svn commit: r296666 - in user/cperciva/freebsd-update-build/patches: 10.1-RELEASE 10.2-RELEASE 9.3-RELEASE
Gleb Smirnoff
glebius at FreeBSD.org
Fri Mar 11 16:30:31 UTC 2016
Author: glebius
Date: Fri Mar 11 16:30:29 2016
New Revision: 296666
URL: https://svnweb.freebsd.org/changeset/base/296666
Log:
Store SA-16:12 and SA-16:13 patches.
Added:
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/30-SA-16:12.openssl
user/cperciva/freebsd-update-build/patches/10.2-RELEASE/13-SA-16:12.openssl
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/37-SA-16:12.openssl
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/38-SA-16:13.bind
Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/30-SA-16:12.openssl
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/30-SA-16:12.openssl Fri Mar 11 16:30:29 2016 (r296666)
@@ -0,0 +1,609609 @@
+--- crypto/openssl/CHANGES.orig
++++ crypto/openssl/CHANGES
+@@ -2,6 +2,175 @@
+ OpenSSL CHANGES
+ _______________
+
++ Changes between 1.0.1o and 1.0.1p [9 Jul 2015]
++
++ *) Alternate chains certificate forgery
++
++ During certificate verfification, OpenSSL will attempt to find an
++ alternative certificate chain if the first attempt to build such a chain
++ fails. An error in the implementation of this logic can mean that an
++ attacker could cause certain checks on untrusted certificates to be
++ bypassed, such as the CA flag, enabling them to use a valid leaf
++ certificate to act as a CA and "issue" an invalid certificate.
++
++ This issue was reported to OpenSSL by Adam Langley/David Benjamin
++ (Google/BoringSSL).
++ [Matt Caswell]
++
++ Changes between 1.0.1n and 1.0.1o [12 Jun 2015]
++
++ *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
++ incompatibility in the handling of HMAC. The previous ABI has now been
++ restored.
++
++ Changes between 1.0.1m and 1.0.1n [11 Jun 2015]
++
++ *) Malformed ECParameters causes infinite loop
++
++ When processing an ECParameters structure OpenSSL enters an infinite loop
++ if the curve specified is over a specially malformed binary polynomial
++ field.
++
++ This can be used to perform denial of service against any
++ system which processes public keys, certificate requests or
++ certificates. This includes TLS clients and TLS servers with
++ client authentication enabled.
++
++ This issue was reported to OpenSSL by Joseph Barr-Pixton.
++ (CVE-2015-1788)
++ [Andy Polyakov]
++
++ *) Exploitable out-of-bounds read in X509_cmp_time
++
++ X509_cmp_time does not properly check the length of the ASN1_TIME
++ string and can read a few bytes out of bounds. In addition,
++ X509_cmp_time accepts an arbitrary number of fractional seconds in the
++ time string.
++
++ An attacker can use this to craft malformed certificates and CRLs of
++ various sizes and potentially cause a segmentation fault, resulting in
++ a DoS on applications that verify certificates or CRLs. TLS clients
++ that verify CRLs are affected. TLS clients and servers with client
++ authentication enabled may be affected if they use custom verification
++ callbacks.
++
++ This issue was reported to OpenSSL by Robert Swiecki (Google), and
++ independently by Hanno Böck.
++ (CVE-2015-1789)
++ [Emilia Käsper]
++
++ *) PKCS7 crash with missing EnvelopedContent
++
++ The PKCS#7 parsing code does not handle missing inner EncryptedContent
++ correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
++ with missing content and trigger a NULL pointer dereference on parsing.
++
++ Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
++ structures from untrusted sources are affected. OpenSSL clients and
++ servers are not affected.
++
++ This issue was reported to OpenSSL by Michal Zalewski (Google).
++ (CVE-2015-1790)
++ [Emilia Käsper]
++
++ *) CMS verify infinite loop with unknown hash function
++
++ When verifying a signedData message the CMS code can enter an infinite loop
++ if presented with an unknown hash function OID. This can be used to perform
++ denial of service against any system which verifies signedData messages using
++ the CMS code.
++ This issue was reported to OpenSSL by Johannes Bauer.
++ (CVE-2015-1792)
++ [Stephen Henson]
++
++ *) Race condition handling NewSessionTicket
++
++ If a NewSessionTicket is received by a multi-threaded client when attempting to
++ reuse a previous ticket then a race condition can occur potentially leading to
++ a double free of the ticket data.
++ (CVE-2015-1791)
++ [Matt Caswell]
++
++ *) Reject DH handshakes with parameters shorter than 768 bits.
++ [Kurt Roeckx and Emilia Kasper]
++
++ Changes between 1.0.1l and 1.0.1m [19 Mar 2015]
++
++ *) Segmentation fault in ASN1_TYPE_cmp fix
++
++ The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
++ made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
++ certificate signature algorithm consistency this can be used to crash any
++ certificate verification operation and exploited in a DoS attack. Any
++ application which performs certificate verification is vulnerable including
++ OpenSSL clients and servers which enable client authentication.
++ (CVE-2015-0286)
++ [Stephen Henson]
++
++ *) ASN.1 structure reuse memory corruption fix
++
++ Reusing a structure in ASN.1 parsing may allow an attacker to cause
++ memory corruption via an invalid write. Such reuse is and has been
++ strongly discouraged and is believed to be rare.
++
++ Applications that parse structures containing CHOICE or ANY DEFINED BY
++ components may be affected. Certificate parsing (d2i_X509 and related
++ functions) are however not affected. OpenSSL clients and servers are
++ not affected.
++ (CVE-2015-0287)
++ [Stephen Henson]
++
++ *) PKCS7 NULL pointer dereferences fix
++
++ The PKCS#7 parsing code does not handle missing outer ContentInfo
++ correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
++ missing content and trigger a NULL pointer dereference on parsing.
++
++ Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
++ otherwise parse PKCS#7 structures from untrusted sources are
++ affected. OpenSSL clients and servers are not affected.
++
++ This issue was reported to OpenSSL by Michal Zalewski (Google).
++ (CVE-2015-0289)
++ [Emilia Käsper]
++
++ *) DoS via reachable assert in SSLv2 servers fix
++
++ A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
++ servers that both support SSLv2 and enable export cipher suites by sending
++ a specially crafted SSLv2 CLIENT-MASTER-KEY message.
++
++ This issue was discovered by Sean Burford (Google) and Emilia Käsper
++ (OpenSSL development team).
++ (CVE-2015-0293)
++ [Emilia Käsper]
++
++ *) Use After Free following d2i_ECPrivatekey error fix
++
++ A malformed EC private key file consumed via the d2i_ECPrivateKey function
++ could cause a use after free condition. This, in turn, could cause a double
++ free in several private key parsing functions (such as d2i_PrivateKey
++ or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
++ for applications that receive EC private keys from untrusted
++ sources. This scenario is considered rare.
++
++ This issue was discovered by the BoringSSL project and fixed in their
++ commit 517073cd4b.
++ (CVE-2015-0209)
++ [Matt Caswell]
++
++ *) X509_to_X509_REQ NULL pointer deref fix
++
++ The function X509_to_X509_REQ will crash with a NULL pointer dereference if
++ the certificate key is invalid. This function is rarely used in practice.
++
++ This issue was discovered by Brian Carpenter.
++ (CVE-2015-0288)
++ [Stephen Henson]
++
++ *) Removed the export ciphers from the DEFAULT ciphers
++ [Kurt Roeckx]
++
+ Changes between 1.0.1k and 1.0.1l [15 Jan 2015]
+
+ *) Build fixes for the Windows and OpenVMS platforms
+@@ -771,63 +940,6 @@
+ Add command line options to s_client/s_server.
+ [Steve Henson]
+
+- Changes between 1.0.0j and 1.0.0k [5 Feb 2013]
+-
+- *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+-
+- This addresses the flaw in CBC record processing discovered by
+- Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+- at: http://www.isg.rhul.ac.uk/tls/
+-
+- Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+- Security Group at Royal Holloway, University of London
+- (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+- Emilia Käsper for the initial patch.
+- (CVE-2013-0169)
+- [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+-
+- *) Return an error when checking OCSP signatures when key is NULL.
+- This fixes a DoS attack. (CVE-2013-0166)
+- [Steve Henson]
+-
+- *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+- the right response is stapled. Also change SSL_get_certificate()
+- so it returns the certificate actually sent.
+- See http://rt.openssl.org/Ticket/Display.html?id=2836.
+- (This is a backport)
+- [Rob Stradling <rob.stradling at comodo.com>]
+-
+- *) Fix possible deadlock when decoding public keys.
+- [Steve Henson]
+-
+- Changes between 1.0.0i and 1.0.0j [10 May 2012]
+-
+- [NB: OpenSSL 1.0.0i and later 1.0.0 patch levels were released after
+- OpenSSL 1.0.1.]
+-
+- *) Sanity check record length before skipping explicit IV in DTLS
+- to fix DoS attack.
+-
+- Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+- fuzzing as a service testing platform.
+- (CVE-2012-2333)
+- [Steve Henson]
+-
+- *) Initialise tkeylen properly when encrypting CMS messages.
+- Thanks to Solar Designer of Openwall for reporting this issue.
+- [Steve Henson]
+-
+- Changes between 1.0.0h and 1.0.0i [19 Apr 2012]
+-
+- *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+- BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+- in CRYPTO_realloc_clean.
+-
+- Thanks to Tavis Ormandy, Google Security Team, for discovering this
+- issue and to Adam Langley <agl at chromium.org> for fixing it.
+- (CVE-2012-2110)
+- [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+-
+ Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
+
+ *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
+@@ -1818,228 +1930,6 @@
+ *) Change 'Configure' script to enable Camellia by default.
+ [NTT]
+
+- Changes between 0.9.8x and 0.9.8y [5 Feb 2013]
+-
+- *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+-
+- This addresses the flaw in CBC record processing discovered by
+- Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+- at: http://www.isg.rhul.ac.uk/tls/
+-
+- Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+- Security Group at Royal Holloway, University of London
+- (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+- Emilia Käsper for the initial patch.
+- (CVE-2013-0169)
+- [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+-
+- *) Return an error when checking OCSP signatures when key is NULL.
+- This fixes a DoS attack. (CVE-2013-0166)
+- [Steve Henson]
+-
+- *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+- the right response is stapled. Also change SSL_get_certificate()
+- so it returns the certificate actually sent.
+- See http://rt.openssl.org/Ticket/Display.html?id=2836.
+- (This is a backport)
+- [Rob Stradling <rob.stradling at comodo.com>]
+-
+- *) Fix possible deadlock when decoding public keys.
+- [Steve Henson]
+-
+- Changes between 0.9.8w and 0.9.8x [10 May 2012]
+-
+- *) Sanity check record length before skipping explicit IV in DTLS
+- to fix DoS attack.
+-
+- Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+- fuzzing as a service testing platform.
+- (CVE-2012-2333)
+- [Steve Henson]
+-
+- *) Initialise tkeylen properly when encrypting CMS messages.
+- Thanks to Solar Designer of Openwall for reporting this issue.
+- [Steve Henson]
+-
+- Changes between 0.9.8v and 0.9.8w [23 Apr 2012]
+-
+- *) The fix for CVE-2012-2110 did not take into account that the
+- 'len' argument to BUF_MEM_grow and BUF_MEM_grow_clean is an
+- int in OpenSSL 0.9.8, making it still vulnerable. Fix by
+- rejecting negative len parameter. (CVE-2012-2131)
+- [Tomas Hoger <thoger at redhat.com>]
+-
+- Changes between 0.9.8u and 0.9.8v [19 Apr 2012]
+-
+- *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+- BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+- in CRYPTO_realloc_clean.
+-
+- Thanks to Tavis Ormandy, Google Security Team, for discovering this
+- issue and to Adam Langley <agl at chromium.org> for fixing it.
+- (CVE-2012-2110)
+- [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+-
+- Changes between 0.9.8t and 0.9.8u [12 Mar 2012]
+-
+- *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
+- in CMS and PKCS7 code. When RSA decryption fails use a random key for
+- content decryption and always return the same error. Note: this attack
+- needs on average 2^20 messages so it only affects automated senders. The
+- old behaviour can be reenabled in the CMS code by setting the
+- CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
+- an MMA defence is not necessary.
+- Thanks to Ivan Nestlerode <inestlerode at us.ibm.com> for discovering
+- this issue. (CVE-2012-0884)
+- [Steve Henson]
+-
+- *) Fix CVE-2011-4619: make sure we really are receiving a
+- client hello before rejecting multiple SGC restarts. Thanks to
+- Ivan Nestlerode <inestlerode at us.ibm.com> for discovering this bug.
+- [Steve Henson]
+-
+- Changes between 0.9.8s and 0.9.8t [18 Jan 2012]
+-
+- *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
+- Thanks to Antonio Martin, Enterprise Secure Access Research and
+- Development, Cisco Systems, Inc. for discovering this bug and
+- preparing a fix. (CVE-2012-0050)
+- [Antonio Martin]
+-
+- Changes between 0.9.8r and 0.9.8s [4 Jan 2012]
+-
+- *) Nadhem Alfardan and Kenny Paterson have discovered an extension
+- of the Vaudenay padding oracle attack on CBC mode encryption
+- which enables an efficient plaintext recovery attack against
+- the OpenSSL implementation of DTLS. Their attack exploits timing
+- differences arising during decryption processing. A research
+- paper describing this attack can be found at:
+- http://www.isg.rhul.ac.uk/~kp/dtls.pdf
+- Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+- Security Group at Royal Holloway, University of London
+- (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
+- <seggelmann at fh-muenster.de> and Michael Tuexen <tuexen at fh-muenster.de>
+- for preparing the fix. (CVE-2011-4108)
+- [Robin Seggelmann, Michael Tuexen]
+-
+- *) Stop policy check failure freeing same buffer twice. (CVE-2011-4109)
+- [Ben Laurie, Kasper <ekasper at google.com>]
+-
+- *) Clear bytes used for block padding of SSL 3.0 records.
+- (CVE-2011-4576)
+- [Adam Langley (Google)]
+-
+- *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
+- Kadianakis <desnacked at gmail.com> for discovering this issue and
+- Adam Langley for preparing the fix. (CVE-2011-4619)
+- [Adam Langley (Google)]
+-
+- *) Prevent malformed RFC3779 data triggering an assertion failure.
+- Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
+- and Rob Austein <sra at hactrn.net> for fixing it. (CVE-2011-4577)
+- [Rob Austein <sra at hactrn.net>]
+-
+- *) Fix ssl_ciph.c set-up race.
+- [Adam Langley (Google)]
+-
+- *) Fix spurious failures in ecdsatest.c.
+- [Emilia Käsper (Google)]
+-
+- *) Fix the BIO_f_buffer() implementation (which was mixing different
+- interpretations of the '..._len' fields).
+- [Adam Langley (Google)]
+-
+- *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
+- BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
+- threads won't reuse the same blinding coefficients.
+-
+- This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
+- lock to call BN_BLINDING_invert_ex, and avoids one use of
+- BN_BLINDING_update for each BN_BLINDING structure (previously,
+- the last update always remained unused).
+- [Emilia Käsper (Google)]
+-
+- *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+- for multi-threaded use of ECDH.
+- [Adam Langley (Google)]
+-
+- *) Fix x509_name_ex_d2i memory leak on bad inputs.
+- [Bodo Moeller]
+-
+- *) Add protection against ECDSA timing attacks as mentioned in the paper
+- by Billy Bob Brumley and Nicola Tuveri, see:
+-
+- http://eprint.iacr.org/2011/232.pdf
+-
+- [Billy Bob Brumley and Nicola Tuveri]
+-
+- Changes between 0.9.8q and 0.9.8r [8 Feb 2011]
+-
+- *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
+- [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
+-
+- *) Fix bug in string printing code: if *any* escaping is enabled we must
+- escape the escape character (backslash) or the resulting string is
+- ambiguous.
+- [Steve Henson]
+-
+- Changes between 0.9.8p and 0.9.8q [2 Dec 2010]
+-
+- *) Disable code workaround for ancient and obsolete Netscape browsers
+- and servers: an attacker can use it in a ciphersuite downgrade attack.
+- Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+- [Steve Henson]
+-
+- *) Fixed J-PAKE implementation error, originally discovered by
+- Sebastien Martini, further info and confirmation from Stefan
+- Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+- [Ben Laurie]
+-
+- Changes between 0.9.8o and 0.9.8p [16 Nov 2010]
+-
+- *) Fix extension code to avoid race conditions which can result in a buffer
+- overrun vulnerability: resumed sessions must not be modified as they can
+- be shared by multiple threads. CVE-2010-3864
+- [Steve Henson]
+-
+- *) Fix for double free bug in ssl/s3_clnt.c CVE-2010-2939
+- [Steve Henson]
+-
+- *) Don't reencode certificate when calculating signature: cache and use
+- the original encoding instead. This makes signature verification of
+- some broken encodings work correctly.
+- [Steve Henson]
+-
+- *) ec2_GF2m_simple_mul bugfix: compute correct result if the output EC_POINT
+- is also one of the inputs.
+- [Emilia Käsper <emilia.kasper at esat.kuleuven.be> (Google)]
+-
+- *) Don't repeatedly append PBE algorithms to table if they already exist.
+- Sort table on each new add. This effectively makes the table read only
+- after all algorithms are added and subsequent calls to PKCS12_pbe_add
+- etc are non-op.
+- [Steve Henson]
+-
+- Changes between 0.9.8n and 0.9.8o [01 Jun 2010]
+-
+- [NB: OpenSSL 0.9.8o and later 0.9.8 patch levels were released after
+- OpenSSL 1.0.0.]
+-
+- *) Correct a typo in the CMS ASN1 module which can result in invalid memory
+- access or freeing data twice (CVE-2010-0742)
+- [Steve Henson, Ronald Moesbergen <intercommit at gmail.com>]
+-
+- *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
+- common in certificates and some applications which only call
+- SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
+- [Steve Henson]
+-
+- *) VMS fixes:
+- Reduce copying into .apps and .test in makevms.com
+- Don't try to use blank CA certificate in CA.com
+- Allow use of C files from original directories in maketests.com
+- [Steven M. Schweda" <sms at antinode.info>]
+-
+ Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
+
+ *) When rejecting SSL/TLS records due to an incorrect version number, never
+--- crypto/openssl/Configure.orig
++++ crypto/openssl/Configure
+@@ -185,18 +185,18 @@
+ "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+-"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
++"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
++"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ "dist", "cc:-O::(unknown)::::::",
+
+ # Basic configs that should work on any (32 and less bit) box
+@@ -230,12 +230,12 @@
+
+ #### SPARC Solaris with GNU C setups
+ "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
+ "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
+ ####
+-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+ #### SPARC Solaris with Sun C setups
+@@ -252,20 +252,20 @@
+
+ #### SunOS configs, assuming sparc for the gcc one.
+ #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
+-"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
++"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
+
+ #### IRIX 5.x configs
+ # -mips2 flag is added by ./config when appropriate.
+-"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ #### IRIX 6.x configs
+ # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
+ # './Configure irix-cc -o32' manually.
+-"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
++"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
++"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+ # N64 ABI builds.
+-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+
+ #### Unified HP-UX ANSI C configs.
+ # Special notes:
+@@ -345,23 +345,23 @@
+ ####
+ # *-generic* is endian-neutral target, but ./config is free to
+ # throw in -D[BL]_ENDIAN, whichever appropriate...
+-"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # It's believed that majority of ARM toolchains predefine appropriate -march.
+ # If you compiler does not, do complement config command line with one!
+-"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-armv4", "gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ #### IA-32 targets...
+-"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
++"linux-ia32-icc", "icc:-DL_ENDIAN -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
+ ####
+-"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+-"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux-ia64", "gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ #### So called "highgprs" target for z/Architecture CPUs
+ # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
+ # /proc/cpuinfo. The idea is to preserve most significant bits of
+@@ -375,16 +375,16 @@
+ # ldconfig and run-time linker to autodiscover. Unfortunately it
+ # doesn't work just yet, because of couple of bugs in glibc
+ # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
+-"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
++"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
+ #### SPARC Linux setups
+ # Ray Miller <ray.miller at computing-services.oxford.ac.uk> has patiently
+ # assisted with debugging of following two configs.
+-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # it's a real mess with -mcpu=ultrasparc option under Linux, but
+ # -Wa,-Av8plus should do the trick no matter what.
+-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # GCC 3.1 is a requirement
+-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ #### Alpha Linux with GNU C and Compaq C setups
+ # Special notes:
+ # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
+@@ -398,30 +398,30 @@
+ #
+ # <appro at fy.chalmers.se>
+ #
+-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
++"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
++"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+
+-# Android: linux-* but without -DTERMIO and pointers to headers and libs.
++# Android: linux-* but without pointers to headers and libs.
+ "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+ #### *BSD [do see comment about ${BSDthreads} above!]
+-"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-sparcv8", "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-sparcv8", "gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+-"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
+ # simply *happens* to work around a compiler bug in gcc 3.3.3,
+ # triggered by RIPEMD160 code.
+-"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-sparc64", "gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-ia64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-x86_64", "gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+ "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+@@ -433,8 +433,8 @@
+
+ # QNX
+ "qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
+-"QNX6", "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"QNX6-i386", "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"QNX6", "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"QNX6-i386", "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+ # BeOS
+ "beos-x86-r5", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so",
+@@ -507,7 +507,7 @@
+ "SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
+
+ # SIEMENS BS2000/OSD: an EBCDIC-based mainframe
+-"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
++"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+
+ # OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
+ # You need to compile using the c89.sh wrapper in the tools directory, because the
+@@ -567,7 +567,7 @@
+ "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
+
+ # DJGPP
+-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",
++"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",
+
+ # Ultrix from Bernhard Simon <simon at zid.tuwien.ac.at>
+ "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
+@@ -593,7 +593,7 @@
+ "newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+
+ ##### GNU Hurd
+-"hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
++"hurd-x86", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+
+ ##### OS/2 EMX
+ "OS2-EMX", "gcc::::::::",
+--- crypto/openssl/Makefile.orig
++++ crypto/openssl/Makefile
+@@ -4,7 +4,7 @@
+ ## Makefile for OpenSSL
+ ##
+
+-VERSION=1.0.1l
++VERSION=1.0.1p
+ MAJOR=1
+ MINOR=0.1
+ SHLIB_VERSION_NUMBER=1.0.0
+@@ -186,7 +186,7 @@
+ EXHEADER= e_os2.h
+ HEADER= e_os.h
+
+-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
++all: Makefile build_all
+
+ # as we stick to -e, CLEARENV ensures that local variables in lower
+ # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
+@@ -270,21 +270,25 @@
+ @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
+
+ sub_all: build_all
++
+ build_all: build_libs build_apps build_tests build_tools
+
+-build_libs: build_crypto build_ssl build_engines
++build_libs: build_libcrypto build_libssl openssl.pc
+
++build_libcrypto: build_crypto build_engines libcrypto.pc
++build_libssl: build_ssl libssl.pc
++
+ build_crypto:
+ @dir=crypto; target=all; $(BUILD_ONE_CMD)
+-build_ssl:
++build_ssl: build_crypto
+ @dir=ssl; target=all; $(BUILD_ONE_CMD)
+-build_engines:
++build_engines: build_crypto
+ @dir=engines; target=all; $(BUILD_ONE_CMD)
+-build_apps:
++build_apps: build_libs
+ @dir=apps; target=all; $(BUILD_ONE_CMD)
+-build_tests:
++build_tests: build_libs
+ @dir=test; target=all; $(BUILD_ONE_CMD)
+-build_tools:
++build_tools: build_libs
+ @dir=tools; target=all; $(BUILD_ONE_CMD)
+
+ all_testapps: build_libs build_testapps
+@@ -461,6 +465,9 @@
+ report:
+ @$(PERL) util/selftest.pl
+
++update: errors stacks util/libeay.num util/ssleay.num TABLE
++ @set -e; target=update; $(RECURSIVE_BUILD_CMD)
++
+ depend:
+ @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
+
+@@ -485,26 +492,10 @@
+ util/ssleay.num::
+ $(PERL) util/mkdef.pl ssl update
+
+-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
+- $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
+- $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+-crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
+- $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
+-
+-apps/openssl-vms.cnf: apps/openssl.cnf
+- $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
+-
+-crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+- $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+-
+-
+ TABLE: Configure
+ (echo 'Output of `Configure TABLE'"':"; \
+ $(PERL) Configure TABLE) > TABLE
+
+-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
+-
+ # Build distribution tar-file. As the list of files returned by "find" is
+ # pretty long, on several platforms a "too many arguments" error or similar
+ # would occur. Therefore the list of files is temporarily stored into a file
+--- crypto/openssl/Makefile.org.orig
++++ crypto/openssl/Makefile.org
+@@ -184,7 +184,7 @@
+ EXHEADER= e_os2.h
+ HEADER= e_os.h
+
+-all: Makefile build_all openssl.pc libssl.pc libcrypto.pc
++all: Makefile build_all
+
+ # as we stick to -e, CLEARENV ensures that local variables in lower
+ # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
+@@ -268,21 +268,25 @@
+ @[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)
+
+ sub_all: build_all
++
+ build_all: build_libs build_apps build_tests build_tools
+
+-build_libs: build_crypto build_ssl build_engines
++build_libs: build_libcrypto build_libssl openssl.pc
+
++build_libcrypto: build_crypto build_engines libcrypto.pc
++build_libssl: build_ssl libssl.pc
++
+ build_crypto:
+ @dir=crypto; target=all; $(BUILD_ONE_CMD)
+-build_ssl:
++build_ssl: build_crypto
+ @dir=ssl; target=all; $(BUILD_ONE_CMD)
+-build_engines:
++build_engines: build_crypto
+ @dir=engines; target=all; $(BUILD_ONE_CMD)
+-build_apps:
++build_apps: build_libs
+ @dir=apps; target=all; $(BUILD_ONE_CMD)
+-build_tests:
++build_tests: build_libs
+ @dir=test; target=all; $(BUILD_ONE_CMD)
+-build_tools:
++build_tools: build_libs
+ @dir=tools; target=all; $(BUILD_ONE_CMD)
+
+ all_testapps: build_libs build_testapps
+@@ -459,6 +463,9 @@
+ report:
+ @$(PERL) util/selftest.pl
+
++update: errors stacks util/libeay.num util/ssleay.num TABLE
++ @set -e; target=update; $(RECURSIVE_BUILD_CMD)
++
+ depend:
+ @set -e; target=depend; $(RECURSIVE_BUILD_CMD)
+
+@@ -483,26 +490,10 @@
+ util/ssleay.num::
+ $(PERL) util/mkdef.pl ssl update
+
+-crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
+- $(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+-crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
+- $(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+-crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
+- $(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
+-
+-apps/openssl-vms.cnf: apps/openssl.cnf
+- $(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
+-
+-crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+- $(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+-
+-
+ TABLE: Configure
+ (echo 'Output of `Configure TABLE'"':"; \
+ $(PERL) Configure TABLE) > TABLE
+
+-update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
+-
+ # Build distribution tar-file. As the list of files returned by "find" is
+ # pretty long, on several platforms a "too many arguments" error or similar
+ # would occur. Therefore the list of files is temporarily stored into a file
+--- crypto/openssl/NEWS.orig
++++ crypto/openssl/NEWS
+@@ -5,6 +5,32 @@
+ This file gives a brief overview of the major changes between each OpenSSL
+ release. For more details please read the CHANGES file.
+
++ Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015]
++
++ o Alternate chains certificate forgery (CVE-2015-1793)
++
++ Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]
++
++ o Fix HMAC ABI incompatibility
++
++ Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]
++
++ o Malformed ECParameters causes infinite loop (CVE-2015-1788)
++ o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
++ o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
++ o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
++ o Race condition handling NewSessionTicket (CVE-2015-1791)
++
++ Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]
++
++ o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
++ o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
++ o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
++ o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
++ o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
++ o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
++ o Removed the export ciphers from the DEFAULT ciphers
++
+ Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
+
+ o Build fixes for the Windows and OpenVMS platforms
+@@ -103,19 +129,6 @@
+ o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
+ o SRP support.
+
+- Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:
+-
+- o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+- o Fix OCSP bad key DoS attack CVE-2013-0166
+-
+- Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:
+-
+- o Fix DTLS record length checking bug CVE-2012-2333
+-
+- Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:
+-
+- o Fix for ASN1 overflow bug CVE-2012-2110
+-
+ Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
+
+ o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+@@ -188,62 +201,6 @@
+ o Opaque PRF Input TLS extension support.
+ o Updated time routines to avoid OS limitations.
+
+- Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
+-
+- o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+- o Fix OCSP bad key DoS attack CVE-2013-0166
+-
+- Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
+-
+- o Fix DTLS record length checking bug CVE-2012-2333
+-
+- Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
+-
+- o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
+-
+- Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
+-
+- o Fix for ASN1 overflow bug CVE-2012-2110
+-
+- Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
+-
+- o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+- o Corrected fix for CVE-2011-4619
+- o Various DTLS fixes.
+-
+- Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
+-
+- o Fix for DTLS DoS issue CVE-2012-0050
+-
+- Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
+-
+- o Fix for DTLS plaintext recovery attack CVE-2011-4108
+- o Fix policy check double free error CVE-2011-4109
+- o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
+- o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
+- o Check for malformed RFC3779 data CVE-2011-4577
+-
+- Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
+-
+- o Fix for security issue CVE-2011-0014
+-
+- Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
+-
+- o Fix for security issue CVE-2010-4180
+- o Fix for CVE-2010-4252
+-
+- Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
+-
+- o Fix for security issue CVE-2010-3864.
+-
+- Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
+-
+- o Fix for security issue CVE-2010-0742.
+- o Various DTLS fixes.
+- o Recognise SHA2 certificates if only SSL algorithms added.
+- o Fix for no-rc4 compilation.
+- o Chil ENGINE unload workaround.
+-
+ Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
+
+ o CFB cipher definition fixes.
+--- crypto/openssl/README.orig
++++ crypto/openssl/README
+@@ -1,5 +1,5 @@
+
+- OpenSSL 1.0.1l 15 Jan 2015
++ OpenSSL 1.0.1p 9 Jul 2015
+
+ Copyright (c) 1998-2011 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+--- crypto/openssl/apps/Makefile.orig
++++ crypto/openssl/apps/Makefile
+@@ -94,6 +94,9 @@
+ sreq.o: req.c
+ $(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
+
++openssl-vms.cnf: openssl.cnf
++ $(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf
++
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+
+@@ -127,13 +130,13 @@
+ lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-src-user
mailing list