104 files changed, 33569 insertions, 58 deletions

diff --git a/Makefile.org b/Makefile.org
index ec9c4eefb8..ca75880ae2 100644
--- a/Makefile.org
+++ b/Makefile.org
@@ -177,11 +177,11 @@ DIRS=   crypto fips ssl $(SHLIB_MARK) apps test tools
 SHLIBDIRS= fips crypto ssl
 
 # dirs in crypto to build
-SDIRS=  \
+SDIRS=  objects \
 	md2 md4 md5 sha mdc2 hmac ripemd \
 	des rc2 rc4 rc5 idea bf cast \
 	bn ec rsa dsa dh dso engine aes \
-	buffer bio stack lhash rand err objects \
+	buffer bio stack lhash rand err \
 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5
 
 # tests to perform.  "alltests" is a special word indicating that all tests
@@ -231,7 +231,18 @@ sub_all:
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+	else \
+		$(MAKE) $$i; \
+	fi; \
+	done;
+
+sub_target:
+	@for i in $(DIRS); \
+	do \
+	if [ -d "$$i" ]; then \
+		(cd $$i && echo "making $(TARGET) in $$i..." && \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' FDIRS='$(FDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TARGET='$(TARGET)' sub_target ) || exit 1; \
 	else \
 		$(MAKE) $$i; \
 	fi; \
@@ -486,7 +497,7 @@ do_hpux-shared:
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
- 		+vnocompatwarnings \
+		+vnocompatwarnings \
 		-b -z +s \
 		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
@@ -509,7 +520,7 @@ do_hpux64-shared:
 		libs="$(LIBKRB5) $$libs"; \
 	fi; \
 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
- 		-b -z \
+		-b -z \
 		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 		+forceload lib$$i.a -ldl -lc ) || exit 1; \
diff --git a/crypto/des/cfb_enc.c b/crypto/des/cfb_enc.c
index 17bf77ca9e..185a63ea04 100644
--- a/crypto/des/cfb_enc.c
+++ b/crypto/des/cfb_enc.c
@@ -65,7 +65,8 @@
  * byte.
  */
 void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-		     long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc)
+		     long length, DES_key_schedule *schedule, DES_cblock *ivec,
+		     int enc)
 	{
 	register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8;
 	register DES_LONG mask0,mask1;
diff --git a/crypto/des/des_enc.c b/crypto/des/des_enc.c
index 1c37ab96d3..3ad3c9bc75 100644
--- a/crypto/des/des_enc.c
+++ b/crypto/des/des_enc.c
@@ -58,6 +58,8 @@
 
 #include "des_locl.h"
 
+#ifndef FIPS
+
 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
 	{
 	register DES_LONG l,r,t,u;
@@ -287,6 +289,8 @@ void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
 	data[1]=r;
 	}
 
+#endif /* ndef FIPS */
+
 #ifndef DES_DEFAULT_OPTIONS
 
 #undef CBC_ENC_C__DONT_UPDATE_IV
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index e45b6b3268..9844d7f9bc 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -84,22 +84,15 @@ IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
 		       EVP_CIPHER_get_asn1_iv,
 		       NULL)
 
-#define IMPLEMENT_CFBR(keysize,cbits) \
-	BLOCK_CIPHER_func_cfb(aes_##keysize,AES,cbits,EVP_AES_KEY,ks) \
-	BLOCK_CIPHER_def_cfb(aes_##keysize,EVP_AES_KEY, \
-			     NID_aes_##keysize, keysize/8, 16, cbits, \
-			     0, aes_init_key, NULL, \
-			     EVP_CIPHER_set_asn1_iv, \
-			     EVP_CIPHER_get_asn1_iv, \
-			     NULL)
+#define IMPLEMENT_AES_CFBR(ksize,cbits)	IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16)
 
-IMPLEMENT_CFBR(128,1)
-IMPLEMENT_CFBR(192,1)
-IMPLEMENT_CFBR(256,1)
+IMPLEMENT_AES_CFBR(128,1)
+IMPLEMENT_AES_CFBR(192,1)
+IMPLEMENT_AES_CFBR(256,1)
 
-IMPLEMENT_CFBR(128,8)
-IMPLEMENT_CFBR(192,8)
-IMPLEMENT_CFBR(256,8)
+IMPLEMENT_AES_CFBR(128,8)
+IMPLEMENT_AES_CFBR(192,8)
+IMPLEMENT_AES_CFBR(256,8)
 
 static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 		   const unsigned char *iv, int enc)
diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
index f7d4d619bc..0b05c11611 100644
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -93,19 +93,55 @@ static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 }
 
 static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			  const unsigned char *in, unsigned int inl)
+			    const unsigned char *in, unsigned int inl)
 {
 	DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
 			  (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
 	return 1;
 }
 
+/* Although we have a CFB-r implementation for DES, it doesn't pack the right
+   way, so wrap it here */
+static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+			   const unsigned char *in, unsigned int inl)
+    {
+    unsigned int n;
+    unsigned char c[1],d[1];
+
+    memset(out,0,(inl+7)/8);
+    for(n=0 ; n < inl ; ++n)
+	{
+	c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
+	DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,
+			ctx->encrypt);
+	out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
+	}
+
+    return 1;
+    }