdir-p.pl';
@@ -33,7 +43,7 @@ if ($FLAVOR =~ /WIN64/)
     # considered safe to ignore.
     # 
     $base_cflags= " $mf_cflag";
-    my $f = $shlib?' /MD':' /MT';
+    my $f = $shlib || $fips ?' /MD':' /MT';
     $lib_cflag='/Zl' if (!$shlib);     # remove /DEFAULTLIBs from static lib
     $opt_cflags=$f.' /Ox';
     $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
@@ -108,13 +118,13 @@ elsif ($FLAVOR =~ /CE/)
     $base_cflags.=' -I$(WCECOMPAT)/include'            if (defined($ENV{'WCECOMPAT'}));
     $base_cflags.=' -I$(PORTSDK_LIBPATH)/../../include'        if (defined($ENV{'PORTSDK_LIBPATH'}));
     $opt_cflags=' /MC /O1i';   # optimize for space, but with intrinsics...
-    $dbg_clfags=' /MC /Od -DDEBUG -D_DEBUG';
+    $dbg_cflags=' /MC /Od -DDEBUG -D_DEBUG';
     $lflags="/nologo /opt:ref $wcelflag";
     }
 else   # Win32
     {
     $base_cflags= " $mf_cflag";
-    my $f = $shlib?' /MD':' /MT';
+    my $f = $shlib || $fips ?' /MD':' /MT';
     $lib_cflag='/Zl' if (!$shlib);     # remove /DEFAULTLIBs from static lib
     $opt_cflags=$f.' /Ox /O2 /Ob2';
     $dbg_cflags=$f.'d /Od -DDEBUG -D_DEBUG';
@@ -266,10 +276,19 @@ elsif ($shlib && $FLAVOR =~ /CE/)
 
 sub do_lib_rule
        {
-       local($objs,$target,$name,$shlib)=@_;
+       my($objs,$target,$name,$shlib,$ign,$base_addr) = @_;
        local($ret);
 
        $taget =~ s/\//$o/g if $o ne '/';
+       my $base_arg;
+       if ($base_addr ne "")
+               {
+               $base_arg= " /base:$base_addr";
+               }
+       else
+               {
+               $base_arg = "";
+               }
        if ($name ne "")
                {
                $name =~ tr/a-z/A-Z/;
@@ -277,17 +296,37 @@ sub do_lib_rule
                }
 
 #      $target="\$(LIB_D)$o$target";
-       $ret.="$target: $objs\n";
+#      $ret.="$target: $objs\n";
        if (!$shlib)
                {
 #              $ret.="\t\$(RM) \$(O_$Name)\n";
+               $ret.="$target: $objs\n";
                $ret.="\t\$(MKLIB) $lfile$target @<<\n  $objs\n<<\n";
                }
        else
                {
                local($ex)=($target =~ /O_CRYPTO/)?'':' $(L_CRYPTO)';
                $ex.=" $zlib_lib" if $zlib_opt == 1 && $target =~ /O_CRYPTO/;
-               $ret.="\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n  \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n";
+
+               if ($fips && $target =~ /O_CRYPTO/)
+                       {
+                       $ret.="$target: $objs \$(PREMAIN_DSO_EXE)";
+                       $ret.="\n\tSET FIPS_LINK=\$(LINK)\n";
+                       $ret.="\tSET FIPS_CC=\$(CC)\n";
+                       $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+                       $ret.="\tSET PREMAIN_DSO_EXE=\$(PREMAIN_DSO_EXE)\n";
+                       $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+                       $ret.="\tSET FIPS_TARGET=$target\n";
+                       $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+                       $ret.="\t\$(FIPSLINK) \$(MLFLAGS) /map $base_arg $efile$target ";
+                       $ret.="$name @<<\n  \$(SHLIB_EX_OBJ) $objs \$(EX_LIBS) ";
+                       $ret.="\$(OBJ_D)${o}fips_premain.obj $ex\n<<\n";
+                       }
+               else
+                       {
+                       $ret.="$target: $objs";
+                       $ret.="\n\t\$(LINK) \$(MLFLAGS) $efile$target $name @<<\n  \$(SHLIB_EX_OBJ) $objs $ex \$(EX_LIBS)\n<<\n";
+                       }
                $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;2\n\n";
                }
        $ret.="\n";
@@ -296,15 +335,35 @@ sub do_lib_rule
 
 sub do_link_rule
        {
-       local($target,$files,$dep_libs,$libs)=@_;
+       my($target,$files,$dep_libs,$libs,$standalone)=@_;
        local($ret,$_);
-       
        $file =~ s/\//$o/g if $o ne '/';
        $n=&bname($targer);
        $ret.="$target: $files $dep_libs\n";
-       $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n";
-       $ret.="  \$(APP_EX_OBJ) $files $libs\n<<\n";
-       $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n";
+       if ($standalone == 1)
+               {
+               $ret.="  \$(LINK) \$(LFLAGS) $efile$target @<<\n\t";
+               $ret.= "\$(EX_LIBS) " if ($files =~ /O_FIPSCANISTER/ && !$fipscanisterbuild);
+               $ret.="$files $libs\n<<\n";
+               }
+       elsif ($standalone == 2)
+               {
+               $ret.="\tSET FIPS_LINK=\$(LINK)\n";
+               $ret.="\tSET FIPS_CC=\$(CC)\n";
+               $ret.="\tSET FIPS_CC_ARGS=/Fo\$(OBJ_D)${o}fips_premain.obj \$(SHLIB_CFLAGS) -c\n";
+               $ret.="\tSET PREMAIN_DSO_EXE=\n";
+               $ret.="\tSET FIPS_TARGET=$target\n";
+               $ret.="\tSET FIPS_SHA1_EXE=\$(FIPS_SHA1_EXE)\n";
+               $ret.="\tSET FIPSLIB_D=\$(FIPSLIB_D)\n";
+               $ret.="\t\$(FIPSLINK) \$(LFLAGS) /map $efile$target @<<\n";
+               $ret.="\t\$(APP_EX_OBJ) $files \$(OBJ_D)${o}fips_premain.obj $libs\n<<\n";
+               }
+       else
+               {
+               $ret.="\t\$(LINK) \$(LFLAGS) $efile$target @<<\n";
+               $ret.="\t\$(APP_EX_OBJ) $files $libs\n<<\n";
+               }
+       $ret.="\tIF EXIST \$@.manifest mt -nologo -manifest \$@.manifest -outputresource:\$@;1\n\n";
        return($ret);
        }
 

diff --git a/deps/openssl/openssl/util/ssleay.num b/deps/openssl/openssl/util/ssleay.num
index 15a58e7..37655bc 100755 (executable)
--- a/deps/openssl/openssl/util/ssleay.num
+++ b/deps/openssl/openssl/util/ssleay.num
@@ -259,3 +259,64 @@ SSL_set_session_secret_cb               307        EXIST::FUNCTION:
 SSL_set_session_ticket_ext_cb           308    EXIST::FUNCTION:
 SSL_set1_param                          309    EXIST::FUNCTION:
 SSL_CTX_set1_param                      310    EXIST::FUNCTION:
+SSL_tls1_key_exporter                   311    NOEXIST::FUNCTION:
+SSL_renegotiate_abbreviated             312    EXIST::FUNCTION:
+TLSv1_1_method                          313    EXIST::FUNCTION:
+TLSv1_1_client_method                   314    EXIST::FUNCTION:
+TLSv1_1_server_method                   315    EXIST::FUNCTION:
+SSL_CTX_set_srp_client_pwd_callback     316    EXIST:!VMS:FUNCTION:SRP
+SSL_CTX_set_srp_client_pwd_cb           316    EXIST:VMS:FUNCTION:SRP
+SSL_get_srp_g                           317    EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_username_callback       318    EXIST:!VMS:FUNCTION:SRP
+SSL_CTX_set_srp_un_cb                   318    EXIST:VMS:FUNCTION:SRP
+SSL_get_srp_userinfo                    319    EXIST::FUNCTION:SRP
+SSL_set_srp_server_param                320    EXIST::FUNCTION:SRP
+SSL_set_srp_server_param_pw             321    EXIST::FUNCTION:SRP
+SSL_get_srp_N                           322    EXIST::FUNCTION:SRP
+SSL_get_srp_username                    323    EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_password                324    EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_strength                325    EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_verify_param_callback   326    EXIST:!VMS:FUNCTION:SRP
+SSL_CTX_set_srp_vfy_param_cb            326    EXIST:VMS:FUNCTION:SRP
+SSL_CTX_set_srp_miss_srp_un_cb          327    NOEXIST::FUNCTION:
+SSL_CTX_set_srp_missing_srp_username_callback 327      NOEXIST::FUNCTION:
+SSL_CTX_set_srp_cb_arg                  328    EXIST::FUNCTION:SRP
+SSL_CTX_set_srp_username                329    EXIST::FUNCTION:SRP
+SSL_CTX_SRP_CTX_init                    330    EXIST::FUNCTION:SRP
+SSL_SRP_CTX_init                        331    EXIST::FUNCTION:SRP
+SRP_Calc_A_param                        332    EXIST::FUNCTION:SRP
+SRP_generate_server_master_secret       333    EXIST:!VMS:FUNCTION:SRP
+SRP_gen_server_master_secret            333    EXIST:VMS:FUNCTION:SRP
+SSL_CTX_SRP_CTX_free                    334    EXIST::FUNCTION:SRP
+SRP_generate_client_master_secret       335    EXIST:!VMS:FUNCTION:SRP
+SRP_gen_client_master_secret            335    EXIST:VMS:FUNCTION:SRP
+SSL_srp_server_param_with_username      336    EXIST:!VMS:FUNCTION:SRP
+SSL_srp_server_param_with_un            336    EXIST:VMS:FUNCTION:SRP
+SRP_have_to_put_srp_username            337    NOEXIST::FUNCTION:
+SSL_SRP_CTX_free                        338    EXIST::FUNCTION:SRP
+SSL_set_debug                           339    EXIST::FUNCTION:
+SSL_SESSION_get0_peer                   340    EXIST::FUNCTION:
+TLSv1_2_client_method                   341    EXIST::FUNCTION:
+SSL_SESSION_set1_id_context             342    EXIST::FUNCTION:
+TLSv1_2_server_method                   343    EXIST::FUNCTION:
+SSL_cache_hit                           344    EXIST::FUNCTION:
+SSL_get0_kssl_ctx                       345    EXIST::FUNCTION:KRB5
+SSL_set0_kssl_ctx                       346    EXIST::FUNCTION:KRB5
+SSL_SESSION_get0_id                     347    NOEXIST::FUNCTION:
+SSL_set_state                           348    EXIST::FUNCTION:
+SSL_CIPHER_get_id                       349    EXIST::FUNCTION:
+TLSv1_2_method                          350    EXIST::FUNCTION:
+SSL_SESSION_get_id_len                  351    NOEXIST::FUNCTION:
+kssl_ctx_get0_client_princ              352    EXIST::FUNCTION:KRB5
+SSL_export_keying_material              353    EXIST::FUNCTION:TLSEXT
+SSL_set_tlsext_use_srtp                 354    EXIST::FUNCTION:
+SSL_CTX_set_next_protos_advertised_cb   355    EXIST:!VMS:FUNCTION:NEXTPROTONEG
+SSL_CTX_set_next_protos_adv_cb          355    EXIST:VMS:FUNCTION:NEXTPROTONEG
+SSL_get0_next_proto_negotiated          356    EXIST::FUNCTION:NEXTPROTONEG
+SSL_get_selected_srtp_profile           357    EXIST::FUNCTION:
+SSL_CTX_set_tlsext_use_srtp             358    EXIST::FUNCTION:
+SSL_select_next_proto                   359    EXIST::FUNCTION:NEXTPROTONEG
+SSL_get_srtp_profiles                   360    EXIST::FUNCTION:
+SSL_CTX_set_next_proto_select_cb        361    EXIST:!VMS:FUNCTION:NEXTPROTONEG
+SSL_CTX_set_next_proto_sel_cb           361    EXIST:VMS:FUNCTION:NEXTPROTONEG
+SSL_SESSION_get_compress_id             362    EXIST::FUNCTION:

diff --git a/deps/openssl/patches/handshake_cutthrough.patch b/deps/openssl/patches/handshake_cutthrough.patch
deleted file mode 100644 (file)
index 4f29839..0000000
--- a/deps/openssl/patches/handshake_cutthrough.patch
+++ /dev/null
@@ -1,275 +0,0 @@
-diff -uarp openssl-1.0.0.orig/apps/s_client.c openssl-1.0.0/apps/s_client.c
---- openssl-1.0.0.orig/apps/s_client.c 2009-12-16 15:28:28.000000000 -0500
-+++ openssl-1.0.0/apps/s_client.c      2010-04-21 14:39:49.000000000 -0400
-@@ -248,6 +248,7 @@ static void sc_usage(void)
-       BIO_printf(bio_err," -tlsextdebug      - hex dump of all TLS extensions received\n");
-       BIO_printf(bio_err," -status           - request certificate status from server\n");
-       BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");
-+      BIO_printf(bio_err," -cutthrough       - enable 1-RTT full-handshake for strong ciphers\n");
- #endif
-       }
- 
-@@ -304,6 +305,7 @@ int MAIN(int argc, char **argv)
-       EVP_PKEY *key = NULL;
-       char *CApath=NULL,*CAfile=NULL,*cipher=NULL;
-       int reconnect=0,badop=0,verify=SSL_VERIFY_NONE,bugs=0;
-+      int cutthrough=0;
-       int crlf=0;
-       int write_tty,read_tty,write_ssl,read_ssl,tty_on,ssl_pending;
-       SSL_CTX *ctx=NULL;
-@@ -533,6 +535,8 @@ int MAIN(int argc, char **argv)
-               else if (strcmp(*argv,"-no_ticket") == 0)
-                       { off|=SSL_OP_NO_TICKET; }
- #endif
-+              else if (strcmp(*argv,"-cutthrough") == 0)
-+                      cutthrough=1;
-               else if (strcmp(*argv,"-serverpref") == 0)
-                       off|=SSL_OP_CIPHER_SERVER_PREFERENCE;
-               else if (strcmp(*argv,"-cipher") == 0)
-@@ -714,6 +718,15 @@ bad:
-        */
-       if (sock_type == SOCK_DGRAM) SSL_CTX_set_read_ahead(ctx, 1);
- 
-+      /* Enable handshake cutthrough for client connections using
-+       * strong ciphers. */
-+      if (cutthrough)
-+              {
-+              int ssl_mode = SSL_CTX_get_mode(ctx);
-+              ssl_mode |= SSL_MODE_HANDSHAKE_CUTTHROUGH;
-+              SSL_CTX_set_mode(ctx, ssl_mode);
-+              }
-+
-       if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
-       if (cipher != NULL)
-               if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
-diff -uarp openssl-1.0.0.orig/ssl/s3_clnt.c openssl-1.0.0/ssl/s3_clnt.c
---- openssl-1.0.0.orig/ssl/s3_clnt.c   2010-02-27 19:24:24.000000000 -0500
-+++ openssl-1.0.0/ssl/s3_clnt.c        2010-04-21 14:39:49.000000000 -0400
-@@ -186,6 +186,18 @@ int ssl3_connect(SSL *s)
-       
-       s->in_handshake++;
-       if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
-+#if 0 /* Send app data in separate packet, otherwise, some particular site
-+       * (only one site so far) closes the socket.
-+       * Note: there is a very small chance that two TCP packets
-+       * could be arriving at server combined into a single TCP packet,
-+       * then trigger that site to break. We haven't encounter that though.
-+       */
-+      if (SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH)
-+              {
-+              /* Send app data along with CCS/Finished */
-+              s->s3->flags |= SSL3_FLAGS_DELAY_CLIENT_FINISHED;
-+              }
-+#endif
- 
-       for (;;)
-               {
-@@ -454,14 +468,31 @@ int ssl3_connect(SSL *s)
-                               }
-                       else
-                               {
--#ifndef OPENSSL_NO_TLSEXT
--                              /* Allow NewSessionTicket if ticket expected */
--                              if (s->tlsext_ticket_expected)
--                                      s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
-+                              if ((SSL_get_mode(s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) && SSL_get_cipher_bits(s, NULL) >= 128
-+                                  && s->s3->previous_server_finished_len == 0 /* no cutthrough on renegotiation (would complicate the state machine) */
-+                                 )
-+                                      {
-+                                      if (s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED)
-+                                              {
-+                                              s->state=SSL3_ST_CUTTHROUGH_COMPLETE;
-+                                              s->s3->flags|=SSL3_FLAGS_POP_BUFFER;
-+                                              s->s3->delay_buf_pop_ret=0;
-+                                              }
-+                                      else
-+                                              {
-+                                              s->s3->tmp.next_state=SSL3_ST_CUTTHROUGH_COMPLETE;
-+                                              }
-+                                      }
-                               else
-+                                      {
-+#ifndef OPENSSL_NO_TLSEXT
-+                                      /* Allow NewSessionTicket if ticket expected */
-+                                      if (s->tlsext_ticket_expected)
-+                                              s->s3->tmp.next_state=SSL3_ST_CR_SESSION_TICKET_A;
-+                                      else
- #endif
--                              
--                              s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
-+                                              s->s3->tmp.next_state=SSL3_ST_CR_FINISHED_A;
-+                                      }
-                               }
-                       s->init_num=0;
-                       break;
-@@ -512,6 +541,24 @@ int ssl3_connect(SSL *s)
-                       s->state=s->s3->tmp.next_state;
-                       break;
- 
-+              case SSL3_ST_CUTTHROUGH_COMPLETE:
-+#ifndef OPENSSL_NO_TLSEXT
-+                      /* Allow NewSessionTicket if ticket expected */
-+                      if (s->tlsext_ticket_expected)
-+                              s->state=SSL3_ST_CR_SESSION_TICKET_A;
-+                      else
-+#endif
-+                              s->state=SSL3_ST_CR_FINISHED_A;
-+
-+                      /* SSL_write() will take care of flushing buffered data if
-+                       * DELAY_CLIENT_FINISHED is set.
-+                       */
-+                      if (!(s->s3->flags & SSL3_FLAGS_DELAY_CLIENT_FINISHED))
-+                              ssl_free_wbio_buffer(s);
-+                      ret = 1;
-+                      goto end;
-+                      /* break; */
-+
-               case SSL_ST_OK:
-                       /* clean a few things up */
-                       ssl3_cleanup_key_block(s);
-diff -uarp openssl-1.0.0.orig/ssl/s3_lib.c openssl-1.0.0/ssl/s3_lib.c
--- openssl-1.0.0.orig/ssl/s3_lib.c     2009-10-16 11:24:19.000000000 -0400
-+++ openssl-1.0.0/ssl/s3_lib.c  2010-04-21 14:39:49.000000000 -0400
-@@ -2551,9 +2551,22 @@ int ssl3_write(SSL *s, const void *buf, 
- 
- static int ssl3_read_internal(SSL *s, void *buf, int len, int peek)
-       {
--      int ret;
-+      int n,ret;
-       
-       clear_sys_error();
-+      if ((s->s3->flags & SSL3_FLAGS_POP_BUFFER) && (s->wbio == s->bbio))
-+              {
-+              /* Deal with an application that calls SSL_read() when handshake data
-+               * is yet to be written.
-+               */
-+              if (BIO_wpending(s->wbio) > 0)
-+                      {
-+                      s->rwstate=SSL_WRITING;
-+                      n=BIO_flush(s->wbio);
-+                      if (n <= 0) return(n);
-+                      s->rwstate=SSL_NOTHING;
-+                      }
-+              }
-       if (s->s3->renegotiate) ssl3_renegotiate_check(s);
-       s->s3->in_read_app_data=1;
-       ret=s->method->ssl_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
-diff -uarp openssl-1.0.0.orig/ssl/ssl.h openssl-1.0.0/ssl/ssl.h
---- openssl-1.0.0.orig/ssl/ssl.h       2010-01-06 12:37:38.000000000 -0500
-+++ openssl-1.0.0/ssl/ssl.h    2010-04-21 16:57:49.000000000 -0400
-@@ -605,6 +605,10 @@ typedef struct ssl_session_st
- /* Use small read and write buffers: (a) lazy allocate read buffers for
-  * large incoming records, and (b) limit the size of outgoing records. */
- #define SSL_MODE_SMALL_BUFFERS 0x00000020L
-+/* When set, clients may send application data before receipt of CCS
-+ * and Finished.  This mode enables full-handshakes to 'complete' in
-+ * one RTT. */
-+#define SSL_MODE_HANDSHAKE_CUTTHROUGH 0x00000040L
-
- /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
-  * they cannot be used to clear bits. */
-@@ -1097,10 +1101,12 @@ extern "C" {
- /* Is the SSL_connection established? */
- #define SSL_get_state(a)              SSL_state(a)
- #define SSL_is_init_finished(a)               (SSL_state(a) == SSL_ST_OK)
--#define SSL_in_init(a)                        (SSL_state(a)&SSL_ST_INIT)
-+#define SSL_in_init(a)                        ((SSL_state(a)&SSL_ST_INIT) && \
-+                                  !SSL_cutthrough_complete(a))
- #define SSL_in_before(a)              (SSL_state(a)&SSL_ST_BEFORE)
- #define SSL_in_connect_init(a)                (SSL_state(a)&SSL_ST_CONNECT)
- #define SSL_in_accept_init(a)         (SSL_state(a)&SSL_ST_ACCEPT)
-+int SSL_cutthrough_complete(const SSL *s);
- 
- /* The following 2 states are kept in ssl->rstate when reads fail,
-  * you should not need these */
-Only in openssl-1.0.0/ssl: ssl.h.orig
-diff -uarp openssl-1.0.0.orig/ssl/ssl3.h openssl-1.0.0/ssl/ssl3.h
--- openssl-1.0.0.orig/ssl/ssl3.h       2010-01-06 12:37:38.000000000 -0500
-+++ openssl-1.0.0/ssl/ssl3.h   2010-04-21 14:39:49.000000000 -0400
-@@ -456,6 +456,7 @@ typedef struct ssl3_state_st
- /*client */
- /* extra state */
- #define SSL3_ST_CW_FLUSH              (0x100|SSL_ST_CONNECT)
-+#define SSL3_ST_CUTTHROUGH_COMPLETE   (0x101|SSL_ST_CONNECT)
- /* write to server */
- #define SSL3_ST_CW_CLNT_HELLO_A               (0x110|SSL_ST_CONNECT)
- #define SSL3_ST_CW_CLNT_HELLO_B               (0x111|SSL_ST_CONNECT)
-diff -uarp openssl-1.0.0.orig/ssl/ssl_lib.c openssl-1.0.0/ssl/ssl_lib.c
---- openssl-1.0.0.orig/ssl/ssl_lib.c   2010-02-17 14:43:46.000000000 -0500
-+++ openssl-1.0.0/ssl/ssl_lib.c        2010-04-21 17:02:45.000000000 -0400
-@@ -3031,6 +3031,19 @@ void SSL_set_msg_callback(SSL *ssl, void
-       SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
-       }
-
-+int SSL_cutthrough_complete(const SSL *s)
-+      {
-+      return (!s->server &&                 /* cutthrough only applies to clients */
-+              !s->hit &&                        /* full-handshake */
-+              s->version >= SSL3_VERSION &&
-+              s->s3->in_read_app_data == 0 &&   /* cutthrough only applies to write() */
-+              (SSL_get_mode((SSL*)s) & SSL_MODE_HANDSHAKE_CUTTHROUGH) &&  /* cutthrough enabled */
-+              SSL_get_cipher_bits(s, NULL) >= 128 &&                      /* strong cipher choosen */
-+              s->s3->previous_server_finished_len == 0 &&                 /* not a renegotiation handshake */
-+              (s->state == SSL3_ST_CR_SESSION_TICKET_A ||                 /* ready to write app-data*/
-+                      s->state == SSL3_ST_CR_FINISHED_A));
-+      }
-+
- /* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
-  * vairable, freeing  EVP_MD_CTX previously stored in that variable, if
-  * any. If EVP_MD pointer is passed, initializes ctx with this md
-diff -uarp openssl-1.0.0.orig/ssl/ssltest.c openssl-1.0.0/ssl/ssltest.c
---- openssl-1.0.0.orig/ssl/ssltest.c   2010-01-24 11:57:38.000000000 -0500
-+++ openssl-1.0.0/ssl/ssltest.c        2010-04-21 17:06:35.000000000 -0400
-@@ -279,6 +279,7 @@ static void sv_usage(void)
-       fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
-       fprintf(stderr," -c_small_records - enable client side use of small SSL record buffers\n");
-       fprintf(stderr," -s_small_records - enable server side use of small SSL record buffers\n");
-+      fprintf(stderr," -cutthrough      - enable 1-RTT full-handshake for strong ciphers\n");
-       }
- 
- static void print_details(SSL *c_ssl, const char *prefix)
-@@ -436,6 +437,7 @@ int main(int argc, char *argv[])
-       int ssl_mode = 0;
-       int c_small_records=0;
-       int s_small_records=0;
-+      int cutthrough = 0;
- 
-       verbose = 0;
-       debug = 0;
-@@ -632,6 +634,10 @@ int main(int argc, char *argv[])
-                       {
-                       s_small_records = 1;
-                       }
-+              else if (strcmp(*argv, "-cutthrough") == 0)
-+                      {
-+                      cutthrough = 1;
-+                      }
-               else
-                       {
-                       fprintf(stderr,"unknown option %s\n",*argv);
-@@ -782,6 +788,13 @@ bad:
-               ssl_mode |= SSL_MODE_SMALL_BUFFERS;
-               SSL_CTX_set_mode(s_ctx, ssl_mode);
-               }
-+      ssl_mode = 0;
-+      if (cutthrough)
-+              {
-+              ssl_mode = SSL_CTX_get_mode(c_ctx);
-+              ssl_mode = SSL_MODE_HANDSHAKE_CUTTHROUGH;
-+              SSL_CTX_set_mode(c_ctx, ssl_mode);
-+              }
- 
- #ifndef OPENSSL_NO_DH
-       if (!no_dhe)
-diff -uarp openssl-1.0.0.orig/test/testssl openssl-1.0.0/test/testssl
---- openssl-1.0.0.orig/test/testssl    2006-03-10 18:06:27.000000000 -0500
-+++ openssl-1.0.0/test/testssl 2010-04-21 16:50:13.000000000 -0400
-@@ -79,6 +79,8 @@ $ssltest -server_auth -client_auth -s_sm
- echo test sslv2/sslv3 with both client and server authentication and small client and server buffers
- $ssltest -server_auth -client_auth -c_small_records -s_small_records $CA $extra || exit 1
- 
-+echo test sslv2/sslv3 with both client and server authentication and handshake cutthrough
-+$ssltest -server_auth -client_auth -cutthrough $CA $extra || exit 1
- 
- echo test sslv2 via BIO pair
- $ssltest -bio_pair -ssl2 $extra || exit 1

diff --git a/deps/openssl/patches/jsse.patch b/deps/openssl/patches/jsse.patch
deleted file mode 100644 (file)
index 249fb5b..0000000
--- a/deps/openssl/patches/jsse.patch
+++ /dev/null
@@ -1,426 +0,0 @@
---- openssl-1.0.0b.orig/ssl/ssl.h      2010-11-30 00:03:46.000000000 +0000
-+++ openssl-1.0.0b/ssl/ssl.h   2010-11-30 00:03:47.000000000 +0000
-@@ -1133,6 +1133,9 @@ struct ssl_st
-       /* This can also be in the session once a session is established */
-       SSL_SESSION *session;
- 
-+        /* This can be disabled to prevent the use of uncached sessions */
-+      int session_creation_enabled;
-+
-       /* Default generate session ID callback. */
-       GEN_SESSION_CB generate_session_id;
- 
-@@ -1546,6 +1549,7 @@ const SSL_CIPHER *SSL_get_current_cipher
- int   SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
- char *        SSL_CIPHER_get_version(const SSL_CIPHER *c);
- const char *  SSL_CIPHER_get_name(const SSL_CIPHER *c);
-+const char *  SSL_CIPHER_authentication_method(const SSL_CIPHER *c);
- 
- int   SSL_get_fd(const SSL *s);
- int   SSL_get_rfd(const SSL *s);
-@@ -1554,6 +1558,7 @@ const char  * SSL_get_cipher_list(const 
- char *        SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
- int   SSL_get_read_ahead(const SSL * s);
- int   SSL_pending(const SSL *s);
-+const char *  SSL_authentication_method(const SSL *c);
- #ifndef OPENSSL_NO_SOCK
- int   SSL_set_fd(SSL *s, int fd);
- int   SSL_set_rfd(SSL *s, int fd);
-@@ -1565,6 +1570,7 @@ BIO *    SSL_get_rbio(const SSL *s);
- BIO * SSL_get_wbio(const SSL *s);
- #endif
- int   SSL_set_cipher_list(SSL *s, const char *str);
-+int   SSL_set_cipher_lists(SSL *s, STACK_OF(SSL_CIPHER) *sk);
- void  SSL_set_read_ahead(SSL *s, int yes);
- int   SSL_get_verify_mode(const SSL *s);
- int   SSL_get_verify_depth(const SSL *s);
-@@ -1580,6 +1586,8 @@ int      SSL_use_PrivateKey(SSL *ssl, EVP_PKE
- int   SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
- int   SSL_use_certificate(SSL *ssl, X509 *x);
- int   SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
-+int   SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain);
-+STACK_OF(X509) * SSL_get_certificate_chain(SSL *ssl, X509 *x);
- 
- #ifndef OPENSSL_NO_STDIO
- int   SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
-@@ -1615,6 +1623,7 @@ void     SSL_copy_session_id(SSL *to,const S
- SSL_SESSION *SSL_SESSION_new(void);
- const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
-                                       unsigned int *len);
-+const char *  SSL_SESSION_get_version(const SSL_SESSION *s);
- #ifndef OPENSSL_NO_FP_API
- int   SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
- #endif
-@@ -1624,6 +1633,7 @@ int      SSL_SESSION_print(BIO *fp,const SSL_
- void  SSL_SESSION_free(SSL_SESSION *ses);
- int   i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
- int   SSL_set_session(SSL *to, SSL_SESSION *session);
-+void  SSL_set_session_creation_enabled(SSL *, int);
- int   SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
- int   SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
- int   SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
-@@ -2066,6 +2076,7 @@ void ERR_load_SSL_strings(void);
- #define SSL_F_SSL_UNDEFINED_VOID_FUNCTION              244
- #define SSL_F_SSL_USE_CERTIFICATE                      198
- #define SSL_F_SSL_USE_CERTIFICATE_ASN1                         199
-+#define SSL_F_SSL_USE_CERTIFICATE_CHAIN                        2000
- #define SSL_F_SSL_USE_CERTIFICATE_FILE                         200
- #define SSL_F_SSL_USE_PRIVATEKEY                       201
- #define SSL_F_SSL_USE_PRIVATEKEY_ASN1                  202
-@@ -2272,6 +2283,7 @@ void ERR_load_SSL_strings(void);
- #define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING                 345
- #define SSL_R_SERVERHELLO_TLSEXT                       275
- #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED                 277
-+#define SSL_R_SESSION_MAY_NOT_BE_CREATED               2000
- #define SSL_R_SHORT_READ                               219
- #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE    220
- #define SSL_R_SSL23_DOING_SESSION_ID_REUSE             221
---- openssl-1.0.0b.orig/ssl/d1_clnt.c  2010-01-26 19:46:29.000000000 +0000
-+++ openssl-1.0.0b/ssl/d1_clnt.c       2010-11-30 00:03:47.000000000 +0000
-@@ -613,6 +613,12 @@ int dtls1_client_hello(SSL *s)
- #endif
-                       (s->session->not_resumable))
-                       {
-+                      if (!s->session_creation_enabled)
-+                              {
-+                              ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-+                              SSLerr(SSL_F_DTLS1_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-+                              goto err;
-+                              }
-                       if (!ssl_get_new_session(s,0))
-                               goto err;
-                       }
---- openssl-1.0.0b.orig/ssl/s23_clnt.c 2010-02-16 14:20:40.000000000 +0000
-+++ openssl-1.0.0b/ssl/s23_clnt.c      2010-11-30 00:03:47.000000000 +0000
-@@ -687,6 +687,13 @@ static int ssl23_get_server_hello(SSL *s
- 
-       /* Since, if we are sending a ssl23 client hello, we are not
-        * reusing a session-id */
-+        if (!s->session_creation_enabled)
-+              {
-+              if (!(s->client_version == SSL2_VERSION))
-+                      ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-+              SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-+              goto err;
-+              }
-       if (!ssl_get_new_session(s,0))
-               goto err;
- 
---- openssl-1.0.0b.orig/ssl/s3_both.c  2010-11-30 00:03:46.000000000 +0000
-+++ openssl-1.0.0b/ssl/s3_both.c       2010-11-30 00:03:47.000000000 +0000
-@@ -347,8 +347,11 @@ unsigned long ssl3_output_cert_chain(SSL
-       unsigned long l=7;
-       BUF_MEM *buf;
-       int no_chain;
-+      STACK_OF(X509) *cert_chain;
- 
--      if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
-+      cert_chain = SSL_get_certificate_chain(s, x);
-+
-+      if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs || cert_chain)
-               no_chain = 1;
-       else
-               no_chain = 0;
-@@ -400,6 +403,10 @@ unsigned long ssl3_output_cert_chain(SSL
-                       return(0);
-               }
- 
-+      for (i=0; i<sk_X509_num(cert_chain); i++)
-+              if (ssl3_add_cert_to_buf(buf, &l, sk_X509_value(cert_chain,i)))
-+                      return(0);
-+
-       l-=7;
-       p=(unsigned char *)&(buf->data[4]);
-       l2n3(l,p);
---- openssl-1.0.0b.orig/ssl/s3_clnt.c  2010-11-30 00:03:46.000000000 +0000
-+++ openssl-1.0.0b/ssl/s3_clnt.c       2010-11-30 00:03:47.000000000 +0000
-@@ -686,6 +686,12 @@ int ssl3_client_hello(SSL *s)
- #endif
-                       (sess->not_resumable))
-                       {
-+                      if (!s->session_creation_enabled)
-+                              {
-+                              ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-+                              SSLerr(SSL_F_SSL3_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-+                              goto err;
-+                              }
-                       if (!ssl_get_new_session(s,0))
-                               goto err;
-                       }
-@@ -894,6 +900,12 @@ int ssl3_get_server_hello(SSL *s)
-               s->hit=0;
-               if (s->session->session_id_length > 0)
-                       {
-+                      if (!s->session_creation_enabled)
-+                              {
-+                              ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-+                              SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-+                              goto err;
-+                              }
-                       if (!ssl_get_new_session(s,0))
-                               {
-                               al=SSL_AD_INTERNAL_ERROR;
---- openssl-1.0.0b.orig/ssl/s3_srvr.c  2010-11-30 00:03:46.000000000 +0000
-+++ openssl-1.0.0b/ssl/s3_srvr.c       2010-11-30 00:03:47.000000000 +0000
-@@ -902,6 +902,12 @@ int ssl3_get_client_hello(SSL *s)
-        */
-       if ((s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
-               {
-+              if (!s->session_creation_enabled)
-+                      {
-+                      ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-+                      SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-+                      goto err;
-+              }
-               if (!ssl_get_new_session(s,1))
-                       goto err;
-               }
-@@ -916,6 +922,12 @@ int ssl3_get_client_hello(SSL *s)
-                       goto err;
-               else /* i == 0 */
-                       {
-+                      if (!s->session_creation_enabled)
-+                              {
-+                              ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE);
-+                              SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_SESSION_MAY_NOT_BE_CREATED);
-+                              goto err;
-+                              }
-                       if (!ssl_get_new_session(s,1))
-                               goto err;
-                       }
---- openssl-1.0.0b.orig/ssl/ssl_ciph.c 2010-06-15 17:25:14.000000000 +0000
-+++ openssl-1.0.0b/ssl/ssl_ciph.c      2010-11-30 00:03:47.000000000 +0000
-@@ -1652,6 +1652,52 @@ int SSL_CIPHER_get_bits(const SSL_CIPHER
-       return(ret);
-       }
- 
-+/* return string version of key exchange algorithm */
-+const char* SSL_CIPHER_authentication_method(const SSL_CIPHER* cipher)
-+      {
-+      switch (cipher->algorithm_mkey)
-+              {
-+      case SSL_kRSA:
-+              return SSL_TXT_RSA;
-+      case SSL_kDHr:
-+              return SSL_TXT_DH "_" SSL_TXT_RSA;
-+      case SSL_kDHd:
-+              return SSL_TXT_DH "_" SSL_TXT_DSS;
-+      case SSL_kEDH:
-+              switch (cipher->algorithm_auth)
-+                      {
-+              case SSL_aDSS:
-+                      return "DHE_" SSL_TXT_DSS;
-+              case SSL_aRSA:
-+                      return "DHE_" SSL_TXT_RSA;
-+              case SSL_aNULL:
-+                      return SSL_TXT_DH "_anon";
-+              default:
-+                      return "UNKNOWN";
-+                        }
-+      case SSL_kKRB5:
-+              return SSL_TXT_KRB5;
-+      case SSL_kECDHr:
-+              return SSL_TXT_ECDH "_" SSL_TXT_RSA;
-+      case SSL_kECDHe:
-+              return SSL_TXT_ECDH "_" SSL_TXT_ECDSA;
-+      case SSL_kEECDH:
-+              switch (cipher->algorithm_auth)
-+                      {
-+              case SSL_aECDSA:
-+                      return "ECDHE_" SSL_TXT_ECDSA;
-+              case SSL_aRSA:
-+                      return "ECDHE_" SSL_TXT_RSA;
-+              case SSL_aNULL:
-+                      return SSL_TXT_ECDH "_anon";
-+              default:
-+                      return "UNKNOWN";
-+                        }
-+        default:
-+              return "UNKNOWN";
-+              }
-+      }
-+
- SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
-       {
-       SSL_COMP *ctmp;
---- openssl-1.0.0b.orig/ssl/ssl_err.c  2010-11-30 00:03:46.000000000 +0000
-+++ openssl-1.0.0b/ssl/ssl_err.c       2010-11-30 00:03:47.000000000 +0000
-@@ -465,6 +465,7 @@ static ERR_STRING_DATA SSL_str_reasons[]
- {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),"scsv received when renegotiating"},
- {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT)    ,"serverhello tlsext"},
- {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),"session id context uninitialized"},
-+{ERR_REASON(SSL_R_SESSION_MAY_NOT_BE_CREATED),"session may not be created"},
- {ERR_REASON(SSL_R_SHORT_READ)            ,"short read"},
- {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),"signature for non signing certificate"},
- {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE),"ssl23 doing session id reuse"},
---- openssl-1.0.0b.orig/ssl/ssl_lib.c  2010-11-30 00:03:46.000000000 +0000
-+++ openssl-1.0.0b/ssl/ssl_lib.c       2010-11-30 00:03:47.000000000 +0000
-@@ -326,6 +326,7 @@ SSL *SSL_new(SSL_CTX *ctx)
-       OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
-       memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx));
-       s->verify_callback=ctx->default_verify_callback;
-+      s->session_creation_enabled=1;
-       s->generate_session_id=ctx->generate_session_id;
- 
-       s->param = X509_VERIFY_PARAM_new();
-@@ -1311,6 +1312,32 @@ int SSL_set_cipher_list(SSL *s,const cha
-       return 1;
-       }
- 
-+/** specify the ciphers to be used by the SSL */
-+int SSL_set_cipher_lists(SSL *s,STACK_OF(SSL_CIPHER) *sk)
-+      {
-+      STACK_OF(SSL_CIPHER) *tmp_cipher_list;
-+
-+      if (sk == NULL)
-+              return 0;
-+
-+        /* Based on end of ssl_create_cipher_list */
-+      tmp_cipher_list = sk_SSL_CIPHER_dup(sk);
-+      if (tmp_cipher_list == NULL)
-+              {
-+              return 0;
-+              }
-+      if (s->cipher_list != NULL)
-+              sk_SSL_CIPHER_free(s->cipher_list);
-+      s->cipher_list = sk;
-+      if (s->cipher_list_by_id != NULL)
-+              sk_SSL_CIPHER_free(s->cipher_list_by_id);
-+      s->cipher_list_by_id = tmp_cipher_list;
-+      (void)sk_SSL_CIPHER_set_cmp_func(s->cipher_list_by_id,ssl_cipher_ptr_id_cmp);
-+
-+      sk_SSL_CIPHER_sort(s->cipher_list_by_id);
-+      return 1;
-+      }
-+
- /* works well for SSLv2, not so good for SSLv3 */
- char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len)
-       {
-@@ -2551,18 +2578,45 @@ SSL_METHOD *ssl_bad_method(int ver)
-       return(NULL);
-       }
- 
--const char *SSL_get_version(const SSL *s)
-+static const char *ssl_get_version(int version)
-       {
--      if (s->version == TLS1_VERSION)
-+      if (version == TLS1_VERSION)
-               return("TLSv1");
--      else if (s->version == SSL3_VERSION)
-+      else if (version == SSL3_VERSION)
-               return("SSLv3");
--      else if (s->version == SSL2_VERSION)
-+      else if (version == SSL2_VERSION)
-               return("SSLv2");
-       else
-               return("unknown");
-       }
- 
-+const char *SSL_get_version(const SSL *s)
-+      {
-+              return ssl_get_version(s->version);
-+      }
-+
-+const char *SSL_SESSION_get_version(const SSL_SESSION *s)
-+      {
-+              return ssl_get_version(s->ssl_version);
-+      }
-+
-+const char* SSL_authentication_method(const SSL* ssl)
-+      {
-+      if (ssl->cert != NULL && ssl->cert->rsa_tmp != NULL)
-+              return SSL_TXT_RSA "_" SSL_TXT_EXPORT;
-+      switch (ssl->version)
-+              {
-+      case SSL2_VERSION:
-+              return SSL_TXT_RSA;
-+      case SSL3_VERSION:
-+      case TLS1_VERSION:
-+      case DTLS1_VERSION:
-+              return SSL_CIPHER_authentication_method(ssl->s3->tmp.new_cipher);
-+      default:
-+              return "UNKNOWN";
-+              }
-+      }
-+
- SSL *SSL_dup(SSL *s)
-       {
-       STACK_OF(X509_NAME) *sk;
---- openssl-1.0.0b.orig/ssl/ssl_locl.h 2010-11-30 00:03:46.000000000 +0000
-+++ openssl-1.0.0b/ssl/ssl_locl.h      2010-11-30 00:03:47.000000000 +0000
-@@ -456,6 +456,7 @@
- typedef struct cert_pkey_st
-       {
-       X509 *x509;
-+      STACK_OF(X509) *cert_chain;
-       EVP_PKEY *privatekey;
-       } CERT_PKEY;
- 
---- openssl-1.0.0b.orig/ssl/ssl_rsa.c  2009-09-12 23:09:26.000000000 +0000
-+++ openssl-1.0.0b/ssl/ssl_rsa.c       2010-11-30 00:03:47.000000000 +0000
-@@ -697,6 +697,42 @@ int SSL_CTX_use_PrivateKey_ASN1(int type
-       }
- 
- 
-+int SSL_use_certificate_chain(SSL *ssl, STACK_OF(X509) *cert_chain)
-+      {
-+      if (ssl == NULL)
-+              {
-+              SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,ERR_R_PASSED_NULL_PARAMETER);
-+              return(0);
-+              }
-+      if (ssl->cert == NULL)
-+              {
-+              SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,SSL_R_NO_CERTIFICATE_ASSIGNED);
-+              return(0);
-+              }
-+      if (ssl->cert->key == NULL)
-+              {
-+              SSLerr(SSL_F_SSL_USE_CERTIFICATE_CHAIN,SSL_R_NO_CERTIFICATE_ASSIGNED);
-+              return(0);
-+              }
-+      ssl->cert->key->cert_chain = cert_chain;
-+      return(1);
-+      }
-+
-+STACK_OF(X509) *SSL_get_certificate_chain(SSL *ssl, X509 *x)
-+      {
-+      int i;
-+      if (x == NULL)
-+              return NULL;
-+      if (ssl == NULL)
-+              return NULL;
-+      if (ssl->cert == NULL)
-+              return NULL;
-+      for (i = 0; i < SSL_PKEY_NUM; i++)
-+              if (ssl->cert->pkeys[i].x509 == x)
-+                      return ssl->cert->pkeys[i].cert_chain;
-+      return NULL;
-+      }
-+
- #ifndef OPENSSL_NO_STDIO
- /* Read a file that contains our certificate in "PEM" format,
-  * possibly followed by a sequence of CA certificates that should be
---- openssl-1.0.0b.orig/ssl/ssl_sess.c 2010-02-01 16:49:42.000000000 +0000
-+++ openssl-1.0.0b/ssl/ssl_sess.c      2010-11-30 00:03:47.000000000 +0000
-@@ -261,6 +261,11 @@ static int def_generate_session_id(const
-       return 0;
- }
- 
-+void SSL_set_session_creation_enabled (SSL *s, int creation_enabled)
-+      {
-+      s->session_creation_enabled = creation_enabled;
-+      }
-+
- int ssl_get_new_session(SSL *s, int session)
-       {
-       /* This gets used by clients and servers. */
-@@ -269,6 +274,8 @@ int ssl_get_new_session(SSL *s, int sess
-       SSL_SESSION *ss=NULL;
-       GEN_SESSION_CB cb = def_generate_session_id;
- 
-+      /* caller should check this if they can do better error handling */
-+        if (!s->session_creation_enabled) return(0);
-       if ((ss=SSL_SESSION_new()) == NULL) return(0);
- 
-       /* If the context has a default timeout, use it */

diff --git a/deps/openssl/patches/npn.patch b/deps/openssl/patches/npn.patch
deleted file mode 100644 (file)
index 46b7a7d..0000000
--- a/deps/openssl/patches/npn.patch
+++ /dev/null
@@ -1,1293 +0,0 @@
---- openssl-1.0.0b.orig/apps/apps.c    2010-11-11 14:42:19.000000000 +0000
-+++ openssl-1.0.0b/apps/apps.c 2010-11-29 19:56:04.902465346 +0000
-@@ -3012,3 +3012,46 @@ int raw_write_stdout(const void *buf,int
- int raw_write_stdout(const void *buf,int siz)
-       {       return write(fileno(stdout),buf,siz);   }
- #endif
-+
-+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-+/* next_protos_parse parses a comma separated list of strings into a string
-+ * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
-+ *   outlen: (output) set to the length of the resulting buffer on success.
-+ *   in: a NUL termianted string like "abc,def,ghi"
-+ *
-+ *   returns: a malloced buffer or NULL on failure.
-+ */
-+unsigned char *next_protos_parse(unsigned short *outlen, const char *in)
-+      {
-+      size_t len;
-+      unsigned char *out;
-+      size_t i, start = 0;
-+
-+      len = strlen(in);
-+      if (len >= 65535)
-+              return NULL;
-+
-+      out = OPENSSL_malloc(strlen(in) + 1);
-+      if (!out)
-+              return NULL;
-+
-+      for (i = 0; i <= len; ++i)
-+              {
-+              if (i == len || in[i] == ',')
-+                      {
-+                      if (i - start > 255)
-+                              {
-+                              OPENSSL_free(out);
-+                              return NULL;
-+                              }
-+                      out[start] = i - start;
-+                      start = i + 1;
-+                      }
-+              else
-+                      out[i+1] = in[i];
-+              }
-+
-+      *outlen = len + 1;
-+      return out;
-+      }
-+#endif  /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */
---- openssl-1.0.0b.orig/apps/apps.h    2009-10-31 13:34:19.000000000 +0000
-+++ openssl-1.0.0b/apps/apps.h 2010-11-29 19:56:04.902465346 +0000
-@@ -358,3 +358,7 @@ int raw_write_stdout(const void *,int);
- #define TM_STOP               1
- double app_tminterval (int stop,int usertime);
- #endif
-+
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
-+#endif
---- openssl-1.0.0b.orig/apps/s_client.c        2010-11-29 19:56:04.832465351 +0000
-+++ openssl-1.0.0b/apps/s_client.c     2010-11-29 19:56:04.902465346 +0000
-@@ -342,6 +342,9 @@ static void sc_usage(void)
-       BIO_printf(bio_err," -tlsextdebug      - hex dump of all TLS extensions received\n");
-       BIO_printf(bio_err," -status           - request certificate status from server\n");
-       BIO_printf(bio_err," -no_ticket        - disable use of RFC4507bis session tickets\n");
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+      BIO_printf(bio_err," -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
-+# endif
-       BIO_printf(bio_err," -cutthrough       - enable 1-RTT full-handshake for strong ciphers\n");
- #endif
-       BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
-@@ -367,6 +370,40 @@ static int MS_CALLBACK ssl_servername_cb
-       
-       return SSL_TLSEXT_ERR_OK;
-       }
-+
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+/* This the context that we pass to next_proto_cb */
-+typedef struct tlsextnextprotoctx_st {
-+      unsigned char *data;
-+      unsigned short len;
-+      int status;
-+} tlsextnextprotoctx;
-+
-+static tlsextnextprotoctx next_proto;
-+
-+static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg)
-+      {
-+      tlsextnextprotoctx *ctx = arg;
-+
-+      if (!c_quiet)
-+              {
-+              /* We can assume that |in| is syntactically valid. */
-+              unsigned i;
-+              BIO_printf(bio_c_out, "Protocols advertised by server: ");
-+              for (i = 0; i < inlen; )
-+                      {
-+                      if (i)
-+                              BIO_write(bio_c_out, ", ", 2);
-+                      BIO_write(bio_c_out, &in[i + 1], in[i]);
-+                      i += in[i] + 1;
-+                      }
-+              BIO_write(bio_c_out, "\n", 1);
-+              }
-+
-+      ctx->status = SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
-+      return SSL_TLSEXT_ERR_OK;
-+      }
-+# endif  /* ndef OPENSSL_NO_NEXTPROTONEG */
- #endif
- 
- enum
-@@ -431,6 +468,9 @@ int MAIN(int argc, char **argv)
-       char *servername = NULL; 
-         tlsextctx tlsextcbp = 
-         {NULL,0};
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+      const char *next_proto_neg_in = NULL;
-+# endif
- #endif
-       char *sess_in = NULL;
-       char *sess_out = NULL;
-@@ -658,6 +698,13 @@ int MAIN(int argc, char **argv)
- #ifndef OPENSSL_NO_TLSEXT
-               else if (strcmp(*argv,"-no_ticket") == 0)
-                       { off|=SSL_OP_NO_TICKET; }
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+              else if (strcmp(*argv,"-nextprotoneg") == 0)
-+                      {
-+                      if (--argc < 1) goto bad;
-+                      next_proto_neg_in = *(++argv);
-+                      }
-+# endif
- #endif
-               else if (strcmp(*argv,"-cutthrough") == 0)
-                       cutthrough=1;
-@@ -766,6 +813,21 @@ bad:
-       OpenSSL_add_ssl_algorithms();
-       SSL_load_error_strings();
- 
-+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-+      next_proto.status = -1;
-+      if (next_proto_neg_in)
-+              {
-+              next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in);
-+              if (next_proto.data == NULL)
-+                      {
-+                      BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n");
-+                      goto end;
-+                      }
-+              }
-+      else
-+              next_proto.data = NULL;
-+#endif
-+
- #ifndef OPENSSL_NO_ENGINE
-         e = setup_engine(bio_err, engine_id, 1);
-       if (ssl_client_engine_id)
-@@ -896,6 +958,11 @@ bad:
-               SSL_CTX_set_mode(ctx, ssl_mode);
-               }
- 
-+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-+      if (next_proto.data)
-+              SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
-+#endif
-+
-       if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
-       if (cipher != NULL)
-               if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
-@@ -1755,6 +1822,18 @@ static void print_stuff(BIO *bio, SSL *s
-       BIO_printf(bio,"Expansion: %s\n",
-               expansion ? SSL_COMP_get_name(expansion) : "NONE");
- #endif
-+
-+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-+      if (next_proto.status != -1) {
-+              const unsigned char *proto;
-+              unsigned int proto_len;
-+              SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
-+              BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
-+              BIO_write(bio, proto, proto_len);
-+              BIO_write(bio, "\n", 1);
-+      }
-+#endif
-+
-       SSL_SESSION_print(bio,SSL_get_session(s));
-       BIO_printf(bio,"---\n");
-       if (peer != NULL)
---- openssl-1.0.0b.orig/apps/s_server.c        2010-06-15 17:25:02.000000000 +0000
-+++ openssl-1.0.0b/apps/s_server.c     2010-11-29 19:56:04.902465346 +0000
-@@ -492,6 +492,9 @@ static void sv_usage(void)
-       BIO_printf(bio_err," -tlsextdebug  - hex dump of all TLS extensions received\n");
-       BIO_printf(bio_err," -no_ticket    - disable use of RFC4507bis session tickets\n");
-       BIO_printf(bio_err," -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+      BIO_printf(bio_err," -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
-+# endif
- #endif
-       }
- 
-@@ -826,6 +829,24 @@ BIO_printf(err, "cert_status: received %
-       ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-       goto done;
-       }
-+
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+/* This is the context that we pass to next_proto_cb */
-+typedef struct tlsextnextprotoctx_st {
-+      unsigned char *data;
-+      unsigned int len;
-+} tlsextnextprotoctx;
-+
-+static int next_proto_cb(SSL *s, const unsigned char **data, unsigned int *len, void *arg)
-+      {
-+      tlsextnextprotoctx *next_proto = arg;
-+
-+      *data = next_proto->data;
-+      *len = next_proto->len;
-+
-+      return SSL_TLSEXT_ERR_OK;
-+      }
-+# endif  /* ndef OPENSSL_NO_NPN */
- #endif
- 
- int MAIN(int, char **);
-@@ -867,6 +888,10 @@ int MAIN(int argc, char *argv[])
- #endif
- #ifndef OPENSSL_NO_TLSEXT
-         tlsextctx tlsextcbp = {NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING};
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+      const char *next_proto_neg_in = NULL;
-+      tlsextnextprotoctx next_proto;
-+# endif
- #endif
- #ifndef OPENSSL_NO_PSK
-       /* by default do not send a PSK identity hint */
-@@ -1191,7 +1216,13 @@ int MAIN(int argc, char *argv[])
-                       if (--argc < 1) goto bad;
-                       s_key_file2= *(++argv);
-                       }
--                      
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+              else if (strcmp(*argv,"-nextprotoneg") == 0)
-+                      {
-+                      if (--argc < 1) goto bad;
-+                      next_proto_neg_in = *(++argv);
-+                      }
-+# endif
- #endif
- #if !defined(OPENSSL_NO_JPAKE) && !defined(OPENSSL_NO_PSK)
-               else if (strcmp(*argv,"-jpake") == 0)
-@@ -1476,6 +1507,11 @@ bad:
-               if (vpm)
-                       SSL_CTX_set1_param(ctx2, vpm);
-               }
-+
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+      if (next_proto.data)
-+              SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb, &next_proto);
-+# endif
- #endif 
- 
- #ifndef OPENSSL_NO_DH
-@@ -1617,6 +1653,21 @@ bad:
-                                       goto end;
-                                       }
-                               }
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+              if (next_proto_neg_in)
-+                      {
-+                      unsigned short len;
-+                      next_proto.data = next_protos_parse(&len,
-+                              next_proto_neg_in);
-+                      if (next_proto.data == NULL)
-+                              goto end;
-+                      next_proto.len = len;
-+                      }
-+              else
-+                      {
-+                      next_proto.data = NULL;
-+                      }
-+# endif
- #endif
-               RSA_free(rsa);
-               BIO_printf(bio_s_out,"\n");
-@@ -2159,6 +2210,10 @@ static int init_ssl_connection(SSL *con)
-       X509 *peer;
-       long verify_error;
-       MS_STATIC char buf[BUFSIZ];
-+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-+      const unsigned char *next_proto_neg;
-+      unsigned next_proto_neg_len;
-+#endif
- 
-       if ((i=SSL_accept(con)) <= 0)
-               {
-@@ -2198,6 +2253,15 @@ static int init_ssl_connection(SSL *con)
-               BIO_printf(bio_s_out,"Shared ciphers:%s\n",buf);
-       str=SSL_CIPHER_get_name(SSL_get_current_cipher(con));
-       BIO_printf(bio_s_out,"CIPHER is %s\n",(str != NULL)?str:"(NONE)");
-+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-+      SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
-+      if (next_proto_neg)
-+              {
-+              BIO_printf(bio_s_out,"NEXTPROTO is ");
-+              BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
-+              BIO_printf(bio_s_out, "\n");
-+              }
-+#endif
-       if (con->hit) BIO_printf(bio_s_out,"Reused session-id\n");
-       if (SSL_ctrl(con,SSL_CTRL_GET_FLAGS,0,NULL) &
-               TLS1_FLAGS_TLS_PADDING_BUG)
---- openssl-1.0.0b.orig/include/openssl/ssl.h  2010-11-29 19:56:04.846517045 +0000
-+++ openssl-1.0.0b/include/openssl/ssl.h       2010-11-29 19:56:04.965928855 +0000
-@@ -857,6 +857,25 @@ struct ssl_ctx_st
-       /* draft-rescorla-tls-opaque-prf-input-00.txt information */
-       int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
-       void *tlsext_opaque_prf_input_callback_arg;
-+
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+      /* Next protocol negotiation information */
-+      /* (for experimental NPN extension). */
-+
-+      /* For a server, this contains a callback function by which the set of
-+       * advertised protocols can be provided. */
-+      int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
-+                                       unsigned int *len, void *arg);
-+      void *next_protos_advertised_cb_arg;
-+      /* For a client, this contains a callback function that selects the
-+       * next protocol from the list provided by the server. */
-+      int (*next_proto_select_cb)(SSL *s, unsigned char **out,
-+                                  unsigned char *outlen,
-+                                  const unsigned char *in,
-+                                  unsigned int inlen,
-+                                  void *arg);
-+      void *next_proto_select_cb_arg;
-+# endif
- #endif
- 
- #ifndef OPENSSL_NO_PSK
-@@ -928,6 +947,30 @@ int SSL_CTX_set_client_cert_engine(SSL_C
- #endif
- void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
- void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
-+                                         int (*cb) (SSL *ssl,
-+                                                    const unsigned char **out,
-+                                                    unsigned int *outlen,
-+                                                    void *arg), void *arg);
-+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
-+                                    int (*cb) (SSL *ssl, unsigned char **out,
-+                                               unsigned char *outlen,
-+                                               const unsigned char *in,
-+                                               unsigned int inlen, void *arg),
-+                                    void *arg);
-+
-+int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-+                        const unsigned char *in, unsigned int inlen,
-+                        const unsigned char *client, unsigned int client_len);
-+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-+                                  unsigned *len);
-+
-+#define OPENSSL_NPN_UNSUPPORTED       0
-+#define OPENSSL_NPN_NEGOTIATED        1
-+#define OPENSSL_NPN_NO_OVERLAP        2
-+
-+#endif
- 
- #ifndef OPENSSL_NO_PSK
- /* the maximum length of the buffer given to callbacks containing the
-@@ -1187,6 +1230,19 @@ struct ssl_st
-       void *tls_session_secret_cb_arg;
- 
-       SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
-+
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+      /* Next protocol negotiation. For the client, this is the protocol that
-+       * we sent in NextProtocol and is set when handling ServerHello
-+       * extensions.
-+       *
-+       * For a server, this is the client's selected_protocol from
-+       * NextProtocol and is set when handling the NextProtocol message,
-+       * before the Finished message. */
-+      unsigned char *next_proto_negotiated;
-+      unsigned char next_proto_negotiated_len;
-+#endif
-+
- #define session_ctx initial_ctx
- #else
- #define session_ctx ctx
-@@ -1919,6 +1975,7 @@ void ERR_load_SSL_strings(void);
- #define SSL_F_SSL3_GET_KEY_EXCHANGE                    141
- #define SSL_F_SSL3_GET_MESSAGE                                 142
- #define SSL_F_SSL3_GET_NEW_SESSION_TICKET              283
-+#define SSL_F_SSL3_GET_NEXT_PROTO                      304
- #define SSL_F_SSL3_GET_RECORD                          143
- #define SSL_F_SSL3_GET_SERVER_CERTIFICATE              144
- #define SSL_F_SSL3_GET_SERVER_DONE                     145
-@@ -2117,6 +2174,8 @@ void ERR_load_SSL_strings(void);
- #define SSL_R_EXCESSIVE_MESSAGE_SIZE                   152
- #define SSL_R_EXTRA_DATA_IN_MESSAGE                    153
- #define SSL_R_GOT_A_FIN_BEFORE_A_CCS                   154
-+#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS              346
-+#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION                 347
- #define SSL_R_HTTPS_PROXY_REQUEST                      155
- #define SSL_R_HTTP_REQUEST                             156
- #define SSL_R_ILLEGAL_PADDING                          283
---- openssl-1.0.0b.orig/include/openssl/ssl3.h 2010-11-29 19:56:04.832465351 +0000
-+++ openssl-1.0.0b/include/openssl/ssl3.h      2010-11-29 19:56:04.965928855 +0000
-@@ -465,6 +465,12 @@ typedef struct ssl3_state_st
-       void *server_opaque_prf_input;
-       size_t server_opaque_prf_input_len;
- 
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+      /* Set if we saw the Next Protocol Negotiation extension from
-+         our peer. */
-+      int next_proto_neg_seen;
-+#endif
-+
-       struct  {
-               /* actually only needs to be 16+20 */
-               unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
-@@ -557,6 +563,10 @@ typedef struct ssl3_state_st
- #define SSL3_ST_CW_CERT_VRFY_B                (0x191|SSL_ST_CONNECT)
- #define SSL3_ST_CW_CHANGE_A           (0x1A0|SSL_ST_CONNECT)
- #define SSL3_ST_CW_CHANGE_B           (0x1A1|SSL_ST_CONNECT)
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+#define SSL3_ST_CW_NEXT_PROTO_A               (0x200|SSL_ST_CONNECT)
-+#define SSL3_ST_CW_NEXT_PROTO_B               (0x201|SSL_ST_CONNECT)
-+#endif
- #define SSL3_ST_CW_FINISHED_A         (0x1B0|SSL_ST_CONNECT)
- #define SSL3_ST_CW_FINISHED_B         (0x1B1|SSL_ST_CONNECT)
- /* read from server */
-@@ -602,6 +612,10 @@ typedef struct ssl3_state_st
- #define SSL3_ST_SR_CERT_VRFY_B                (0x1A1|SSL_ST_ACCEPT)
- #define SSL3_ST_SR_CHANGE_A           (0x1B0|SSL_ST_ACCEPT)
- #define SSL3_ST_SR_CHANGE_B           (0x1B1|SSL_ST_ACCEPT)
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+#define SSL3_ST_SR_NEXT_PROTO_A               (0x210|SSL_ST_ACCEPT)
-+#define SSL3_ST_SR_NEXT_PROTO_B               (0x211|SSL_ST_ACCEPT)
-+#endif
- #define SSL3_ST_SR_FINISHED_A         (0x1C0|SSL_ST_ACCEPT)
- #define SSL3_ST_SR_FINISHED_B         (0x1C1|SSL_ST_ACCEPT)
- /* write to client */
-@@ -626,6 +640,9 @@ typedef struct ssl3_state_st
- #define SSL3_MT_CLIENT_KEY_EXCHANGE           16
- #define SSL3_MT_FINISHED                      20
- #define SSL3_MT_CERTIFICATE_STATUS            22
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+#define SSL3_MT_NEXT_PROTO                    67
-+#endif
- #define DTLS1_MT_HELLO_VERIFY_REQUEST    3
- 
- 
---- openssl-1.0.0b.orig/include/openssl/tls1.h 2009-11-11 14:51:29.000000000 +0000
-+++ openssl-1.0.0b/include/openssl/tls1.h      2010-11-29 19:56:04.965928855 +0000
-@@ -204,6 +204,11 @@ extern "C" {
- /* Temporary extension type */
- #define TLSEXT_TYPE_renegotiate                 0xff01
- 
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+/* This is not an IANA defined extension number */
-+#define TLSEXT_TYPE_next_proto_neg            13172
-+#endif
-+
- /* NameType value from RFC 3546 */
- #define TLSEXT_NAMETYPE_host_name 0
- /* status request value from RFC 3546 */
---- openssl-1.0.0b.orig/ssl/s3_both.c  2010-11-29 19:56:04.846517045 +0000
-+++ openssl-1.0.0b/ssl/s3_both.c       2010-11-29 19:56:04.965928855 +0000
-@@ -202,15 +202,40 @@ int ssl3_send_finished(SSL *s, int a, in
-       return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-       }
- 
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+/* ssl3_take_mac calculates the Finished MAC for the handshakes messages seen to far. */
-+static void ssl3_take_mac(SSL *s)
-+      {
-+      const char *sender;
-+      int slen;
-+
-+      if (s->state & SSL_ST_CONNECT)
-+              {
-+              sender=s->method->ssl3_enc->server_finished_label;
-+              slen=s->method->ssl3_enc->server_finished_label_len;
-+              }
-+      else
-+              {
-+              sender=s->method->ssl3_enc->client_finished_label;
-+              slen=s->method->ssl3_enc->client_finished_label_len;
-+              }
-+
-+      s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
-+              sender,slen,s->s3->tmp.peer_finish_md);
-+      }
-+#endif
-+
- int ssl3_get_finished(SSL *s, int a, int b)
-       {
-       int al,i,ok;
-       long n;
-       unsigned char *p;
- 
-+#ifdef OPENSSL_NO_NEXTPROTONEG
-       /* the mac has already been generated when we received the
-        * change cipher spec message and is in s->s3->tmp.peer_finish_md
-        */ 
-+#endif
- 
-       n=s->method->ssl_get_message(s,
-               a,
-@@ -521,6 +546,15 @@ long ssl3_get_message(SSL *s, int st1, i
-               s->init_num += i;
-               n -= i;
-               }
-+
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+      /* If receiving Finished, record MAC of prior handshake messages for
-+       * Finished verification. */
-+      if (*s->init_buf->data == SSL3_MT_FINISHED)
-+              ssl3_take_mac(s);
-+#endif
-+
-+      /* Feed this message into MAC computation. */
-       ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
-       if (s->msg_callback)
-               s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
---- openssl-1.0.0b.orig/ssl/s3_clnt.c  2010-11-29 19:56:04.846517045 +0000
-+++ openssl-1.0.0b/ssl/s3_clnt.c       2010-11-29 19:56:04.965928855 +0000
-@@ -435,7 +435,16 @@ int ssl3_connect(SSL *s)
-                       ret=ssl3_send_change_cipher_spec(s,
-                               SSL3_ST_CW_CHANGE_A,SSL3_ST_CW_CHANGE_B);
-                       if (ret <= 0) goto end;
-+
-+#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
-                       s->state=SSL3_ST_CW_FINISHED_A;
-+#else
-+                      if (s->next_proto_negotiated)
-+                              s->state=SSL3_ST_CW_NEXT_PROTO_A;
-+                      else
-+                              s->state=SSL3_ST_CW_FINISHED_A;
-+#endif
-+
-                       s->init_num=0;
- 
-                       s->session->cipher=s->s3->tmp.new_cipher;
-@@ -463,6 +472,15 @@ int ssl3_connect(SSL *s)
- 
-                       break;
- 
-+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-+              case SSL3_ST_CW_NEXT_PROTO_A:
-+              case SSL3_ST_CW_NEXT_PROTO_B:
-+                      ret=ssl3_send_next_proto(s);
-+                      if (ret <= 0) goto end;
-+                      s->state=SSL3_ST_CW_FINISHED_A;
-+                      break;
-+#endif
-+
-               case SSL3_ST_CW_FINISHED_A:
-               case SSL3_ST_CW_FINISHED_B:
-                       ret=ssl3_send_finished(s,
-@@ -3060,6 +3078,32 @@ err:
-  */
- 
- #ifndef OPENSSL_NO_TLSEXT
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+int ssl3_send_next_proto(SSL *s)
-+      {
-+      unsigned int len, padding_len;
-+      unsigned char *d;
-+
-+      if (s->state == SSL3_ST_CW_NEXT_PROTO_A)
-+              {
-+              len = s->next_proto_negotiated_len;
-+              padding_len = 32 - ((len + 2) % 32);
-+              d = (unsigned char *)s->init_buf->data;
-+              d[4] = len;
-+              memcpy(d + 5, s->next_proto_negotiated, len);
-+              d[5 + len] = padding_len;
-+              memset(d + 6 + len, 0, padding_len);
-+              *(d++)=SSL3_MT_NEXT_PROTO;
-+              l2n3(2 + len + padding_len, d);
-+              s->state = SSL3_ST_CW_NEXT_PROTO_B;
-+              s->init_num = 4 + 2 + len + padding_len;
-+              s->init_off = 0;
-+              }
-+
-+      return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
-+      }
-+# endif
-+
- int ssl3_check_finished(SSL *s)
-       {
-       int ok;
---- openssl-1.0.0b.orig/ssl/s3_lib.c   2010-11-29 19:56:04.832465351 +0000
-+++ openssl-1.0.0b/ssl/s3_lib.c        2010-11-29 19:56:04.965928855 +0000
-@@ -2230,6 +2230,15 @@ void ssl3_clear(SSL *s)
-       s->s3->num_renegotiations=0;
-       s->s3->in_read_app_data=0;
-       s->version=SSL3_VERSION;
-+
-+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-+      if (s->next_proto_negotiated)
-+              {
-+              OPENSSL_free(s->next_proto_negotiated);
-+              s->next_proto_negotiated = NULL;
-+              s->next_proto_negotiated_len = 0;
-+              }
-+#endif
-       }
- 
- long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
---- openssl-1.0.0b.orig/ssl/s3_pkt.c   2010-11-29 19:56:04.832465351 +0000
-+++ openssl-1.0.0b/ssl/s3_pkt.c        2010-11-29 19:56:04.965928855 +0000
-@@ -1394,8 +1394,10 @@ err:
- int ssl3_do_change_cipher_spec(SSL *s)
-       {
-       int i;
-+#ifdef OPENSSL_NO_NEXTPROTONEG
-       const char *sender;
-       int slen;
-+#endif
- 
-       if (s->state & SSL_ST_ACCEPT)
-               i=SSL3_CHANGE_CIPHER_SERVER_READ;
-@@ -1418,6 +1420,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
-       if (!s->method->ssl3_enc->change_cipher_state(s,i))
-               return(0);
- 
-+#ifdef OPENSSL_NO_NEXTPROTONEG
-       /* we have to record the message digest at
-        * this point so we can get it before we read
-        * the finished message */
-@@ -1434,6 +1437,7 @@ int ssl3_do_change_cipher_spec(SSL *s)
- 
-       s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
-               sender,slen,s->s3->tmp.peer_finish_md);
-+#endif
- 
-       return(1);
-       }
---- openssl-1.0.0b.orig/ssl/s3_srvr.c  2010-11-29 19:56:04.846517045 +0000
-+++ openssl-1.0.0b/ssl/s3_srvr.c       2010-11-29 19:56:04.965928855 +0000
-@@ -538,7 +538,14 @@ int ssl3_accept(SSL *s)
-                                * the client uses its key from the certificate
-                                * for key exchange.
-                                */
-+#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
-                               s->state=SSL3_ST_SR_FINISHED_A;
-+#else
-+                              if (s->s3->next_proto_neg_seen)
-+                                      s->state=SSL3_ST_SR_NEXT_PROTO_A;
-+                              else
-+                                      s->state=SSL3_ST_SR_FINISHED_A;
-+#endif
-                               s->init_num = 0;
-                               }
-                       else
-@@ -581,10 +588,27 @@ int ssl3_accept(SSL *s)
-                       ret=ssl3_get_cert_verify(s);
-                       if (ret <= 0) goto end;
- 
-+#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
-                       s->state=SSL3_ST_SR_FINISHED_A;
-+#else
-+                      if (s->s3->next_proto_neg_seen)
-+                              s->state=SSL3_ST_SR_NEXT_PROTO_A;
-+                      else
-+                              s->state=SSL3_ST_SR_FINISHED_A;
-+#endif
-                       s->init_num=0;
-                       break;
- 
-+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-+              case SSL3_ST_SR_NEXT_PROTO_A:
-+              case SSL3_ST_SR_NEXT_PROTO_B:
-+                      ret=ssl3_get_next_proto(s);
-+                      if (ret <= 0) goto end;
-+                      s->init_num = 0;
-+                      s->state=SSL3_ST_SR_FINISHED_A;
-+                      break;
-+#endif
-+
-               case SSL3_ST_SR_FINISHED_A:
-               case SSL3_ST_SR_FINISHED_B:
-                       ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A,
-@@ -655,7 +679,16 @@ int ssl3_accept(SSL *s)
-                       if (ret <= 0) goto end;
-                       s->state=SSL3_ST_SW_FLUSH;
-                       if (s->hit)
-+                              {
-+#if defined(OPENSSL_NO_TLSEXT) || defined(OPENSSL_NO_NEXTPROTONEG)
-                               s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
-+#else
-+                              if (s->s3->next_proto_neg_seen)
-+                                      s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A;
-+                              else
-+                                      s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A;
-+#endif
-+                              }
-                       else
-                               s->s3->tmp.next_state=SSL_ST_OK;
-                       s->init_num=0;
-@@ -3196,4 +3229,72 @@ int ssl3_send_cert_status(SSL *s)
-       /* SSL3_ST_SW_CERT_STATUS_B */
-       return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
-       }
-+
-+# ifndef OPENSSL_NO_NPN
-+/* ssl3_get_next_proto reads a Next Protocol Negotiation handshake message. It
-+ * sets the next_proto member in s if found */
-+int ssl3_get_next_proto(SSL *s)
-+      {
-+      int ok;
-+      unsigned proto_len, padding_len;
-+      long n;
-+      const unsigned char *p;
-+
-+      /* Clients cannot send a NextProtocol message if we didn't see the
-+       * extension in their ClientHello */
-+      if (!s->s3->next_proto_neg_seen)
-+              {
-+              SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION);
-+              return -1;
-+              }
-+
-+      n=s->method->ssl_get_message(s,
-+              SSL3_ST_SR_NEXT_PROTO_A,
-+              SSL3_ST_SR_NEXT_PROTO_B,
-+              SSL3_MT_NEXT_PROTO,
-+              514,  /* See the payload format below */
-+              &ok);
-+
-+      if (!ok)
-+              return((int)n);
-+
-+      /* s->state doesn't reflect whether ChangeCipherSpec has been received
-+       * in this handshake, but s->s3->change_cipher_spec does (will be reset
-+       * by ssl3_get_finished). */
-+      if (!s->s3->change_cipher_spec)
-+              {
-+              SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS);
-+              return -1;
-+              }
-+
-+      if (n < 2)
-+              return 0;  /* The body must be > 1 bytes long */
-+
-+      p=(unsigned char *)s->init_msg;
-+
-+      /* The payload looks like:
-+       *   uint8 proto_len;
-+       *   uint8 proto[proto_len];
-+       *   uint8 padding_len;
-+       *   uint8 padding[padding_len];
-+       */
-+      proto_len = p[0];
-+      if (proto_len + 2 > s->init_num)
-+              return 0;
-+      padding_len = p[proto_len + 1];
-+      if (proto_len + padding_len + 2 != s->init_num)
-+              return 0;
-+
-+      s->next_proto_negotiated = OPENSSL_malloc(proto_len);
-+      if (!s->next_proto_negotiated)
-+              {
-+              SSLerr(SSL_F_SSL3_GET_NEXT_PROTO,ERR_R_MALLOC_FAILURE);
-+              return 0;
-+              }
-+      memcpy(s->next_proto_negotiated, p + 1, proto_len);
-+      s->next_proto_negotiated_len = proto_len;
-+
-+      return 1;
-+      }
-+# endif
- #endif
---- openssl-1.0.0b.orig/ssl/ssl.h      2010-11-29 19:56:04.846517045 +0000
-+++ openssl-1.0.0b/ssl/ssl.h   2010-11-29 19:56:04.965928855 +0000
-@@ -857,6 +857,25 @@ struct ssl_ctx_st
-       /* draft-rescorla-tls-opaque-prf-input-00.txt information */
-       int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
-       void *tlsext_opaque_prf_input_callback_arg;
-+
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+      /* Next protocol negotiation information */
-+      /* (for experimental NPN extension). */
-+
-+      /* For a server, this contains a callback function by which the set of
-+       * advertised protocols can be provided. */
-+      int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
-+                                       unsigned int *len, void *arg);
-+      void *next_protos_advertised_cb_arg;
-+      /* For a client, this contains a callback function that selects the
-+       * next protocol from the list provided by the server. */
-+      int (*next_proto_select_cb)(SSL *s, unsigned char **out,
-+                                  unsigned char *outlen,
-+                                  const unsigned char *in,
-+                                  unsigned int inlen,
-+                                  void *arg);
-+      void *next_proto_select_cb_arg;
-+# endif
- #endif
- 
- #ifndef OPENSSL_NO_PSK
-@@ -928,6 +947,30 @@ int SSL_CTX_set_client_cert_engine(SSL_C
- #endif
- void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
- void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
-+                                         int (*cb) (SSL *ssl,
-+                                                    const unsigned char **out,
-+                                                    unsigned int *outlen,
-+                                                    void *arg), void *arg);
-+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
-+                                    int (*cb) (SSL *ssl, unsigned char **out,
-+                                               unsigned char *outlen,
-+                                               const unsigned char *in,
-+                                               unsigned int inlen, void *arg),
-+                                    void *arg);
-+
-+int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-+                        const unsigned char *in, unsigned int inlen,
-+                        const unsigned char *client, unsigned int client_len);
-+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-+                                  unsigned *len);
-+
-+#define OPENSSL_NPN_UNSUPPORTED       0
-+#define OPENSSL_NPN_NEGOTIATED        1
-+#define OPENSSL_NPN_NO_OVERLAP        2
-+
-+#endif
- 
- #ifndef OPENSSL_NO_PSK
- /* the maximum length of the buffer given to callbacks containing the
-@@ -1187,6 +1230,19 @@ struct ssl_st
-       void *tls_session_secret_cb_arg;
- 
-       SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
-+
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+      /* Next protocol negotiation. For the client, this is the protocol that
-+       * we sent in NextProtocol and is set when handling ServerHello
-+       * extensions.
-+       *
-+       * For a server, this is the client's selected_protocol from
-+       * NextProtocol and is set when handling the NextProtocol message,
-+       * before the Finished message. */
-+      unsigned char *next_proto_negotiated;
-+      unsigned char next_proto_negotiated_len;
-+#endif
-+
- #define session_ctx initial_ctx
- #else
- #define session_ctx ctx
-@@ -1919,6 +1975,7 @@ void ERR_load_SSL_strings(void);
- #define SSL_F_SSL3_GET_KEY_EXCHANGE                    141
- #define SSL_F_SSL3_GET_MESSAGE                                 142
- #define SSL_F_SSL3_GET_NEW_SESSION_TICKET              283
-+#define SSL_F_SSL3_GET_NEXT_PROTO                      304
- #define SSL_F_SSL3_GET_RECORD                          143
- #define SSL_F_SSL3_GET_SERVER_CERTIFICATE              144
- #define SSL_F_SSL3_GET_SERVER_DONE                     145
-@@ -2117,6 +2174,8 @@ void ERR_load_SSL_strings(void);
- #define SSL_R_EXCESSIVE_MESSAGE_SIZE                   152
- #define SSL_R_EXTRA_DATA_IN_MESSAGE                    153
- #define SSL_R_GOT_A_FIN_BEFORE_A_CCS                   154
-+#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS              346
-+#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION                 347
- #define SSL_R_HTTPS_PROXY_REQUEST                      155
- #define SSL_R_HTTP_REQUEST                             156
- #define SSL_R_ILLEGAL_PADDING                          283
---- openssl-1.0.0b.orig/ssl/ssl3.h     2010-11-29 19:56:04.832465351 +0000
-+++ openssl-1.0.0b/ssl/ssl3.h  2010-11-29 19:56:04.965928855 +0000
-@@ -465,6 +465,12 @@ typedef struct ssl3_state_st
-       void *server_opaque_prf_input;
-       size_t server_opaque_prf_input_len;
- 
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+      /* Set if we saw the Next Protocol Negotiation extension from
-+         our peer. */
-+      int next_proto_neg_seen;
-+#endif
-+
-       struct  {
-               /* actually only needs to be 16+20 */
-               unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2];
-@@ -557,6 +563,10 @@ typedef struct ssl3_state_st
- #define SSL3_ST_CW_CERT_VRFY_B                (0x191|SSL_ST_CONNECT)
- #define SSL3_ST_CW_CHANGE_A           (0x1A0|SSL_ST_CONNECT)
- #define SSL3_ST_CW_CHANGE_B           (0x1A1|SSL_ST_CONNECT)
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+#define SSL3_ST_CW_NEXT_PROTO_A               (0x200|SSL_ST_CONNECT)
-+#define SSL3_ST_CW_NEXT_PROTO_B               (0x201|SSL_ST_CONNECT)
-+#endif
- #define SSL3_ST_CW_FINISHED_A         (0x1B0|SSL_ST_CONNECT)
- #define SSL3_ST_CW_FINISHED_B         (0x1B1|SSL_ST_CONNECT)
- /* read from server */
-@@ -602,6 +612,10 @@ typedef struct ssl3_state_st
- #define SSL3_ST_SR_CERT_VRFY_B                (0x1A1|SSL_ST_ACCEPT)
- #define SSL3_ST_SR_CHANGE_A           (0x1B0|SSL_ST_ACCEPT)
- #define SSL3_ST_SR_CHANGE_B           (0x1B1|SSL_ST_ACCEPT)
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+#define SSL3_ST_SR_NEXT_PROTO_A               (0x210|SSL_ST_ACCEPT)
-+#define SSL3_ST_SR_NEXT_PROTO_B               (0x211|SSL_ST_ACCEPT)
-+#endif
- #define SSL3_ST_SR_FINISHED_A         (0x1C0|SSL_ST_ACCEPT)
- #define SSL3_ST_SR_FINISHED_B         (0x1C1|SSL_ST_ACCEPT)
- /* write to client */
-@@ -626,6 +640,9 @@ typedef struct ssl3_state_st
- #define SSL3_MT_CLIENT_KEY_EXCHANGE           16
- #define SSL3_MT_FINISHED                      20
- #define SSL3_MT_CERTIFICATE_STATUS            22
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+#define SSL3_MT_NEXT_PROTO                    67
-+#endif
- #define DTLS1_MT_HELLO_VERIFY_REQUEST    3
- 
- 
---- openssl-1.0.0b.orig/ssl/ssl_err.c  2010-11-29 19:56:04.846517045 +0000
-+++ openssl-1.0.0b/ssl/ssl_err.c       2010-11-29 19:56:04.965928855 +0000
-@@ -155,6 +155,7 @@ static ERR_STRING_DATA SSL_str_functs[]=
- {ERR_FUNC(SSL_F_SSL3_GET_KEY_EXCHANGE),       "SSL3_GET_KEY_EXCHANGE"},
- {ERR_FUNC(SSL_F_SSL3_GET_MESSAGE),    "SSL3_GET_MESSAGE"},
- {ERR_FUNC(SSL_F_SSL3_GET_NEW_SESSION_TICKET), "SSL3_GET_NEW_SESSION_TICKET"},
-+{ERR_FUNC(SSL_F_SSL3_GET_NEXT_PROTO), "SSL3_GET_NEXT_PROTO"},
- {ERR_FUNC(SSL_F_SSL3_GET_RECORD),     "SSL3_GET_RECORD"},
- {ERR_FUNC(SSL_F_SSL3_GET_SERVER_CERTIFICATE), "SSL3_GET_SERVER_CERTIFICATE"},
- {ERR_FUNC(SSL_F_SSL3_GET_SERVER_DONE),        "SSL3_GET_SERVER_DONE"},
-@@ -355,6 +356,8 @@ static ERR_STRING_DATA SSL_str_reasons[]
- {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE),"excessive message size"},
- {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) ,"extra data in message"},
- {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS),"got a fin before a ccs"},
-+{ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS),"got next proto before a ccs"},
-+{ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION),"got next proto without seeing extension"},
- {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST)   ,"https proxy request"},
- {ERR_REASON(SSL_R_HTTP_REQUEST)          ,"http request"},
- {ERR_REASON(SSL_R_ILLEGAL_PADDING)       ,"illegal padding"},
---- openssl-1.0.0b.orig/ssl/ssl_lib.c  2010-11-29 19:56:04.846517045 +0000
-+++ openssl-1.0.0b/ssl/ssl_lib.c       2010-11-29 19:56:04.965928855 +0000
-@@ -354,6 +354,9 @@ SSL *SSL_new(SSL_CTX *ctx)
-       s->tlsext_ocsp_resplen = -1;
-       CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX);
-       s->initial_ctx=ctx;
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+      s->next_proto_negotiated = NULL;
-+# endif
- #endif
- 
-       s->verify_result=X509_V_OK;
-@@ -587,6 +590,11 @@ void SSL_free(SSL *s)
-               kssl_ctx_free(s->kssl_ctx);
- #endif        /* OPENSSL_NO_KRB5 */
- 
-+#if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
-+      if (s->next_proto_negotiated)
-+              OPENSSL_free(s->next_proto_negotiated);
-+#endif
-+
-       OPENSSL_free(s);
-       }
- 
-@@ -1503,6 +1511,124 @@ int SSL_get_servername_type(const SSL *s
-               return TLSEXT_NAMETYPE_host_name;
-       return -1;
-       }
-+
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+/* SSL_select_next_proto implements the standard protocol selection. It is
-+ * expected that this function is called from the callback set by
-+ * SSL_CTX_set_next_proto_select_cb.
-+ *
-+ * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
-+ * strings. The length byte itself is not included in the length. A byte
-+ * string of length 0 is invalid. No byte string may be truncated.
-+ *
-+ * The current, but experimental algorithm for selecting the protocol is:
-+ *
-+ * 1) If the server doesn't support NPN then this is indicated to the
-+ * callback. In this case, the client application has to abort the connection
-+ * or have a default application level protocol.
-+ *
-+ * 2) If the server supports NPN, but advertises an empty list then the
-+ * client selects the first protcol in its list, but indicates via the
-+ * API that this fallback case was enacted.
-+ *
-+ * 3) Otherwise, the client finds the first protocol in the server's list
-+ * that it supports and selects this protocol. This is because it's
-+ * assumed that the server has better information about which protocol
-+ * a client should use.
-+ *
-+ * 4) If the client doesn't support any of the server's advertised
-+ * protocols, then this is treated the same as case 2.
-+ *
-+ * It returns either
-+ * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
-+ * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
-+ */
-+int SSL_select_next_proto(unsigned char **out, unsigned char *outlen, const unsigned char *server, unsigned int server_len, const unsigned char *client, unsigned int client_len)
-+      {
-+      unsigned int i, j;
-+      const unsigned char *result;
-+      int status = OPENSSL_NPN_UNSUPPORTED;
-+
-+      /* For each protocol in server preference order, see if we support it. */
-+      for (i = 0; i < server_len; )
-+              {
-+              for (j = 0; j < client_len; )
-+                      {
-+                      if (server[i] == client[j] &&
-+                          memcmp(&server[i+1], &client[j+1], server[i]) == 0)
-+                              {
-+                              /* We found a match */
-+                              result = &server[i];
-+                              status = OPENSSL_NPN_NEGOTIATED;
-+                              goto found;
-+                              }
-+                      j += client[j];
-+                      j++;
-+                      }
-+              i += server[i];
-+              i++;
-+              }
-+
-+      /* There's no overlap between our protocols and the server's list. */
-+      result = client;
-+      status = OPENSSL_NPN_NO_OVERLAP;
-+
-+      found:
-+      *out = (unsigned char *) result + 1;
-+      *outlen = result[0];
-+      return status;
-+      }
-+
-+/* SSL_get0_next_proto_negotiated sets *data and *len to point to the client's
-+ * requested protocol for this connection and returns 0. If the client didn't
-+ * request any protocol, then *data is set to NULL.
-+ *
-+ * Note that the client can request any protocol it chooses. The value returned
-+ * from this function need not be a member of the list of supported protocols
-+ * provided by the callback.
-+ */
-+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data, unsigned *len)
-+      {
-+      *data = s->next_proto_negotiated;
-+      if (!*data) {
-+              *len = 0;
-+      } else {
-+              *len = s->next_proto_negotiated_len;
-+      }
-+}
-+
-+/* SSL_CTX_set_next_protos_advertised_cb sets a callback that is called when a
-+ * TLS server needs a list of supported protocols for Next Protocol
-+ * Negotiation. The returned list must be in wire format.  The list is returned
-+ * by setting |out| to point to it and |outlen| to its length. This memory will
-+ * not be modified, but one should assume that the SSL* keeps a reference to
-+ * it.
-+ *
-+ * The callback should return SSL_TLSEXT_ERR_OK if it wishes to advertise. Otherwise, no
-+ * such extension will be included in the ServerHello. */
-+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl, const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
-+      {
-+      ctx->next_protos_advertised_cb = cb;
-+      ctx->next_protos_advertised_cb_arg = arg;
-+      }
-+
-+/* SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
-+ * client needs to select a protocol from the server's provided list. |out|
-+ * must be set to point to the selected protocol (which may be within |in|).
-+ * The length of the protocol name must be written into |outlen|. The server's
-+ * advertised protocols are provided in |in| and |inlen|. The callback can
-+ * assume that |in| is syntactically valid.
-+ *
-+ * The client must select a protocol. It is fatal to the connection if this
-+ * callback returns a value other than SSL_TLSEXT_ERR_OK.
-+ */
-+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned char **out, unsigned char *outlen, const unsigned char *in, unsigned int inlen, void *arg), void *arg)
-+      {
-+      ctx->next_proto_select_cb = cb;
-+      ctx->next_proto_select_cb_arg = arg;
-+      }
-+
-+# endif
- #endif
- 
- static unsigned long ssl_session_hash(const SSL_SESSION *a)
-@@ -1667,6 +1793,10 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
-       ret->tlsext_status_cb = 0;
-       ret->tlsext_status_arg = NULL;
- 
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+      ret->next_protos_advertised_cb = 0;
-+      ret->next_proto_select_cb = 0;
-+# endif
- #endif
- #ifndef OPENSSL_NO_PSK
-       ret->psk_identity_hint=NULL;
---- openssl-1.0.0b.orig/ssl/ssl_locl.h 2010-11-29 19:56:04.846517045 +0000
-+++ openssl-1.0.0b/ssl/ssl_locl.h      2010-11-29 19:56:04.965928855 +0000
-@@ -968,6 +968,9 @@ int ssl3_get_server_certificate(SSL *s);
- int ssl3_check_cert_and_algorithm(SSL *s);
- #ifndef OPENSSL_NO_TLSEXT
- int ssl3_check_finished(SSL *s);
-+# ifndef OPENSSL_NO_NEXTPROTONEG
-+int ssl3_send_next_proto(SSL *s);
-+# endif
- #endif
- 
- int dtls1_client_hello(SSL *s);
-@@ -986,6 +989,9 @@ int ssl3_check_client_hello(SSL *s);
- int ssl3_get_client_certificate(SSL *s);
- int ssl3_get_client_key_exchange(SSL *s);
- int ssl3_get_cert_verify(SSL *s);
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+int ssl3_get_next_proto(SSL *s);
-+#endif
- 
- int dtls1_send_hello_request(SSL *s);
- int dtls1_send_server_hello(SSL *s);
---- openssl-1.0.0b.orig/ssl/t1_lib.c   2010-11-16 13:26:24.000000000 +0000
-+++ openssl-1.0.0b/ssl/t1_lib.c        2010-11-29 19:56:04.965928855 +0000
-@@ -494,6 +494,18 @@ unsigned char *ssl_add_clienthello_tlsex
-                       i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret);
-               }
- 
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+      if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len)
-+              {
-+              /* The client advertises an emtpy extension to indicate its
-+               * support for Next Protocol Negotiation */
-+              if (limit - ret - 4 < 0)
-+                      return NULL;
-+              s2n(TLSEXT_TYPE_next_proto_neg,ret);
-+              s2n(0,ret);
-+              }
-+#endif
-+
-       if ((extdatalen = ret-p-2)== 0) 
-               return p;
- 
-@@ -505,6 +517,9 @@ unsigned char *ssl_add_serverhello_tlsex
-       {
-       int extdatalen=0;
-       unsigned char *ret = p;
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+      int next_proto_neg_seen;
-+#endif
- 
-       /* don't add extensions for SSLv3, unless doing secure renegotiation */
-       if (s->version == SSL3_VERSION && !s->s3->send_connection_binding)
-@@ -618,6 +633,28 @@ unsigned char *ssl_add_serverhello_tlsex
- 
-               }
- 
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+      next_proto_neg_seen = s->s3->next_proto_neg_seen;
-+      s->s3->next_proto_neg_seen = 0;
-+      if (next_proto_neg_seen && s->ctx->next_protos_advertised_cb)
-+              {
-+              const unsigned char *npa;
-+              unsigned int npalen;
-+              int r;
-+
-+              r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s->ctx->next_protos_advertised_cb_arg);
-+              if (r == SSL_TLSEXT_ERR_OK)
-+                      {
-+                      if ((long)(limit - ret - 4 - npalen) < 0) return NULL;
-+                      s2n(TLSEXT_TYPE_next_proto_neg,ret);
-+                      s2n(npalen,ret);
-+                      memcpy(ret, npa, npalen);
-+                      ret += npalen;
-+                      s->s3->next_proto_neg_seen = 1;
-+                      }
-+              }
-+#endif
-+
-       if ((extdatalen = ret-p-2)== 0) 
-               return p;
- 
-@@ -982,6 +1019,28 @@ int ssl_parse_clienthello_tlsext(SSL *s,
-                               else
-                                       s->tlsext_status_type = -1;
-                       }
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+              else if (type == TLSEXT_TYPE_next_proto_neg &&
-+                         s->s3->tmp.finish_md_len == 0)
-+                      {
-+                      /* We shouldn't accept this extension on a
-+                       * renegotiation.
-+                       *
-+                       * s->new_session will be set on renegotiation, but we
-+                       * probably shouldn't rely that it couldn't be set on
-+                       * the initial renegotation too in certain cases (when
-+                       * there's some other reason to disallow resuming an
-+                       * earlier session -- the current code won't be doing
-+                       * anything like that, but this might change).
-+
-+                       * A valid sign that there's been a previous handshake
-+                       * in this connection is if s->s3->tmp.finish_md_len >
-+                       * 0.  (We are talking about a check that will happen
-+                       * in the Hello protocol round, well before a new
-+                       * Finished message could have been computed.) */
-+                      s->s3->next_proto_neg_seen = 1;
-+                      }
-+#endif
- 
-               /* session ticket processed earlier */
-               data+=size;
-@@ -1005,6 +1064,26 @@ int ssl_parse_clienthello_tlsext(SSL *s,
-       return 1;
-       }
- 
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+/* ssl_next_proto_validate validates a Next Protocol Negotiation block. No
-+ * elements of zero length are allowed and the set of elements must exactly fill
-+ * the length of the block. */
-+static int ssl_next_proto_validate(unsigned char *d, unsigned len)
-+      {
-+      unsigned int off = 0;
-+
-+      while (off < len)
-+              {
-+              if (d[off] == 0)
-+                      return 0;
-+              off += d[off];
-+              off++;
-+              }
-+
-+      return off == len;
-+      }
-+#endif
-+
- int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al)
-       {
-       unsigned short length;
-@@ -1139,6 +1218,39 @@ int ssl_parse_serverhello_tlsext(SSL *s,
-                       /* Set flag to expect CertificateStatus message */
-                       s->tlsext_status_expected = 1;
-                       }
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+              else if (type == TLSEXT_TYPE_next_proto_neg)
-+                      {
-+                      unsigned char *selected;
-+                      unsigned char selected_len;
-+
-+                      /* We must have requested it. */
-+                      if ((s->ctx->next_proto_select_cb == NULL))
-+                              {
-+                              *al = TLS1_AD_UNSUPPORTED_EXTENSION;
-+                              return 0;
-+                              }
-+                      /* The data must be valid */
-+                      if (!ssl_next_proto_validate(data, size))
-+                              {
-+                              *al = TLS1_AD_DECODE_ERROR;
-+                              return 0;
-+                              }
-+                      if (s->ctx->next_proto_select_cb(s, &selected, &selected_len, data, size, s->ctx->next_proto_select_cb_arg) != SSL_TLSEXT_ERR_OK)
-+                              {
-+                              *al = TLS1_AD_INTERNAL_ERROR;
-+                              return 0;
-+                              }
-+                      s->next_proto_negotiated = OPENSSL_malloc(selected_len);
-+                      if (!s->next_proto_negotiated)
-+                              {
-+                              *al = TLS1_AD_INTERNAL_ERROR;
-+                              return 0;
-+                              }
-+                      memcpy(s->next_proto_negotiated, selected, selected_len);
-+                      s->next_proto_negotiated_len = selected_len;
-+                      }
-+#endif
-               else if (type == TLSEXT_TYPE_renegotiate)
-                       {
-                       if(!ssl_parse_serverhello_renegotiate_ext(s, data, size, al))
---- openssl-1.0.0b.orig/ssl/tls1.h     2009-11-11 14:51:29.000000000 +0000
-+++ openssl-1.0.0b/ssl/tls1.h  2010-11-29 19:56:04.965928855 +0000
-@@ -204,6 +204,11 @@ extern "C" {
- /* Temporary extension type */
- #define TLSEXT_TYPE_renegotiate                 0xff01
- 
-+#ifndef OPENSSL_NO_NEXTPROTONEG
-+/* This is not an IANA defined extension number */
-+#define TLSEXT_TYPE_next_proto_neg            13172
-+#endif
-+
- /* NameType value from RFC 3546 */
- #define TLSEXT_NAMETYPE_host_name 0
- /* status request value from RFC 3546 */

diff --git a/deps/openssl/patches/openssl_no_dtls1.patch b/deps/openssl/patches/openssl_no_dtls1.patch
deleted file mode 100644 (file)
index 8b61cd3..0000000
--- a/deps/openssl/patches/openssl_no_dtls1.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- openssl-1.0.0f.orig/ssl/ssl_lib.c  2012-01-04 22:13:21.000000000 +0000
-+++ openssl-1.0.0f/ssl/ssl_lib.c       2012-01-04 22:13:21.000000000 +0000
-@@ -1063,8 +1063,10 @@ long SSL_ctrl(SSL *s,int cmd,long larg,v
-               s->max_cert_list=larg;
-               return(l);
-       case SSL_CTRL_SET_MTU:
-+#ifndef OPENSSL_NO_DTLS1
-               if (larg < (long)dtls1_min_mtu())
-                       return 0;
-+#endif
- 
-               if (SSL_version(s) == DTLS1_VERSION ||
-                   SSL_version(s) == DTLS1_BAD_VER)

diff --git a/deps/openssl/patches/progs.patch b/deps/openssl/patches/progs.patch
deleted file mode 100644 (file)
index 16fd9b0..0000000
--- a/deps/openssl/patches/progs.patch
+++ /dev/null
@@ -1,54 +0,0 @@
---- openssl-1.0.0.orig/apps/openssl.c  2009-10-04 09:43:21.000000000 -0700
-+++ openssl-1.0.0/apps/openssl.c       2010-05-18 14:05:14.000000000 -0700
-@@ -275,8 +275,10 @@ int main(int Argc, char *Argv[])
-               if (ERR_GET_REASON(ERR_peek_last_error())
-                   == CONF_R_NO_SUCH_FILE)
-                       {
-+#if 0 /* ANDROID */
-                       BIO_printf(bio_err,
-                                  "WARNING: can't open config file: %s\n",p);
-+#endif
-                       ERR_clear_error();
-                       NCONF_free(config);
-                       config = NULL;
---- openssl-1.0.0.orig/apps/progs.h    2009-06-30 08:08:38.000000000 -0700
-+++ openssl-1.0.0/apps/progs.h 2010-05-18 14:05:38.000000000 -0700
-@@ -146,7 +152,9 @@ FUNCTION functions[] = {
-       {FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
- #endif
-       {FUNC_TYPE_GENERAL,"prime",prime_main},
-+#if 0 /* ANDROID */
-       {FUNC_TYPE_GENERAL,"ts",ts_main},
-+#endif
- #ifndef OPENSSL_NO_MD2
-       {FUNC_TYPE_MD,"md2",dgst_main},
- #endif
---- openssl-1.0.0.orig/apps/speed.c    2010-03-03 11:56:17.000000000 -0800
-+++ openssl-1.0.0/apps/speed.c 2010-05-18 14:05:57.000000000 -0700
-@@ -1718,6 +1718,7 @@ int MAIN(int argc, char **argv)
-                       }
-               }
- 
-+#if 0 /* ANDROID */
-       if (doit[D_IGE_128_AES])
-               {
-               for (j=0; j<SIZE_NUM; j++)
-@@ -1763,6 +1764,7 @@ int MAIN(int argc, char **argv)
- 
- 
- #endif
-+#endif
- #ifndef OPENSSL_NO_CAMELLIA
-       if (doit[D_CBC_128_CML])
-               {
---- openssl-1.0.0.orig/crypto/ui/ui_openssl.c  2009-10-04 09:43:21.000000000 -0700
-+++ openssl-1.0.0/crypto/ui/ui_openssl.c       2010-05-18 13:36:26.000000000 -0700
-@@ -184,7 +184,7 @@
- # undef  SGTTY
- #endif
- 
--#if defined(linux) && !defined(TERMIO)
-+#if defined(linux) && !defined(TERMIO) && !defined(__ANDROID__)
- # undef  TERMIOS
- # define TERMIO
- # undef  SGTTY

diff --git a/deps/openssl/patches/sha1_armv4_large.patch b/deps/openssl/patches/sha1_armv4_large.patch
deleted file mode 100644 (file)
index 359ff94..0000000
--- a/deps/openssl/patches/sha1_armv4_large.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff --git a/crypto/sha/asm/sha1-armv4-large.pl b/crypto/sha/asm/sha1-armv4-large.pl
-index 6e65fe3..79e3f61 100644
---- a/crypto/sha/asm/sha1-armv4-large.pl
-+++ b/crypto/sha/asm/sha1-armv4-large.pl
-@@ -161,6 +161,7 @@ for($i=0;$i<5;$i++) {
- $code.=<<___;
-       teq     $Xi,sp
-       bne     .L_00_15                @ [((11+4)*5+2)*3]
-+      sub     sp,sp,#5*4
- ___
-       &BODY_00_15(@V);        unshift(@V,pop(@V));
-       &BODY_16_19(@V);        unshift(@V,pop(@V));
-@@ -170,7 +171,7 @@ ___
- $code.=<<___;
- 
-       ldr     $K,.LK_20_39            @ [+15+16*4]
--      sub     sp,sp,#25*4
-+      sub     sp,sp,#20*4
-       cmn     sp,#0                   @ [+3], clear carry to denote 20_39
- .L_20_39_or_60_79:
- ___

diff --git a/deps/openssl/patches/small_records.patch b/deps/openssl/patches/small_records.patch
deleted file mode 100644 (file)
index a2ea51c..0000000
--- a/deps/openssl/patches/small_records.patch
+++ /dev/null
@@ -1,337 +0,0 @@
---- openssl-1.0.0a.orig/ssl/d1_pkt.c   2010-04-14 00:09:55.000000000 +0000
-+++ openssl-1.0.0a/ssl/d1_pkt.c        2010-08-25 21:12:39.000000000 +0000
-@@ -608,6 +608,24 @@ again:
-                       goto again;
-                       }
- 
-+              /* If we receive a valid record larger than the current buffer size,
-+               * allocate some memory for it.
-+               */
-+              if (rr->length > s->s3->rbuf.len - DTLS1_RT_HEADER_LENGTH)
-+                      {
-+                      unsigned char *pp;
-+                      unsigned int newlen = rr->length + DTLS1_RT_HEADER_LENGTH;
-+                      if ((pp=OPENSSL_realloc(s->s3->rbuf.buf, newlen))==NULL)
-+                              {
-+                              SSLerr(SSL_F_DTLS1_GET_RECORD,ERR_R_MALLOC_FAILURE);
-+                              return(-1);
-+                              }
-+                      p = pp + (p - s->s3->rbuf.buf);
-+                      s->s3->rbuf.buf=pp;
-+                      s->s3->rbuf.len=newlen;
-+                      s->packet= &(s->s3->rbuf.buf[0]);
-+                      }
-+
-               /* now s->rstate == SSL_ST_READ_BODY */
-               }
- 
-@@ -1342,6 +1360,7 @@ int do_dtls1_write(SSL *s, int type, con
-       SSL3_BUFFER *wb;
-       SSL_SESSION *sess;
-       int bs;
-+      unsigned int len_with_overhead = len + SSL3_RT_DEFAULT_WRITE_OVERHEAD;
- 
-       /* first check if there is a SSL3_BUFFER still being written
-        * out.  This will happen with non blocking IO */
-@@ -1351,6 +1370,16 @@ int do_dtls1_write(SSL *s, int type, con
-               return(ssl3_write_pending(s,type,buf,len));
-               }
- 
-+      if (s->s3->wbuf.len < len_with_overhead)
-+              {
-+              if ((p=OPENSSL_realloc(s->s3->wbuf.buf, len_with_overhead)) == NULL) {
-+                      SSLerr(SSL_F_DO_DTLS1_WRITE,ERR_R_MALLOC_FAILURE);
-+                      goto err;
-+              }
-+              s->s3->wbuf.buf = p;
-+              s->s3->wbuf.len = len_with_overhead;
-+              }
-+
-       /* If we have an alert to send, lets send it */
-       if (s->s3->alert_dispatch)
-               {
---- openssl-1.0.0a.orig/ssl/s23_srvr.c 2010-02-16 14:20:40.000000000 +0000
-+++ openssl-1.0.0a/ssl/s23_srvr.c      2010-08-25 21:12:39.000000000 +0000
-@@ -403,8 +403,13 @@ int ssl23_get_client_hello(SSL *s)
-               v[0] = p[3]; /* == SSL3_VERSION_MAJOR */
-               v[1] = p[4];
- 
-+/* The SSL2 protocol allows n to be larger, just pick
-+ * a reasonable buffer size. */
-+#if SSL3_RT_DEFAULT_PACKET_SIZE < 1024*4 - SSL3_RT_DEFAULT_WRITE_OVERHEAD
-+#error "SSL3_RT_DEFAULT_PACKET_SIZE is too small."
-+#endif
-               n=((p[0]&0x7f)<<8)|p[1];
--              if (n > (1024*4))
-+              if (n > SSL3_RT_DEFAULT_PACKET_SIZE - 2)
-                       {
-                       SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE);
-                       goto err;
---- openssl-1.0.0a.orig/ssl/s3_both.c  2010-03-24 23:16:49.000000000 +0000
-+++ openssl-1.0.0a/ssl/s3_both.c       2010-08-25 21:12:39.000000000 +0000
-@@ -715,13 +722,20 @@ int ssl3_setup_read_buffer(SSL *s)
- 
-       if (s->s3->rbuf.buf == NULL)
-               {
--              len = SSL3_RT_MAX_PLAIN_LENGTH
--                      + SSL3_RT_MAX_ENCRYPTED_OVERHEAD
--                      + headerlen + align;
--              if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
-+              if (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS)
-                       {
--                      s->s3->init_extra = 1;
--                      len += SSL3_RT_MAX_EXTRA;
-+                      len = SSL3_RT_DEFAULT_PACKET_SIZE;
-+                      }
-+              else
-+                      {
-+                      len = SSL3_RT_MAX_PLAIN_LENGTH
-+                              + SSL3_RT_MAX_ENCRYPTED_OVERHEAD
-+                              + headerlen + align;
-+                      if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
-+                              {
-+                              s->s3->init_extra = 1;
-+                              len += SSL3_RT_MAX_EXTRA;
-+                              }
-                       }
- #ifndef OPENSSL_NO_COMP
-               if (!(s->options & SSL_OP_NO_COMPRESSION))
-@@ -757,7 +771,15 @@ int ssl3_setup_write_buffer(SSL *s)
- 
-       if (s->s3->wbuf.buf == NULL)
-               {
--              len = s->max_send_fragment
-+              if (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS)
-+                      {
-+                      len = SSL3_RT_DEFAULT_PACKET_SIZE;
-+                      }
-+              else
-+                      {
-+                      len = s->max_send_fragment;
-+                      }
-+              len += 0
-                       + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
-                       + headerlen + align;
- #ifndef OPENSSL_NO_COMP
-@@ -767,7 +789,6 @@ int ssl3_setup_write_buffer(SSL *s)
-               if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
-                       len += headerlen + align
-                               + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
--
-               if ((p=freelist_extract(s->ctx, 0, len)) == NULL)
-                       goto err;
-               s->s3->wbuf.buf = p;
-@@ -810,4 +831,3 @@ int ssl3_release_read_buffer(SSL *s)
-               }
-       return 1;
-       }
--
---- openssl-1.0.0a.orig/ssl/s3_pkt.c   2010-03-25 11:22:42.000000000 +0000
-+++ openssl-1.0.0a/ssl/s3_pkt.c        2010-08-25 21:12:39.000000000 +0000
-@@ -293,6 +293,11 @@ static int ssl3_get_record(SSL *s)
-       size_t extra;
-       int decryption_failed_or_bad_record_mac = 0;
-       unsigned char *mac = NULL;
-+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
-+      long align=SSL3_ALIGN_PAYLOAD;
-+#else
-+      long align=0;
-+#endif
- 
-       rr= &(s->s3->rrec);
-       sess=s->session;
-@@ -301,7 +306,8 @@ static int ssl3_get_record(SSL *s)
-               extra=SSL3_RT_MAX_EXTRA;
-       else
-               extra=0;
--      if (extra && !s->s3->init_extra)
-+      if (!(SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS) &&
-+              extra && !s->s3->init_extra)
-               {
-               /* An application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
-                * set after ssl3_setup_buffers() was done */
-@@ -350,6 +356,21 @@ fprintf(stderr, "Record type=%d, Length=
-                       goto err;
-                       }
- 
-+              /* If we receive a valid record larger than the current buffer size,
-+               * allocate some memory for it.
-+               */
-+              if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH - align)
-+                      {
-+                      if ((p=OPENSSL_realloc(s->s3->rbuf.buf, rr->length + SSL3_RT_HEADER_LENGTH + align))==NULL)
-+                              {
-+                              SSLerr(SSL_F_SSL3_GET_RECORD,ERR_R_MALLOC_FAILURE);
-+                              goto err;
-+                              }
-+                      s->s3->rbuf.buf=p;
-+                      s->s3->rbuf.len=rr->length + SSL3_RT_HEADER_LENGTH + align;
-+                      s->packet= &(s->s3->rbuf.buf[0]);
-+                      }
-+
-               if (rr->length > s->s3->rbuf.len - SSL3_RT_HEADER_LENGTH)
-                       {
-                       al=SSL_AD_RECORD_OVERFLOW;
-@@ -576,6 +597,7 @@ int ssl3_write_bytes(SSL *s, int type, c
-       const unsigned char *buf=buf_;
-       unsigned int tot,n,nw;
-       int i;
-+      unsigned int max_plain_length;
- 
-       s->rwstate=SSL_NOTHING;
-       tot=s->s3->wnum;
-@@ -595,8 +617,13 @@ int ssl3_write_bytes(SSL *s, int type, c
-       n=(len-tot);
-       for (;;)
-               {
--              if (n > s->max_send_fragment)
--                      nw=s->max_send_fragment;
-+              if (type == SSL3_RT_APPLICATION_DATA && (SSL_get_mode(s) & SSL_MODE_SMALL_BUFFERS))
-+                      max_plain_length = SSL3_RT_DEFAULT_PLAIN_LENGTH;
-+              else
-+                      max_plain_length = s->max_send_fragment;
-+
-+              if (n > max_plain_length)
-+                      nw = max_plain_length;
-               else
-                       nw=n;
- 
-@@ -727,6 +727,18 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
-               s->s3->empty_fragment_done = 1;
-               }
- 
-+      /* resize if necessary to hold the data. */
-+      if (len + SSL3_RT_DEFAULT_WRITE_OVERHEAD > wb->len)
-+              {
-+              if ((p=OPENSSL_realloc(wb->buf, len + SSL3_RT_DEFAULT_WRITE_OVERHEAD))==NULL)
-+                      {
-+                      SSLerr(SSL_F_DO_SSL3_WRITE,ERR_R_MALLOC_FAILURE);
-+                      goto err;
-+                      }
-+              wb->buf = p;
-+              wb->len = len + SSL3_RT_DEFAULT_WRITE_OVERHEAD;
-+              }
-+
-       if (create_empty_fragment)
-               {
- #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
---- openssl-1.0.0a.orig/ssl/ssl.h      2010-01-06 17:37:38.000000000 +0000
-+++ openssl-1.0.0a/ssl/ssl.h   2010-08-25 21:12:39.000000000 +0000
-@@ -602,6 +602,9 @@ typedef struct ssl_session_st
-  * TLS only.)  "Released" buffers are put onto a free-list in the context
-  * or just freed (depending on the context's setting for freelist_max_len). */
- #define SSL_MODE_RELEASE_BUFFERS 0x00000010L
-+/* Use small read and write buffers: (a) lazy allocate read buffers for
-+ * large incoming records, and (b) limit the size of outgoing records. */
-+#define SSL_MODE_SMALL_BUFFERS 0x00000020L
- 
- /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
-  * they cannot be used to clear bits. */
---- openssl-1.0.0a.orig/ssl/ssl3.h     2010-01-06 17:37:38.000000000 +0000
-+++ openssl-1.0.0a/ssl/ssl3.h  2010-08-25 21:12:39.000000000 +0000
-@@ -280,6 +280,9 @@ extern "C" {
- 
- #define SSL3_RT_MAX_EXTRA                     (16384)
- 
-+/* Default buffer length used for writen records.  Thus a generated record
-+ * will contain plaintext no larger than this value. */
-+#define SSL3_RT_DEFAULT_PLAIN_LENGTH  2048
- /* Maximum plaintext length: defined by SSL/TLS standards */
- #define SSL3_RT_MAX_PLAIN_LENGTH              16384
- /* Maximum compression overhead: defined by SSL/TLS standards */
-@@ -311,6 +314,13 @@ extern "C" {
- #define SSL3_RT_MAX_PACKET_SIZE               \
-               (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
- 
-+/* Extra space for empty fragment, headers, MAC, and padding. */
-+#define SSL3_RT_DEFAULT_WRITE_OVERHEAD  256
-+#define SSL3_RT_DEFAULT_PACKET_SIZE     4096 - SSL3_RT_DEFAULT_WRITE_OVERHEAD
-+#if SSL3_RT_DEFAULT_PLAIN_LENGTH + SSL3_RT_DEFAULT_WRITE_OVERHEAD > SSL3_RT_DEFAULT_PACKET_SIZE
-+#error "Insufficient space allocated for write buffers."
-+#endif
-+
- #define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54"
- #define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52"
- 
-@@ -634,4 +645,3 @@ typedef struct ssl3_state_st
- }
- #endif
- #endif
--
---- openssl-1.0.0a.orig/ssl/ssltest.c  2010-01-24 16:57:38.000000000 +0000
-+++ openssl-1.0.0a/ssl/ssltest.c       2010-08-25 21:12:39.000000000 +0000
-@@ -316,6 +316,8 @@ static void sv_usage(void)
-                      "                 (default is sect163r2).\n");
- #endif
-       fprintf(stderr," -test_cipherlist - verifies the order of the ssl cipher lists\n");
-+      fprintf(stderr," -c_small_records - enable client side use of small SSL record buffers\n");
-+      fprintf(stderr," -s_small_records - enable server side use of small SSL record buffers\n");
-       }
- 
- static void print_details(SSL *c_ssl, const char *prefix)
-@@ -444,6 +447,9 @@ int opaque_prf_input_cb(SSL *ssl, void *
-       return arg->ret;
-       }
- #endif
-+      int ssl_mode = 0;
-+      int c_small_records=0;
-+      int s_small_records=0;
- 
- int main(int argc, char *argv[])
-       {
-@@ -680,6 +687,14 @@ int main(int argc, char *argv[])
-                       {
-                       test_cipherlist = 1;
-                       }
-+              else if (strcmp(*argv, "-c_small_records") == 0)
-+                      {
-+                      c_small_records = 1;
-+                      }
-+              else if (strcmp(*argv, "-s_small_records") == 0)
-+                      {
-+                      s_small_records = 1;
-+                      }
-               else
-                       {
-                       fprintf(stderr,"unknown option %s\n",*argv);
-@@ -802,6 +821,21 @@ bad:
-               SSL_CTX_set_cipher_list(s_ctx,cipher);
-               }
- 
-+      ssl_mode = 0;
-+      if (c_small_records)
-+              {
-+              ssl_mode = SSL_CTX_get_mode(c_ctx);
-+              ssl_mode |= SSL_MODE_SMALL_BUFFERS;
-+              SSL_CTX_set_mode(c_ctx, ssl_mode);
-+              }
-+      ssl_mode = 0;
-+      if (s_small_records)
-+              {
-+              ssl_mode = SSL_CTX_get_mode(s_ctx);
-+              ssl_mode |= SSL_MODE_SMALL_BUFFERS;
-+              SSL_CTX_set_mode(s_ctx, ssl_mode);
-+              }
-+
- #ifndef OPENSSL_NO_DH
-       if (!no_dhe)
-               {
---- openssl-1.0.0.orig/test/testssl    2006-03-10 15:06:27.000000000 -0800
-+++ openssl-1.0.0/test/testssl 2010-04-26 10:24:55.000000000 -0700
-@@ -70,6 +70,16 @@ $ssltest -client_auth $CA $extra || exit
- echo test sslv2/sslv3 with both client and server authentication
- $ssltest -server_auth -client_auth $CA $extra || exit 1
- 
-+echo test sslv2/sslv3 with both client and server authentication and small client buffers
-+$ssltest -server_auth -client_auth -c_small_records $CA $extra || exit 1
-+
-+echo test sslv2/sslv3 with both client and server authentication and small server buffers
-+$ssltest -server_auth -client_auth -s_small_records $CA $extra || exit 1
-+
-+echo test sslv2/sslv3 with both client and server authentication and small client and server buffers
-+$ssltest -server_auth -client_auth -c_small_records -s_small_records $CA $extra || exit 1
-+
-+
- echo test sslv2 via BIO pair
- $ssltest -bio_pair -ssl2 $extra || exit 1
- 

diff --git a/deps/openssl/patches/tls_exporter.patch b/deps/openssl/patches/tls_exporter.patch
deleted file mode 100755 (executable)
index a9e64a3..0000000
--- a/deps/openssl/patches/tls_exporter.patch
+++ /dev/null
@@ -1,220 +0,0 @@
-diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
-index c3b77c8..a94290a 100644
---- a/ssl/d1_lib.c
-+++ b/ssl/d1_lib.c
-@@ -82,6 +82,7 @@ SSL3_ENC_METHOD DTLSv1_enc_data={
-       TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
-       TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
-       tls1_alert_code,
-+      tls1_export_keying_material,
-       };
- 
- long dtls1_default_timeout(void)
-diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index c19538a..1fecbbc 100644
---- a/ssl/s3_lib.c
-+++ b/ssl/s3_lib.c
-@@ -2087,6 +2087,9 @@ SSL3_ENC_METHOD SSLv3_enc_data={
-       SSL3_MD_CLIENT_FINISHED_CONST,4,
-       SSL3_MD_SERVER_FINISHED_CONST,4,
-       ssl3_alert_code,
-+      (int (*)(SSL *, unsigned char *, size_t, const char *,
-+               size_t, const unsigned char *, size_t,
-+               int use_context)) ssl_undefined_function,
-       };
- 
- long ssl3_default_timeout(void)
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index 9336af8..be4af2f 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
-@@ -2116,6 +2116,7 @@ void ERR_load_SSL_strings(void);
- #define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT    301
- #define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT             303
- #define SSL_F_SSL_PEEK                                         270
-+#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL              312
- #define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT           281
- #define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT           282
- #define SSL_F_SSL_READ                                         223
-@@ -2394,6 +2395,7 @@ void ERR_load_SSL_strings(void);
- #define SSL_R_TLSV1_UNRECOGNIZED_NAME                  1112
- #define SSL_R_TLSV1_UNSUPPORTED_EXTENSION              1110
- #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER     232
-+#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL               367
- #define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST           157
- #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
- #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG  234
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 17d2cde..d6ad3c1 100644
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -3127,6 +3127,18 @@ void SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s, unsigned
-       }
- #endif
- 
-+int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-+        const char *label, size_t llen, const unsigned char *p, size_t plen,
-+        int use_context)
-+      {
-+      if (s->version < TLS1_VERSION)
-+              return -1;
-+
-+      return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
-+                                                         llen, p, plen,
-+                                                         use_context);
-+      }
-+
- int SSL_cutthrough_complete(const SSL *s)
-       {
-       return (!s->server &&                 /* cutthrough only applies to clients */
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index 146c89c..e7c6b9a 100644
---- a/ssl/ssl_locl.h
-+++ b/ssl/ssl_locl.h
-@@ -557,6 +557,10 @@ typedef struct ssl3_enc_method
-       const char *server_finished_label;
-       int server_finished_label_len;
-       int (*alert_value)(int);
-+      int (*export_keying_material)(SSL *, unsigned char *, size_t,
-+                                    const char *, size_t,
-+                                    const unsigned char *, size_t,
-+                                    int use_context);
-       } SSL3_ENC_METHOD;
- 
- #ifndef OPENSSL_NO_COMP
-@@ -1041,6 +1045,9 @@ int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
- int tls1_mac(SSL *ssl, unsigned char *md, int snd);
- int tls1_generate_master_secret(SSL *s, unsigned char *out,
-       unsigned char *p, int len);
-+int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-+      const char *label, size_t llen, const unsigned char *p,
-+      size_t plen, int use_context);
- int tls1_alert_code(int code);
- int ssl3_alert_code(int code);
- int ssl_ok(SSL *s);
-diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
-index 793ea43..b1d5b28 100644
---- a/ssl/t1_enc.c
-+++ b/ssl/t1_enc.c
-@@ -1001,6 +1001,95 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
-       return(SSL3_MASTER_SECRET_SIZE);
-       }
- 
-+int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-+       const char *label, size_t llen, const unsigned char *context,
-+       size_t contextlen, int use_context)
-+      {
-+      unsigned char *buff;
-+      unsigned char *val = NULL;
-+      size_t vallen, currentvalpos;
-+      int rv;
-+
-+#ifdef KSSL_DEBUG
-+      printf ("tls1_export_keying_material(%p,%p,%d,%s,%d,%p,%d)\n", s, out, olen, label, llen, p, plen);
-+#endif        /* KSSL_DEBUG */
-+
-+      buff = OPENSSL_malloc(olen);
-+      if (buff == NULL) goto err2;
-+
-+      /* construct PRF arguments
-+       * we construct the PRF argument ourself rather than passing separate
-+       * values into the TLS PRF to ensure that the concatenation of values
-+       * does not create a prohibited label.
-+       */
-+      vallen = llen + SSL3_RANDOM_SIZE * 2;
-+      if (use_context)
-+              {
-+              vallen += 2 + contextlen;
-+              }
-+
-+      val = OPENSSL_malloc(vallen);
-+      if (val == NULL) goto err2;
-+      currentvalpos = 0;
-+      memcpy(val + currentvalpos, (unsigned char *) label, llen);
-+      currentvalpos += llen;
-+      memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE);
-+      currentvalpos += SSL3_RANDOM_SIZE;
-+      memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
-+      currentvalpos += SSL3_RANDOM_SIZE;
-+
-+      if (use_context)
-+              {
-+              val[currentvalpos] = (contextlen >> 8) & 0xff;
-+              currentvalpos++;
-+              val[currentvalpos] = contextlen & 0xff;
-+              currentvalpos++;
-+              if ((contextlen > 0) || (context != NULL))
-+                      {
-+                      memcpy(val + currentvalpos, context, contextlen);
-+                      }
-+              }
-+
-+      /* disallow prohibited labels
-+       * note that SSL3_RANDOM_SIZE > max(prohibited label len) =
-+       * 15, so size of val > max(prohibited label len) = 15 and the
-+       * comparisons won't have buffer overflow
-+       */
-+      if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST,
-+               TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0) goto err1;
-+      if (memcmp(val, TLS_MD_SERVER_FINISH_CONST,
-+               TLS_MD_SERVER_FINISH_CONST_SIZE) == 0) goto err1;
-+      if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
-+               TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) goto err1;
-+      if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
-+               TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0) goto err1;
-+
-+      rv = tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
-+                    val, vallen,
-+                    NULL, 0,
-+                    NULL, 0,
-+                    NULL, 0,
-+                    NULL, 0,
-+                    s->session->master_key,s->session->master_key_length,
-+                    out,buff,olen);
-+
-+#ifdef KSSL_DEBUG
-+      printf ("tls1_export_keying_material() complete\n");
-+#endif        /* KSSL_DEBUG */
-+      goto ret;
-+err1:
-+      SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
-+      rv = 0;
-+      goto ret;
-+err2:
-+      SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
-+      rv = 0;
-+ret:
-+      if (buff != NULL) OPENSSL_free(buff);
-+      if (val != NULL) OPENSSL_free(val);
-+      return(rv);
-+      }
-+
- int tls1_alert_code(int code)
-       {
-       switch (code)
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index daa65c9..c094471 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -209,6 +209,7 @@ SSL3_ENC_METHOD TLSv1_enc_data={
-       TLS_MD_CLIENT_FINISH_CONST,TLS_MD_CLIENT_FINISH_CONST_SIZE,
-       TLS_MD_SERVER_FINISH_CONST,TLS_MD_SERVER_FINISH_CONST_SIZE,
-       tls1_alert_code,
-+      tls1_export_keying_material,
-       };
- 
- long tls1_default_timeout(void)
-diff --git a/ssl/tls1.h b/ssl/tls1.h
-index 1fa96e5..7bbb875 100644
---- a/ssl/tls1.h
-+++ b/ssl/tls1.h
-@@ -231,6 +231,9 @@ extern "C" {
- 
- const char *SSL_get_servername(const SSL *s, const int type) ;
- int SSL_get_servername_type(const SSL *s) ;
-+int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-+      const char *label, size_t llen, const unsigned char *p, size_t plen,
-+      int use_context);
- 
- #define SSL_set_tlsext_host_name(s,name) \
- SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
\ No newline at end of file

diff --git a/deps/openssl/patches/x509_hash_name_algorithm_change.patch b/deps/openssl/patches/x509_hash_name_algorithm_change.patch
deleted file mode 100644 (file)
index d960184..0000000
--- a/deps/openssl/patches/x509_hash_name_algorithm_change.patch
+++ /dev/null
@@ -1,31 +0,0 @@
---- openssl-1.0.0f-origin/crypto/x509/by_dir.c 2012-01-19 02:20:24.821550944 +0800
-+++ openssl-1.0.0f/crypto/x509/by_dir.c        2012-01-19 23:36:53.597870429 +0800
-@@ -287,6 +287,8 @@
-       int ok=0;
-       int i,j,k;
-       unsigned long h;
-+      unsigned long hash_array[2];
-+      int hash_index;
-       BUF_MEM *b=NULL;
-       X509_OBJECT stmp,*tmp;
-       const char *postfix="";
-@@ -323,6 +325,11 @@
-       ctx=(BY_DIR *)xl->method_data;
- 
-       h=X509_NAME_hash(name);
-+      hash_array[0]=h;
-+      hash_array[1]=X509_NAME_hash_old(name);
-+      for (hash_index=0; hash_index < 2; hash_index++)
-+              {
-+              h=hash_array[hash_index];
-       for (i=0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++)
-               {
-               BY_DIR_ENTRY *ent;
-@@ -476,6 +483,7 @@
-                       goto finish;
-                       }
-               }
-+              }
- finish:
-       if (b != NULL) BUF_MEM_free(b);
-       return(ok);